From 176f6e292584a417291f7649b56a14765e89de8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Sep 2025 08:11:33 +0000 Subject: [PATCH 01/15] Bump org.jvnet.hudson.plugins:analysis-pom Bumps [org.jvnet.hudson.plugins:analysis-pom](https://github.com/jenkinsci/analysis-pom-plugin) from 11.2794.veb_b_8d02f3648 to 11.2812.vde3e22ec61c7. - [Release notes](https://github.com/jenkinsci/analysis-pom-plugin/releases) - [Changelog](https://github.com/jenkinsci/analysis-pom-plugin/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkinsci/analysis-pom-plugin/commits/11.2812.vde3e22ec61c7) --- updated-dependencies: - dependency-name: org.jvnet.hudson.plugins:analysis-pom dependency-version: 11.2812.vde3e22ec61c7 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9cf7c30a..c0cc54ef 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.jvnet.hudson.plugins analysis-pom - 11.2794.veb_b_8d02f3648 + 11.2812.vde3e22ec61c7 From a4201e056b62c9978ca2633704ea4c0e98cb5ed0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 10:17:29 +0000 Subject: [PATCH 02/15] Bump github/codeql-action from 3 to 4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 640de6af..c8061253 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: maven-version: 3.9.11 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} queries: +security-and-quality @@ -47,7 +47,7 @@ jobs: run: mvn -V --color always -ntp clean verify -Pskip - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: upload: false output: sarif-results @@ -62,6 +62,6 @@ jobs: output: sarif-results/${{ matrix.language }}.sarif - name: Upload SARIF results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: sarif-results/${{ matrix.language }}.sarif From b2a2de28d491514076baf300bc4c94ac17fd2659 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 10:17:40 +0000 Subject: [PATCH 03/15] Bump org.jenkins-ci.main:jenkins-core from 2.529 to 2.531 Bumps [org.jenkins-ci.main:jenkins-core](https://github.com/jenkinsci/jenkins) from 2.529 to 2.531. - [Release notes](https://github.com/jenkinsci/jenkins/releases) - [Commits](https://github.com/jenkinsci/jenkins/compare/jenkins-2.529...jenkins-2.531) --- updated-dependencies: - dependency-name: org.jenkins-ci.main:jenkins-core dependency-version: '2.531' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- ui-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-tests/pom.xml b/ui-tests/pom.xml index e5fb6baa..9fe4b57e 100644 --- a/ui-tests/pom.xml +++ b/ui-tests/pom.xml @@ -16,7 +16,7 @@ UI Tests of Code Coverage Plugin - 2.529 + 2.531 3.1762.vd3ff902a_5b_c4 2.3 4.1.1 From f15cf080a9649c1fbb176fd9e99aa64e31d8fd06 Mon Sep 17 00:00:00 2001 From: Ulli Hafner Date: Wed, 8 Oct 2025 12:25:26 +0200 Subject: [PATCH 04/15] Do not upload the code coverage reports to CodeCov anymore We have all results in Jenkins or the quality monitor now. --- .github/workflows/coverage.yml | 35 ---------------------------------- 1 file changed, 35 deletions(-) delete mode 100644 .github/workflows/coverage.yml diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index 92077b74..00000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: 'CodeCov' - -on: - push: - branches: - - main - pull_request: - -jobs: - coverage: - - runs-on: ubuntu-latest - name: Create and upload coverage report - - steps: - - uses: actions/checkout@v5 - - name: Set up JDK 21 - uses: actions/setup-java@v5 - with: - distribution: 'temurin' - java-version: '21' - check-latest: true - cache: 'maven' - - name: Set up Maven - uses: stCarolas/setup-maven@v5 - with: - maven-version: 3.9.11 - - name: Generate coverage with JaCoCo - run: mvn -V --color always -ntp clean verify -Pci - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5.5.1 - with: - file: 'target/site/jacoco/jacoco.xml' - disable_search: true - token: ${{secrets.CODECOV_TOKEN}} From 5e5954b5ec4ed8e1f74dd4ee0dd711324dc05dca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 08:10:40 +0000 Subject: [PATCH 05/15] Bump org.jvnet.hudson.plugins:analysis-pom Bumps [org.jvnet.hudson.plugins:analysis-pom](https://github.com/jenkinsci/analysis-pom-plugin) from 11.2812.vde3e22ec61c7 to 11.2824.v933a_cd41a_8e2. - [Release notes](https://github.com/jenkinsci/analysis-pom-plugin/releases) - [Changelog](https://github.com/jenkinsci/analysis-pom-plugin/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkinsci/analysis-pom-plugin/commits) --- updated-dependencies: - dependency-name: org.jvnet.hudson.plugins:analysis-pom dependency-version: 11.2824.v933a_cd41a_8e2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c0cc54ef..4b8d4e86 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.jvnet.hudson.plugins analysis-pom - 11.2812.vde3e22ec61c7 + 11.2824.v933a_cd41a_8e2 From 79dac75f4234c630df434bf61e02c4d6784f0d42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 08:25:52 +0000 Subject: [PATCH 06/15] Bump edu.hm.hafner:coverage-model from 0.56.0 to 0.57.0 Bumps [edu.hm.hafner:coverage-model](https://github.com/jenkinsci/coverage-model) from 0.56.0 to 0.57.0. - [Release notes](https://github.com/jenkinsci/coverage-model/releases) - [Changelog](https://github.com/jenkinsci/coverage-model/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkinsci/coverage-model/compare/v0.56.0...v0.57.0) --- updated-dependencies: - dependency-name: edu.hm.hafner:coverage-model dependency-version: 0.57.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- plugin/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/pom.xml b/plugin/pom.xml index e1b0c3f6..fbb3fcae 100644 --- a/plugin/pom.xml +++ b/plugin/pom.xml @@ -35,7 +35,7 @@ false - 0.56.0 + 0.57.0 2.10.4 From e75e360c9fdb0fdbee923397b0b239b8d20d5db3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 08:27:08 +0000 Subject: [PATCH 07/15] Bump json-unit-assertj.version from 4.1.1 to 5.0.0 Bumps `json-unit-assertj.version` from 4.1.1 to 5.0.0. Updates `net.javacrumbs.json-unit:json-unit-assertj` from 4.1.1 to 5.0.0 - [Changelog](https://github.com/lukas-krecan/JsonUnit/blob/master/RELEASES.md) - [Commits](https://github.com/lukas-krecan/JsonUnit/compare/json-unit-parent-4.1.1...json-unit-parent-5.0.0) Updates `net.javacrumbs.json-unit:json-unit-json-path` from 4.1.1 to 5.0.0 - [Changelog](https://github.com/lukas-krecan/JsonUnit/blob/master/RELEASES.md) - [Commits](https://github.com/lukas-krecan/JsonUnit/compare/json-unit-parent-4.1.1...json-unit-parent-5.0.0) --- updated-dependencies: - dependency-name: net.javacrumbs.json-unit:json-unit-assertj dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: net.javacrumbs.json-unit:json-unit-json-path dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- ui-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-tests/pom.xml b/ui-tests/pom.xml index 9fe4b57e..942055ae 100644 --- a/ui-tests/pom.xml +++ b/ui-tests/pom.xml @@ -19,7 +19,7 @@ 2.531 3.1762.vd3ff902a_5b_c4 2.3 - 4.1.1 + 5.0.0 ${project.groupId}.code.coverage.api.ui.tests From 2ccbf645f198cd25f101084cb9fdcc9e98de317f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 08:27:53 +0000 Subject: [PATCH 08/15] Bump org.jenkins-ci:acceptance-test-harness Bumps [org.jenkins-ci:acceptance-test-harness](https://github.com/jenkinsci/acceptance-test-harness) from 6361.vcb_036a_7ffb_a_5 to 6388.v40780b_42e87e. - [Release notes](https://github.com/jenkinsci/acceptance-test-harness/releases) - [Commits](https://github.com/jenkinsci/acceptance-test-harness/commits) --- updated-dependencies: - dependency-name: org.jenkins-ci:acceptance-test-harness dependency-version: 6388.v40780b_42e87e dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- ui-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-tests/pom.xml b/ui-tests/pom.xml index 9fe4b57e..5588a46c 100644 --- a/ui-tests/pom.xml +++ b/ui-tests/pom.xml @@ -48,7 +48,7 @@ org.jenkins-ci acceptance-test-harness - 6361.vcb_036a_7ffb_a_5 + 6388.v40780b_42e87e com.fasterxml.jackson.core From 91e09b8a1714abda7ebc76487faa798290ea1c9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Oct 2025 08:11:54 +0000 Subject: [PATCH 09/15] Bump org.jenkins-ci.main:jenkins-core from 2.531 to 2.532 Bumps [org.jenkins-ci.main:jenkins-core](https://github.com/jenkinsci/jenkins) from 2.531 to 2.532. - [Release notes](https://github.com/jenkinsci/jenkins/releases) - [Commits](https://github.com/jenkinsci/jenkins/compare/jenkins-2.531...jenkins-2.532) --- updated-dependencies: - dependency-name: org.jenkins-ci.main:jenkins-core dependency-version: '2.532' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- ui-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-tests/pom.xml b/ui-tests/pom.xml index d1811260..185e0b25 100644 --- a/ui-tests/pom.xml +++ b/ui-tests/pom.xml @@ -16,7 +16,7 @@ UI Tests of Code Coverage Plugin - 2.531 + 2.532 3.1762.vd3ff902a_5b_c4 2.3 5.0.0 From a96a71b15d57d285e1d6d11b3d282d6f622ff758 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Oct 2025 08:08:23 +0000 Subject: [PATCH 10/15] Bump umbrelladocs/action-linkspector from 1.3.7 to 1.4.0 Bumps [umbrelladocs/action-linkspector](https://github.com/umbrelladocs/action-linkspector) from 1.3.7 to 1.4.0. - [Release notes](https://github.com/umbrelladocs/action-linkspector/releases) - [Commits](https://github.com/umbrelladocs/action-linkspector/compare/v1.3.7...v1.4.0) --- updated-dependencies: - dependency-name: umbrelladocs/action-linkspector dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/check-md-links.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-md-links.yml b/.github/workflows/check-md-links.yml index 507ba58d..016aa167 100644 --- a/.github/workflows/check-md-links.yml +++ b/.github/workflows/check-md-links.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v5 - - uses: umbrelladocs/action-linkspector@v1.3.7 + - uses: umbrelladocs/action-linkspector@v1.4.0 with: github_token: ${{ secrets.github_token }} reporter: github-pr-check From 12dcda814c872a0f7dffa2d2c36f223f8c0bc70f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Oct 2025 08:09:04 +0000 Subject: [PATCH 11/15] Bump io.netty:netty-bom from 4.2.6.Final to 4.2.7.Final Bumps [io.netty:netty-bom](https://github.com/netty/netty) from 4.2.6.Final to 4.2.7.Final. - [Commits](https://github.com/netty/netty/compare/netty-4.2.6.Final...netty-4.2.7.Final) --- updated-dependencies: - dependency-name: io.netty:netty-bom dependency-version: 4.2.7.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- ui-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui-tests/pom.xml b/ui-tests/pom.xml index d1811260..7d061fdb 100644 --- a/ui-tests/pom.xml +++ b/ui-tests/pom.xml @@ -37,7 +37,7 @@ io.netty netty-bom - 4.2.6.Final + 4.2.7.Final pom import From aa03b59f646b95a5653c678ab75eb48e3e0dff0f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 08:12:16 +0000 Subject: [PATCH 12/15] Bump org.jvnet.hudson.plugins:analysis-pom Bumps [org.jvnet.hudson.plugins:analysis-pom](https://github.com/jenkinsci/analysis-pom-plugin) from 11.2824.v933a_cd41a_8e2 to 11.2852.v88a_36fe3230d. - [Release notes](https://github.com/jenkinsci/analysis-pom-plugin/releases) - [Changelog](https://github.com/jenkinsci/analysis-pom-plugin/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkinsci/analysis-pom-plugin/commits) --- updated-dependencies: - dependency-name: org.jvnet.hudson.plugins:analysis-pom dependency-version: 11.2852.v88a_36fe3230d dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4b8d4e86..48291b3c 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.jvnet.hudson.plugins analysis-pom - 11.2824.v933a_cd41a_8e2 + 11.2852.v88a_36fe3230d From 66279bea07d31d5226662cb39b64982e5ca4e28e Mon Sep 17 00:00:00 2001 From: Ulli Hafner Date: Tue, 21 Oct 2025 14:36:32 +0200 Subject: [PATCH 13/15] Split quality monitor into 2 separate actions --- .github/quality-gates.json | 32 ++++ .github/quality-monitor.json | 145 ++++++++++++++ .github/workflows/quality-monitor-build.yml | 59 ++++++ .github/workflows/quality-monitor-comment.yml | 52 +++++ .github/workflows/quality-monitor-jenkins.yml | 180 ------------------ 5 files changed, 288 insertions(+), 180 deletions(-) create mode 100644 .github/quality-gates.json create mode 100644 .github/quality-monitor.json create mode 100644 .github/workflows/quality-monitor-build.yml create mode 100644 .github/workflows/quality-monitor-comment.yml delete mode 100644 .github/workflows/quality-monitor-jenkins.yml diff --git a/.github/quality-gates.json b/.github/quality-gates.json new file mode 100644 index 00000000..ad7c3cc5 --- /dev/null +++ b/.github/quality-gates.json @@ -0,0 +1,32 @@ +{ + "qualityGates": [ + { + "metric": "tests-success-rate", + "name": "Tests Success Rate", + "threshold": 100.0, + "criticality": "FAILURE" + }, + { + "metric": "line", + "threshold": 80.0, + "criticality": "UNSTABLE" + }, + { + "metric": "branch", + "threshold": 80.0, + "criticality": "UNSTABLE" + }, + { + "metric": "bugs", + "name": "Potential Bugs", + "threshold": 0.0, + "criticality": "FAILURE" + }, + { + "metric": "style", + "name": "Style Violations", + "threshold": 0.0, + "criticality": "FAILURE" + } + ] +} diff --git a/.github/quality-monitor.json b/.github/quality-monitor.json new file mode 100644 index 00000000..7e675b46 --- /dev/null +++ b/.github/quality-monitor.json @@ -0,0 +1,145 @@ +{ + "tests": { + "name": "Tests", + "tools": [ + { + "id": "junit", + "name": "Unit Tests", + "pattern": "**/target/surefire-reports/TEST*data*.xml" + }, + { + "id": "junit", + "icon": "rocket", + "name": "Integration Tests", + "pattern": "**/target/failsafe-reports/TEST*.xml" + }, + { + "id": "junit", + "icon": "no_entry", + "name": "Architecture Tests", + "pattern": "**/target/surefire-reports/TEST*archunit*.xml" + } + ] + }, + "analysis": [ + { + "name": "Style", + "id": "style", + "tools": [ + { + "id": "checkstyle", + "pattern": "**/target/**checkstyle-result.xml" + }, + { + "id": "pmd", + "pattern": "**/target/pmd-*/pmd.xml" + }, + { + "id": "java", + "icon": "coffee", + "pattern": "**/maven.log" + } + ] + }, + { + "name": "Bugs", + "id": "bugs", + "icon": "bug", + "tools": [ + { + "id": "spotbugs", + "sourcePath": "src/main/java", + "pattern": "**/target/spotbugsXml.xml" + }, + { + "id": "error-prone", + "pattern": "**/maven.log" + } + ] + }, + { + "name": "API Problems", + "id": "api", + "icon": "no_entry_sign", + "tools": [ + { + "id": "revapi", + "sourcePath": "src/main/java", + "pattern": "**/target/revapi-result.json" + } + ] + }, + { + "name": "Vulnerabilities", + "id": "vulnerabilities", + "icon": "shield", + "tools": [ + { + "icon": "shield", + "id": "owasp-dependency-check", + "icon": "shield", + "pattern": "**/target/dependency-check-report.json" + } + ] + } + ], + "coverage": [ + { + "name": "Code Coverage", + "tools": [ + { + "id": "jacoco", + "metric": "line", + "sourcePath": "src/main/java", + "pattern": "**/target/site/jacoco/jacoco.xml" + }, + { + "id": "jacoco", + "metric": "branch", + "sourcePath": "src/main/java", + "pattern": "**/target/site/jacoco/jacoco.xml" + } + ] + } + ], + "metrics": { + "name": "Software Metrics", + "tools": [ + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "CYCLOMATIC_COMPLEXITY" + }, + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "COGNITIVE_COMPLEXITY" + }, + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "NPATH_COMPLEXITY" + }, + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "LOC" + }, + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "NCSS" + }, + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "COHESION" + }, + { + "id": "metrics", + "pattern": "**/metrics/pmd.xml", + "metric": "WEIGHT_OF_CLASS" + } + ] + } +} diff --git a/.github/workflows/quality-monitor-build.yml b/.github/workflows/quality-monitor-build.yml new file mode 100644 index 00000000..c4d695a6 --- /dev/null +++ b/.github/workflows/quality-monitor-build.yml @@ -0,0 +1,59 @@ +name: 'Quality Monitor Build' + +on: + pull_request: + +jobs: + build: + runs-on: [ubuntu-latest] + name: Create quality reports + + steps: + - name: Checkout PR + uses: actions/checkout@v5 + - name: Set up JDK 21 + uses: actions/setup-java@v5 + with: + distribution: 'temurin' + java-version: 21 + check-latest: true + cache: 'maven' + - name: Set up Maven + uses: stCarolas/setup-maven@v5 + with: + maven-version: 3.9.11 + - name: Cache the NVD database + uses: actions/cache@v4 + with: + path: ~/.m2/repository/org/owasp/dependency-check-data + key: dependency-check + - name: Check if quality monitor reports mutation coverage + run: | + FILE='.github/quality-monitor.json' + PATTERN='target/pit-reports/mutations.xml' + if [ -f "$FILE" ]; then + if grep -q "$PATTERN" "$FILE"; then + echo "PIT=-Ppit" >> "$GITHUB_ENV" + fi + fi + - name: Build with Maven + env: + NVD_API_KEY: ${{ secrets.NVD_API_KEY }} + OSS_INDEX_TOKEN: ${{ secrets.OSS_INDEX_TOKEN }} + PIT: ${{ env.PIT }} + BROWSER: chrome-container + run: | + mvn -V --color always -ntp clean verify $PIT -Pci -Powasp | tee maven.log + if [ "${PIPESTATUS[0]}" != "0" ]; then + exit 1; + fi + mv -fv maven.log target/maven.log + - name: Upload Quality Reports + uses: actions/upload-artifact@v4 + with: + name: quality-reports + path: | + **/target/**/*.json + **/target/**/*.xml + **/target/**/*.log + diff --git a/.github/workflows/quality-monitor-comment.yml b/.github/workflows/quality-monitor-comment.yml new file mode 100644 index 00000000..648b197d --- /dev/null +++ b/.github/workflows/quality-monitor-comment.yml @@ -0,0 +1,52 @@ +name: 'Quality Monitor Comment' + +on: + workflow_run: + workflows: [ "Quality Monitor Build" ] + types: [ completed ] + +permissions: + actions: read + contents: read + pull-requests: write + checks: write + +jobs: + comment: + if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' }} + runs-on: ubuntu-latest + name: Comment on PR + + steps: + - name: Extract PR number and SHA + id: pr + run: | + pr_number='${{ github.event.workflow_run.pull_requests[0].number }}' + echo "number=$pr_number" >> "$GITHUB_OUTPUT" + sha='${{ github.event.workflow_run.head_sha }}' + echo "sha=$sha" >> "$GITHUB_OUTPUT" + - name: Checkout PR + uses: actions/checkout@v5 + with: + ref: ${{ steps.pr.outputs.sha }} + - name: Download PR Quality Reports from Quality Monitor Build workflow + uses: dawidd6/action-download-artifact@v11 + with: + run_id: ${{ github.event.workflow_run.id }} + name: quality-reports + - name: Read Quality Monitor Configuration + id: quality-monitor + run: echo "json=$(jq -c . .github/quality-monitor.json)" >> "$GITHUB_OUTPUT" + - name: Read Quality Gates Configuration + id: quality-gates + run: echo "json=$(jq -c . .github/quality-gates.json)" >> "$GITHUB_OUTPUT" + - name: Run Quality Monitor and Comment on PR + uses: uhafner/quality-monitor@v3 + with: + sha: ${{ steps.pr.outputs.sha }} + config: ${{ steps.quality-monitor.outputs.json }} + quality-gates: ${{ steps.quality-gates.outputs.json }} + pr-number: ${{ steps.pr.outputs.number }} + comments-strategy: REMOVE + show-headers: true + title-metric: none diff --git a/.github/workflows/quality-monitor-jenkins.yml b/.github/workflows/quality-monitor-jenkins.yml deleted file mode 100644 index 934338f1..00000000 --- a/.github/workflows/quality-monitor-jenkins.yml +++ /dev/null @@ -1,180 +0,0 @@ -name: 'Quality Monitor PR' - -on: - pull_request_target: - -jobs: - build: - - runs-on: [ubuntu-latest] - name: Build, test and monitor quality on Ubuntu - - steps: - - name: 'Checkout merge commit' - uses: actions/checkout@v5 - with: - ref: "${{ github.event.pull_request.merge_commit_sha }}" - if: github.event.pull_request.merge_commit_sha != '' - - name: 'Checkout PR head commit' - uses: actions/checkout@v5 - with: - ref: "${{ github.event.pull_request.head.sha }}" - if: github.event.pull_request.merge_commit_sha == '' - - name: Set up JDK 21 - uses: actions/setup-java@v5 - with: - distribution: 'temurin' - java-version: 21 - check-latest: true - cache: 'maven' - - name: Set up Maven - uses: stCarolas/setup-maven@v5 - with: - maven-version: 3.9.11 - - name: Cache the NVD database - uses: actions/cache@v4 - with: - path: ~/.m2/repository/org/owasp/dependency-check-data - key: dependency-check - - name: Build with Maven - env: - BROWSER: chrome-container - NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - run: | - mvn -V --color always -ntp clean verify -Pci -Powasp | tee maven.log - if [ "${PIPESTATUS[0]}" != "0" ]; then - exit 1; - fi - - name: Extract pull request number - uses: jwalton/gh-find-current-pr@v1 - id: pr - - name: Run Quality Monitor - uses: uhafner/quality-monitor@v3 - with: - pr-number: ${{ steps.pr.outputs.number }} - show-headers: true - config: > - { - "tests": { - "name": "Tests", - "tools": [ - { - "id": "junit", - "name": "Unit Tests", - "pattern": "**/target/surefire-reports/TEST*metrics*.xml" - }, - { - "id": "junit", - "icon": "rocket", - "name": "Integration Tests", - "pattern": "**/target/failsafe-reports/TEST*.xml" - }, - { - "id": "junit", - "icon": "no_entry", - "name": "Architecture Tests", - "pattern": "**/target/surefire-reports/TEST*archunit*.xml" - } - ] - }, - "analysis": [ - { - "name": "Style", - "id": "style", - "tools": [ - { - "id": "checkstyle", - "pattern": "**/target/checkstyle-*/checkstyle-result.xml" - }, - { - "id": "pmd", - "pattern": "**/target/pmd-*/pmd.xml" - } - ] - }, - { - "name": "Bugs", - "id": "bugs", - "icon": "bug", - "tools": [ - { - "id": "spotbugs", - "sourcePath": "src/main/java", - "pattern": "**/target/spotbugsXml.xml" - } - ] - }, - { - "name": "Vulnerabilities", - "id": "vulnerabilities", - "icon": "shield", - "tools": [ - { - "id": "owasp-dependency-check", - "icon": "shield", - "pattern": "**/target/dependency-check-report.json" - } - ] - } - ], - "coverage": [ - { - "name": "Code Coverage", - "tools": [ - { - "id": "jacoco", - "metric": "line", - "sourcePath": "src/main/java", - "pattern": "**/target/site/jacoco/jacoco.xml" - }, - { - "id": "jacoco", - "metric": "branch", - "sourcePath": "src/main/java", - "pattern": "**/target/site/jacoco/jacoco.xml" - } - ] - } - ], - "metrics": - { - "name": "Software Metrics", - "tools": [ - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "CYCLOMATIC_COMPLEXITY" - }, - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "COGNITIVE_COMPLEXITY" - }, - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "NPATH_COMPLEXITY" - }, - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "LOC" - }, - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "NCSS" - }, - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "COHESION" - }, - { - "id": "metrics", - "pattern": "**/metrics/pmd.xml", - "metric": "WEIGHT_OF_CLASS" - } - ] - } - } From bd23335f0f5a53a9af1b6249706d15b568ffd1a5 Mon Sep 17 00:00:00 2001 From: Ulli Hafner Date: Sun, 26 Oct 2025 21:27:56 +0100 Subject: [PATCH 14/15] Adjust quality gates --- .github/quality-monitor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/quality-monitor.json b/.github/quality-monitor.json index 7e675b46..dc5ab863 100644 --- a/.github/quality-monitor.json +++ b/.github/quality-monitor.json @@ -5,7 +5,7 @@ { "id": "junit", "name": "Unit Tests", - "pattern": "**/target/surefire-reports/TEST*data*.xml" + "pattern": "**/target/surefire-reports/TEST*coverage*.xml" }, { "id": "junit", From 2fcaf843345398629f937d72edf754f5e4894520 Mon Sep 17 00:00:00 2001 From: Ulli Hafner Date: Sun, 26 Oct 2025 21:39:21 +0100 Subject: [PATCH 15/15] Adjust quality gates --- .github/quality-gates.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/quality-gates.json b/.github/quality-gates.json index ad7c3cc5..4c5fb98d 100644 --- a/.github/quality-gates.json +++ b/.github/quality-gates.json @@ -8,12 +8,12 @@ }, { "metric": "line", - "threshold": 80.0, + "threshold": 75.0, "criticality": "UNSTABLE" }, { "metric": "branch", - "threshold": 80.0, + "threshold": 65.0, "criticality": "UNSTABLE" }, {