From c21b2bc05c90a52ff393782a700bfef28ccac3b4 Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 22:28:08 -0400 Subject: [PATCH 1/7] [REFACTOR]: markdownlint fixes. --- .github/ISSUE_TEMPLATE/bug_report.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 17ec244..5922571 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -21,6 +21,7 @@ A clear and concise description of what the bug is. **To Reproduce** Steps to reproduce the behavior: + 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' @@ -33,8 +34,10 @@ A clear and concise description of what you expected to happen. If applicable, add screenshots to help explain your problem. **Desktop (please complete the following information):** - - OS: [e.g. MacOS, Windows, Linux ] - - Version [e.g. 10] + +- OS: [e.g. MacOS, Windows, Linux \] +- Version [e.g. 10] **Additional context** -Add any other context about the problem here. Consider environment variables, IDE (+ version), framework version, runtime version, command and parameters of execution. +Add any other context about the problem here. Consider environment variables, +IDE (+ version), framework version, runtime version, command and parameters of execution. From 3483134decef101883f475b51c95cb1e0faff61a Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 22:46:18 -0400 Subject: [PATCH 2/7] [CONFIG]: markdownlint config fixed. --- .markdownlint.yaml | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 8a6b941..372a750 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,6 +1,5 @@ ---- - # yamllint disable rule:line-length +--- # Example markdownlint configuration with all properties set to their default value @@ -21,12 +20,12 @@ MD002: # MD003/heading-style/header-style - Heading style MD003: # Heading style - style: consistent + style: "consistent" # MD004/ul-style - Unordered list style MD004: # List style - style: consistent + style: "consistent" # MD005/list-indent - Inconsistent indentation for list items at the same level MD005: true @@ -83,8 +82,6 @@ MD013: tables: true # Include headings headings: true - # Include headings - headers: true # Strict length checking strict: false # Stern length checking @@ -117,8 +114,6 @@ MD023: true # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content MD024: - # Only check sibling headings - allow_different_nesting: false # Only check sibling headings siblings_only: false @@ -127,12 +122,12 @@ MD025: # Heading level level: 1 # RegExp for matching title in front matter - front_matter_title: ^\\s*title\\s*[:=] + front_matter_title: "^\\s*title\\s*[:=]" # MD026/no-trailing-punctuation - Trailing punctuation in heading MD026: # Punctuation characters not allowed at end of headings - punctuation: .,;:!。,;:! + punctuation: ".,;:!。,;:!" # MD027/no-multiple-space-blockquote - Multiple spaces after blockquote symbol MD027: true @@ -143,7 +138,7 @@ MD028: true # MD029/ol-prefix - Ordered list item prefix MD029: # List style - style: one_or_ordered + style: "one_or_ordered" # MD030/list-marker-space - Spaces after list markers MD030: @@ -175,12 +170,12 @@ MD034: true # MD035/hr-style - Horizontal rule style MD035: # Horizontal rule style - style: consistent + style: "consistent" # MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading MD036: # Punctuation characters - punctuation: .,;:!?。,;:!? + punctuation: ".,;:!?。,;:!?" # MD037/no-space-in-emphasis - Spaces inside emphasis markers MD037: true @@ -203,7 +198,7 @@ MD041: # Heading level level: 1 # RegExp for matching title in front matter - front_matter_title: ^\\s*title\\s*[:=] + front_matter_title: "^\\s*title\\s*[:=]" # MD042/no-empty-links - No empty links MD042: true @@ -211,9 +206,9 @@ MD042: true # MD043/required-headings/required-headers - Required heading structure MD043: # List of headings - headings: ["*"] - # List of headings - headers: [] + headings: [ + "*" + ] # Match case of headings match_case: false @@ -232,7 +227,7 @@ MD045: true # MD046/code-block-style - Code block style MD046: # Block style - style: consistent + style: "consistent" # MD047/single-trailing-newline - Files should end with a single newline character MD047: true @@ -240,17 +235,17 @@ MD047: true # MD048/code-fence-style - Code fence style MD048: # Code fence style - style: consistent + style: "consistent" # MD049/emphasis-style - Emphasis style should be consistent MD049: # Emphasis style should be consistent - style: consistent + style: "consistent" # MD050/strong-style - Strong style should be consistent MD050: # Strong style should be consistent - style: consistent + style: "consistent" # MD051/link-fragments - Link fragments should be valid MD051: true @@ -262,6 +257,6 @@ MD052: true MD053: # Ignored definitions ignored_definitions: - - // + - "//" # yamllint enable rule:line-length From 9f57bc3fbdb266619b14fa6a4d86d15c2d019bcf Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 23:04:38 -0400 Subject: [PATCH 3/7] [BUGFIX] [REFACTOR] [CONFIG] [Docker] lint stage: - yamllint config needs .gitignore --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 638529f..1f0a9e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,6 +44,7 @@ COPY ./.markdownlint.yaml ${WORKDIR}/ # yamllint conf COPY ./.yamllint ${WORKDIR}/ COPY ./.yamlignore ${WORKDIR}/ +COPY ./.gitignore ${WORKDIR}/ CMD ["make", "lint"] From 60452401f6b0ff0d6308eb92310b13ca581d85b0 Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 23:09:42 -0400 Subject: [PATCH 4/7] [CONFIG] [Docker] JDK base runtime upgraded to 22. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1f0a9e5..c618f5f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ############################################################################### -FROM gradle:8.8.0-jdk21-alpine AS base +FROM gradle:8.8.0-jdk22-alpine AS base ENV WORKDIR=/app WORKDIR ${WORKDIR} From b62a3346418721bee9afe43a93326c843a4e8fa8 Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 23:11:32 -0400 Subject: [PATCH 5/7] [CONFIG] [Gihub Actions] Docker running in splitted jobs. --- .github/workflows/docker-image.yml | 177 +++++++++++++++++++++++++---- 1 file changed, 155 insertions(+), 22 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 45c681f..7c6fe1f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -8,30 +8,127 @@ on: # yamllint disable-line rule:truthy pull_request: branches: ["main"] -permissions: read-all +env: + IMAGE_NAME: algorithm-exercises-java + ARTIFACT_NAME: algorithm-exercises-java_${{ github.sha }} jobs: build: - name: Build & Test in Docker + name: "Build Docker images" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: "LINT: Build and push" + uses: docker/build-push-action@v6 + with: + context: . + target: lint + outputs: | + type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_lint.tar + tags: | + ${{ env.IMAGE_NAME }}:lint + - name: "LINT: Upload artifact" + uses: actions/upload-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_lint + path: /tmp/${{ env.ARTIFACT_NAME }}_lint.tar + + - name: "TEST: Build and push" + uses: docker/build-push-action@v6 + with: + context: . + target: testing + outputs: | + type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_test.tar + tags: | + ${{ env.IMAGE_NAME }}:test + - name: "TEST: Upload artifact" + uses: actions/upload-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_test + path: /tmp/${{ env.ARTIFACT_NAME }}_test.tar + - name: "PRODUCTION: Build and push" + uses: docker/build-push-action@v6 + with: + context: . + target: production + outputs: | + type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_prod.tar + tags: | + ${{ env.IMAGE_NAME }}:latest + ${{ env.IMAGE_NAME }}:${{ github.sha }} + - name: "PRODUCTION: Upload artifact" + uses: actions/upload-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_prod + path: /tmp/${{ env.ARTIFACT_NAME }}_prod.tar + + lint: + name: "Run in docker: LINT" runs-on: ubuntu-latest + needs: build + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_lint + path: /tmp/ + + - name: Load image + run: | + docker load --input /tmp/${{ env.ARTIFACT_NAME }}_lint.tar + docker image ls -a + - name: Run lint + run: | + docker run --rm ${{ env.IMAGE_NAME }}:lint make lint + + test: + name: "Run in docker: TEST" + runs-on: ubuntu-latest + needs: build + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_test + path: /tmp/ + + - name: Load image + run: | + docker load --input /tmp/${{ env.ARTIFACT_NAME }}_test.tar + docker image ls -a + + - name: Run test + run: | + docker run --rm ${{ env.IMAGE_NAME }}:test make test + + security: + name: "Snyk Container" + runs-on: ubuntu-latest + needs: build + permissions: + actions: read + contents: read + security-events: write steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - name: Build the Docker image - run: make compose/rebuild - - name: Lint in Docker image - run: make compose/lint - - name: Test in Docker image - run: make compose/test - - name: Run in Docker image - run: make compose/run - - name: Tag Docker image - run: > - docker tag - algorithm-exercises-java:latest - algorithm-exercises-java:${{ github.sha }} + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_prod + path: /tmp/ + + - name: Load image + run: | + docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar + docker image ls -a - name: Run Snyk to check Docker image for vulnerabilities # Snyk can be used to break the build when it detects vulnerabilities. @@ -46,11 +143,47 @@ jobs: # yamllint enable rule:line-length SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - image: algorithm-exercises-java:latest + image: ${{ env.IMAGE_NAME }}:${{ github.sha }} args: --file=Dockerfile - # yamllint disable rule:comments-indentation - # - name: Upload result to GitHub Code Scanning - # uses: github/codeql-action/upload-sarif@v2 - # with: - # sarif_file: snyk.sarif - # yamllint enable rule:comments-indentation + # yamllint disable rule:line-length + # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400 + - name: Replace security-severity undefined for license-related findings + run: | + sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif + sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif + # yamllint enable rule:line-length + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'snyk.sarif' + scan: + name: "Trivy" + runs-on: ubuntu-latest + needs: build + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: ${{ env.ARTIFACT_NAME }}_prod + path: /tmp/ + + - name: Load image + run: | + docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar + docker image ls -a + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.24.0 + with: + image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }} + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' From 638d2f6d723220ddebff909a849c9091de73452f Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 23:22:43 -0400 Subject: [PATCH 6/7] [CONFIG] [Gihub Actions] Snyk Open Source analysis added. Sarif output enabled. --- .github/workflows/snyk-code.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/snyk-code.yml diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml new file mode 100644 index 0000000..bbb6540 --- /dev/null +++ b/.github/workflows/snyk-code.yml @@ -0,0 +1,27 @@ +--- + +name: Snyk Code (Java gradle-jdk17) + +on: push # yamllint disable-line rule:truthy + +jobs: + security: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/gradle-jdk17@master + continue-on-error: true # To make sure that SARIF upload gets called + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: code test + args: --sarif-file-output=snyk-code.sarif + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'snyk-code.sarif' From f53cfa24c9a0a5bbcde3098e901b400b5409032b Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Wed, 10 Jul 2024 23:41:42 -0400 Subject: [PATCH 7/7] [CONFIG] [Gihub Actions] java-based actions, now use (or added) JDK 22. --- .github/workflows/java-gradle-coverage.yml | 2 +- .github/workflows/java-gradle.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/java-gradle-coverage.yml b/.github/workflows/java-gradle-coverage.yml index 478f0f2..89721d0 100644 --- a/.github/workflows/java-gradle-coverage.yml +++ b/.github/workflows/java-gradle-coverage.yml @@ -28,7 +28,7 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: - java-version: 21 + java-version: 22 # Alternative distribution options are available distribution: temurin - name: Validate Gradle wrapper diff --git a/.github/workflows/java-gradle.yml b/.github/workflows/java-gradle.yml index 0cc62e4..82dff19 100644 --- a/.github/workflows/java-gradle.yml +++ b/.github/workflows/java-gradle.yml @@ -24,7 +24,7 @@ jobs: strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] - java: ['20', '21'] + java: ['20', '21', '22'] runs-on: ${{ matrix.os }} steps: diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 19ab6b8..811c1f8 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -22,7 +22,7 @@ jobs: - name: Set up JDK uses: actions/setup-java@v4 with: # Alternative distribution options are available - java-version: 21 + java-version: 22 distribution: temurin - name: Cache SonarCloud packages uses: actions/cache@v4