Merge pull request #20 from spt-development/feature/quality-improvements

Added additional quality gates to build.

Author: SimonTaylor

.github/workflows/build.yml

@@ -7,27 +7,28 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up JDK 21
         uses: oracle-actions/setup-java@v1
         with:
           website: jdk.java.net
           release: 21
-
-      - name: Build with Maven
-        run: mvn clean install -B
-
-      - name: Mutation testing
-        run: mvn org.pitest:pitest-maven:mutationCoverage -B
+      - run: ./mvnw clean install -Pall-quality-gates -B
 
   release:
     runs-on: ubuntu-latest
     needs: build
     if: github.ref == 'refs/heads/main'
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up JDK 21
         uses: oracle-actions/setup-java@v1
@@ -36,7 +37,7 @@ jobs:
           release: 21
 
       - name: Determine version
-        run: echo "POM_VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec | sed -e 's/-SNAPSHOT//')" >> $GITHUB_ENV
+        run: echo "POM_VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec | sed -e 's/-SNAPSHOT//')" >> $GITHUB_ENV
 
       - name: Import GPG key
         id: import_gpg
@@ -51,7 +52,7 @@ jobs:
           git config user.name "GitHub Actions"
 
       - name: Create release
-        run: mvn --settings .github/maven-settings.xml release:prepare release:perform -DskipTests -Prelease -B
+        run: ./mvnw --settings .github/maven-settings.xml release:prepare release:perform -DskipTests -Prelease -B
         env:
           OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
@@ -66,4 +67,5 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ env.POM_VERSION }}
           artifacts: target/spt-development-logging-spring-${{ env.POM_VERSION }}.jar
-          artifactContentType: application/java-archive
+          artifactContentType: application/java-archive
+          bodyFile: documentation/releases/release-${{ env.POM_VERSION }}.md

.github/workflows/latest-versions.yml

@@ -0,0 +1,17 @@
+name: Latest Versions Check
+
+on: [pull_request]
+
+jobs:
+  versions:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: oracle-actions/setup-java@v1
+        with:
+          website: jdk.java.net
+          release: 21
+      - run: ./mvnw clean versions:update-properties scm:check-local-modification -U -B

.github/workflows/owasp.yml

@@ -0,0 +1,17 @@
+name: OWASP Dependency Check
+
+on: [pull_request]
+
+jobs:
+  owasp:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: oracle-actions/setup-java@v1
+        with:
+          website: jdk.java.net
+          release: 21
+      - run: ./mvnw clean dependency-check:check -B

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.4/apache-maven-3.9.4-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar

README.md

@@ -48,7 +48,7 @@ Building locally
 To build the library, run the following maven command:
 
 ```shell
-$ mvn clean install
+$ ./mvnw clean install
 ```
 
 Release

config/checkstyle/google_checks_suppressions.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<!DOCTYPE suppressions PUBLIC
+        "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+        "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<suppressions>
+    <!-- Fully Suppressed Rules (all projects) -->
+    <suppress checks="CustomImportOrder" files="." />
+    <suppress checks="OverloadMethodsDeclarationOrder" files="." />
+
+    <!-- Fully Suppressed Rules (non-library projects only) -->
+    <suppress checks="MissingJavadocType" files="." />
+    <suppress checks="MissingJavadocMethod" files="." />
+
+    <!-- Rules Replaced by spt_checks.xml -->
+    <suppress checks="Indentation" files="." />
+    <suppress checks="LineLength" files="." />
+</suppressions>

config/checkstyle/spt_checks.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0"?>
+<!DOCTYPE module PUBLIC
+        "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+        "https://checkstyle.org/dtds/configuration_1_3.dtd">
+
+<!--
+     Used in conjunction with google_checks_suppressions.xml to override
+     https://github.com/checkstyle/checkstyle/blob/master/src/main/resources/google_checks.xml
+     default rules. See
+     https://stackoverflow.com/questions/63953276/maven-checkstyle-plugin-with-google-checks-and-4-space-indentsize
+     for more info.
+
+     Also adds in additional rules, such as CyclomaticComplexity checks.
+ -->
+<module name = "Checker">
+    <!-- Overrides -->
+    <module name="LineLength">
+        <property name="fileExtensions" value="java"/>
+        <property name="max" value="150"/>
+        <property name="ignorePattern" value="^package.*|^import.*|a href|href|http://|https://|ftp://|@ApiModelProperty| class .*"/>
+    </module>
+
+    <module name="TreeWalker">
+        <!-- Overrides -->
+        <module name="Indentation">
+            <property name="basicOffset" value="4"/>
+            <property name="braceAdjustment" value="0"/>
+            <property name="caseIndent" value="4"/>
+            <property name="throwsIndent" value="4"/>
+            <property name="lineWrappingIndentation" value="4"/>
+            <property name="arrayInitIndent" value="8"/>
+        </module>
+
+        <!-- SPT Specific rules -->
+
+        <!-- SPT Custom -->
+        <module name="MatchXpath">
+            <property name="query" value="//VARIABLE_DEF/TYPE/IDENT[@text='var']"/>
+            <message key="matchxpath.match" value="The `var` keyword should be avoided to keep the code easier to understand"/>
+        </module>
+
+        <!-- Coding: https://checkstyle.sourceforge.io/checks/coding/index.html -->
+        <module name="DeclarationOrder" />
+        <module name="FinalLocalVariable" />
+        <module name="IllegalThrows" />
+        <module name="MagicNumber" />
+        <module name="NestedForDepth" />
+        <module name="NestedIfDepth" />
+        <module name="NestedTryDepth" />
+        <module name="ParameterAssignment" />
+
+        <!-- Imports: https://checkstyle.sourceforge.io/checks/imports/index.html -->
+        <module name="IllegalImport" />
+        <module name="RedundantImport" />
+        <module name="UnusedImports" />
+
+        <!-- Miscellaneous: https://checkstyle.sourceforge.io/checks/misc/todocomment.html -->
+        <module name="TodoComment">
+            <property name="format" value="(TODO)|(FIXME)" />
+        </module>
+
+        <!-- Modifiers: https://checkstyle.sourceforge.io/checks/modifier/index.html -->
+        <module name="RedundantModifier" />
+
+        <!-- Naming Conventions: https://checkstyle.sourceforge.io/checks/naming/index.html -->
+        <module name="CatchParameterName" />
+        <module name="ConstantName" />
+
+        <!-- Size violations: https://checkstyle.sourceforge.io/checks/sizes/index.html -->
+        <module name="ParameterNumber">
+            <property name="max" value="10"/>
+            <property name="tokens" value="CTOR_DEF"/>
+        </module>
+        <module name="ParameterNumber">
+            <property name="max" value="5"/>
+            <property name="tokens" value="METHOD_DEF"/>
+        </module>
+    </module>
+</module>

config/checkstyle/spt_checks_suppressions.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<!DOCTYPE suppressions PUBLIC
+        "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+        "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+<suppressions>
+    <!-- Allow Logger aspect methods to throw Throwable -->
+    <suppress checks="IllegalThrows" files="src[\\/]main[\\/]java[\\/]com[\\/]spt[\\/]development[\\/]logging[\\/]spring[\\/]LoggerAspect.java" />
+    <suppress checks="IllegalThrows" files="src[\\/]main[\\/]java[\\/]com[\\/]spt[\\/]development[\\/]logging[\\/]spring[\\/](JmsListener|RestController|Repository|Service)Logger.java" />
+</suppressions>

findbugs-exclude.xml renamed to config/findbugs/findbugs-exclude.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>