From 9ffd9ea9d838484e765e77a21c997221839a01c3 Mon Sep 17 00:00:00 2001 From: Adam Ruberti Date: Tue, 29 Oct 2024 09:35:55 +0100 Subject: [PATCH] ci: add OpenApi validator and sonar code coverage (#58) --- .github/workflows/maven-build.yml | 44 ++++++++++++++---------- .github/workflows/openapi-validation.yml | 16 +++++++++ .github/workflows/pr.yml | 7 ++-- .github/workflows/release-please.yml | 2 +- .pre-commit-config.yaml | 5 +-- CONTRIBUTING.md | 5 ++- 6 files changed, 51 insertions(+), 28 deletions(-) create mode 100644 .github/workflows/openapi-validation.yml diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 580de80..45ad79e 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -3,6 +3,9 @@ name: maven-build on: push: branches: ['**/**'] + pull_request: + branches: [main] + types: [opened, synchronize, reopened, ready_for_review] jobs: build: runs-on: ubuntu-latest @@ -13,33 +16,34 @@ jobs: COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN }} COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }} GITHUB_TOKEN: ${{ github.token }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} MARKDOWN2HTML_MAVEN_PLUGIN_FAIL_ON_ERROR: true steps: - - name: ๐Ÿ“„ Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: ๐Ÿ“„ Checkout the repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - name: ๐Ÿงฑ Set up JDK and Maven - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: distribution: adopt java-version: 17 gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }} - - name: ๐Ÿ“ Store project version + - name: ๐Ÿ“ Get the project version id: project_version run: echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT - name: ๐Ÿ“ Store cache key id: cache_key run: echo "cache_key=${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}" >> $GITHUB_OUTPUT - - name: ๐Ÿ’พ Prepare Cache + - name: ๐Ÿ’พ Prepare cache using cache key id: prepare-cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | /home/runner/.m2 /home/runner/work key: ${{ steps.cache_key.outputs.cache_key }} - - name: ๐Ÿ”˜ Generate settings.xml + - name: ๐Ÿ”˜ Generate settings.xml for Maven uses: whelk-io/maven-settings-xml-action@9dc09b23833fa9aa7f27b63db287951856f3433d # v22 with: repositories: > @@ -88,8 +92,12 @@ jobs: ] - name: ๐Ÿ”˜ Print settings.xml run: cat /home/runner/.m2/settings.xml - - name: ๐Ÿ“ฆ Build with Maven - run: mvn --batch-mode clean package + - name: ๐Ÿ“ฆ Build with Maven for Pushes + if: github.event_name == 'push' + run: mvn --batch-mode clean package sonar:sonar -Dsonar.branch.name=${{ github.head_ref }} + - name: ๐Ÿ“ฆ Build with Maven for PRs + if: github.event_name == 'pull_request' + run: mvn --batch-mode clean package sonar:sonar -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.pullrequest.branch=${{ github.head_ref }} -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} outputs: project_version: ${{ steps.project_version.outputs.project_version }} cache_key: ${{ steps.cache_key.outputs.cache_key }} @@ -107,20 +115,20 @@ jobs: COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }} steps: - name: ๐Ÿงฑ Set up JDK and Maven - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: distribution: adopt java-version: 17 gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }} - - name: ๐Ÿ’พ Restore Cache + - name: ๐Ÿ’พ Restore cache using cache key id: restore-cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | /home/runner/.m2 /home/runner/work key: ${{ needs.build.outputs.cache_key }} - - name: ๐Ÿ“ฆ Publish to Maven Central + - name: ๐Ÿ“ฆ Deploy artifacts to Maven Central run: mvn --batch-mode -Dmaven.test.skip=true deploy -P gpg-sign -P nexus-staging # Deploy release to GitHub Packages @@ -137,20 +145,20 @@ jobs: GITHUB_TOKEN: ${{ github.token }} steps: - name: ๐Ÿงฑ Set up JDK and Maven - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: distribution: adopt java-version: 17 - - name: ๐Ÿ’พ Restore Cache + - name: ๐Ÿ’พ Restore cache using cache key id: restore-cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | /home/runner/.m2 /home/runner/work key: ${{ needs.build.outputs.cache_key }} - - name: ๐Ÿ“ฆ Publish to GitHub Packages + - name: ๐Ÿ“ฆ Deploy artifacts to GitHub Packages run: mvn --batch-mode -Dmaven.test.skip=true -Dmaven.javadoc.skip=true -Dmaven.source.skip=true deploy -P deploy-github-packages - - name: ๐Ÿ“ฆ Upload assets + - name: ๐Ÿ“ฆ Upload assets to GitHub Release run: |- gh release upload v${{ needs.build.outputs.project_version }} target/*-${{ needs.build.outputs.project_version }}.jar diff --git a/.github/workflows/openapi-validation.yml b/.github/workflows/openapi-validation.yml new file mode 100644 index 0000000..3ed95e9 --- /dev/null +++ b/.github/workflows/openapi-validation.yml @@ -0,0 +1,16 @@ +--- +name: openapi-validate +on: [push] +jobs: + check-openapi-definition: + runs-on: ubuntu-latest + name: Swagger Editor Validator Remote + steps: + - name: ๐Ÿ“„ Checkout the repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 0 + - name: ๐Ÿงช Validate OpenAPI definition + uses: char0n/swagger-editor-validate@fe35d650e9fc674505607519d0d12ab4de5d415d # v1 + with: + definition-file: docs/openapi.json diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 5caa9e0..841ba18 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -10,15 +10,14 @@ jobs: name: Check commit messages runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} fetch-depth: 0 - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: - cache: pip # caching pip dependencies - check-latest: true + python-version: 3.x - run: pip install commitizen - name: Check commit messages run: cz check --rev-range origin/${GITHUB_BASE_REF}.. diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 32c85a1..57493be 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -12,7 +12,7 @@ jobs: steps: - name: release-please id: release - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4 + uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4 with: release-type: maven target-branch: main diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 55fbf4e..15563b7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,18 +21,19 @@ repos: - id: end-of-file-fixer - id: pretty-format-json args: [--autofix, --no-ensure-ascii, '--top-keys=openapi,info,servers,paths,components'] + files: docs/openapi.json - repo: local hooks: - id: sensitive-data-leak-urls name: Sensitive data leak - URLs entry: (?