[TASK 85] add gradle conventions (#58)

* feat: added extensions and basic spring boot convention * feat: added extensions and basic spring boot convention * feat: added basic health check endpoint * feat: added update gradle dependencies plugin * feat: added analysis conventions plugins * style: detekt formatting style * feat: analysis conventions. - kover - detetk - codecov * feat: analysis conventions. - kover - detetk - codecov * feat: analysis conventions. - kover - detetk - codecov * ci: removed kover-report * build: pre-commit detekt * feat: gradle git properties - add spring doc configuration - gradle git properties - added actuator * style: eslint and stylelint * feat(backend): application startup traces * test(backend): bean validation tests
dallay · Jan 6, 2024 · 3cee55a · 3cee55a
1 parent 60cc536
commit 3cee55a
Show file tree

Hide file tree

Showing 56 changed files with 2,596 additions and 218 deletions.
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
@@ -16,11 +16,21 @@ else
 	exit 1
 fi
 
+echo "*****Running Detekt and Linter Tasks******"
 echo "🟢 Using package manager: $PACKAGE_MANAGER"
 
-if $PACKAGE_MANAGER install && $PACKAGE_MANAGER run format && $PACKAGE_MANAGER run lint && $PACKAGE_MANAGER run test; then
-	exit 0
-else
-	echo "Error: ❌ failed to run pre-commit hook"
-	exit 1
-fi
+git stash -q --keep-index
+
+$PACKAGE_MANAGER install
+$PACKAGE_MANAGER run format
+$PACKAGE_MANAGER run lint
+$PACKAGE_MANAGER run test
+
+./gradlew detektAll --no-daemon --stacktrace
+
+status=$?
+
+git stash pop -q
+
+exit $status
+
diff --git a/.github/workflows/deploy-main-stage.yml b/.github/workflows/deploy-main-stage.yml
@@ -77,6 +77,50 @@ jobs:
           sarif_file: 'trivy-results-source-code.sarif'
           category: source-code
 
+  static-analysis-security:
+    name: 🔮 Static analysis and 🔒Security Checks
+    needs: [ validation ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔄 Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Java Tools & Dependencies
+        uses: ./.github/actions/install/java
+
+      - name: Install Tools & Dependencies
+        uses: ./.github/actions/install/node
+
+      - name: Check OWASP 🛡️
+        run: ./gradlew dependencyCheckAnalyze --no-daemon --stacktrace
+
+      - name:  Upload owasp-report results 🛡️⬆️
+        uses: actions/upload-artifact@v3
+        with:
+          name: owasp-reports
+          path: build/reports/owasp
+
+      - name: Run detekt
+        run: ./gradlew detektAll --no-daemon --stacktrace
+
+      - name: Upload static reports artifact
+        uses: actions/[email protected]
+        with:
+          name: static-report
+          path: |
+            build/reports/detekt/detekt.xml
+            **/build/reports/lint-results-debug.xml
+          retention-days: 1
+
+      - name: Analyze detekt report
+        uses: github/codeql-action/[email protected]
+        with:
+          sarif_file: build/reports/detekt/detekt.sarif
+          checkout_path: ${{ github.workspace }}
+
   functional:
     name: Functional Acceptance Tests 🎯
     needs: [ build ]
@@ -96,6 +140,34 @@ jobs:
     steps:
       - run: echo "Running security tests"
 
+  code-coverage:
+    name: Code Coverage 📊
+    needs: [ build ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ env.CI_GITHUB_TOKEN }}
+
+      - name: Install Java Tools & Dependencies
+        uses: ./.github/actions/install/java
+
+      - name: Install Tools & Dependencies
+        uses: ./.github/actions/install/node
+
+      - name: Run Code Coverage
+        run: |
+          ./gradlew koverXmlReport --no-daemon --stacktrace
+
+      - name: Upload coverage reports
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: build/reports/kover/report.xml
+          fail_ci_if_error: true # optional (default = false)
+          verbose: true # optional (default = false)
+
   approval:
     name: Deploy Approval 💫
     runs-on: ubuntu-latest

diff --git a/.github/workflows/dev-commit-stage.yml b/.github/workflows/dev-commit-stage.yml
@@ -74,6 +74,78 @@ jobs:
           sarif_file: 'trivy-results-source-code.sarif'
           category: source-code
 
+  code-coverage:
+    name: Code Coverage 📊
+    needs: [ build ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ env.CI_GITHUB_TOKEN }}
+
+      - name: Install Java Tools & Dependencies
+        uses: ./.github/actions/install/java
+
+      - name: Install Tools & Dependencies
+        uses: ./.github/actions/install/node
+
+      - name: Run Code Coverage
+        run: |
+          ./gradlew koverXmlReport --no-daemon --stacktrace
+
+      - name: Upload coverage reports
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: build/reports/kover/report.xml
+          fail_ci_if_error: true # optional (default = false)
+          verbose: true # optional (default = false)
+
+  static-analysis-security:
+    name: 🔮 Static analysis and 🔒Security Checks
+    needs: [ validation ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔄 Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Java Tools & Dependencies
+        uses: ./.github/actions/install/java
+
+      - name: Install Tools & Dependencies
+        uses: ./.github/actions/install/node
+
+      - name: Check OWASP 🛡️
+        run: ./gradlew dependencyCheckAnalyze --no-daemon --stacktrace
+
+      - name:  Upload owasp-report results 🛡️⬆️
+        uses: actions/upload-artifact@v3
+        with:
+          name: owasp-reports
+          path: build/reports/owasp
+
+      - name: Run detekt
+        run: ./gradlew detektAll --no-daemon --stacktrace
+
+      - name: Upload static reports artifact
+        uses: actions/[email protected]
+        with:
+          name: static-report
+          path: |
+            build/reports/detekt/detekt.xml
+            **/build/reports/lint-results-debug.xml
+          retention-days: 1
+
+      - name: Analyze detekt report
+        uses: github/codeql-action/[email protected]
+        with:
+          sarif_file: build/reports/detekt/detekt.sarif
+          checkout_path: ${{ github.workspace }}
+
   package:
     name: Package and Publish 📦
     needs: [ build ]

diff --git a/.github/workflows/pre-release-stage.yml b/.github/workflows/pre-release-stage.yml
@@ -72,6 +72,50 @@ jobs:
           sarif_file: 'trivy-results-source-code.sarif'
           category: source-code
 
+  static-analysis-security:
+    name: 🔮 Static analysis and 🔒Security Checks
+    needs: [ validation ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 🔄 Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Java Tools & Dependencies
+        uses: ./.github/actions/install/java
+
+      - name: Install Tools & Dependencies
+        uses: ./.github/actions/install/node
+
+      - name: Check OWASP 🛡️
+        run: ./gradlew dependencyCheckAnalyze --no-daemon --stacktrace
+
+      - name:  Upload owasp-report results 🛡️⬆️
+        uses: actions/upload-artifact@v3
+        with:
+          name: owasp-reports
+          path: build/reports/owasp
+
+      - name: Run detekt
+        run: ./gradlew detektAll --no-daemon --stacktrace
+
+      - name: Upload static reports artifact
+        uses: actions/[email protected]
+        with:
+          name: static-report
+          path: |
+            build/reports/detekt/detekt.xml
+            **/build/reports/lint-results-debug.xml
+          retention-days: 1
+
+      - name: Analyze detekt report
+        uses: github/codeql-action/[email protected]
+        with:
+          sarif_file: build/reports/detekt/detekt.sarif
+          checkout_path: ${{ github.workspace }}
+
   functional:
     name: Functional Acceptance Tests 🧪
     needs: [ build ]
@@ -91,6 +135,34 @@ jobs:
     steps:
       - run: echo "Running security tests"
 
+  code-coverage:
+    name: Code Coverage 📊
+    needs: [ build ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ env.CI_GITHUB_TOKEN }}
+
+      - name: Install Java Tools & Dependencies
+        uses: ./.github/actions/install/java
+
+      - name: Install Tools & Dependencies
+        uses: ./.github/actions/install/node
+
+      - name: Run Code Coverage
+        run: |
+          ./gradlew koverXmlReport --no-daemon --stacktrace
+
+      - name: Upload coverage reports
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: build/reports/kover/report.xml
+          fail_ci_if_error: true # optional (default = false)
+          verbose: true # optional (default = false)
+
   semantic-release:
     name: Semantic Release 🧭
     needs: [ security ]

diff --git a/apps/backend/backend.gradle.kts b/apps/backend/backend.gradle.kts
@@ -1,10 +1,10 @@
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 plugins {
-    alias(libs.plugins.spring.boot)
-    alias(libs.plugins.spring.dependency.management)
+    id("app.spring.boot.convention")
     kotlin("jvm").version(libs.versions.kotlin)
     kotlin("plugin.spring").version(libs.versions.kotlin)
+    alias(libs.plugins.gradle.git.properties)
 }
 
 java {
@@ -22,16 +22,8 @@ repositories {
 }
 
 dependencies {
-    implementation("org.springframework.boot:spring-boot-starter-webflux")
-    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
-    implementation("io.projectreactor.kotlin:reactor-kotlin-extensions")
-    implementation("org.jetbrains.kotlin:kotlin-reflect")
-    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")
-    developmentOnly("org.springframework.boot:spring-boot-devtools")
-    developmentOnly("org.springframework.boot:spring-boot-docker-compose")
-    annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
-    testImplementation("org.springframework.boot:spring-boot-starter-test")
-    testImplementation("io.projectreactor:reactor-test")
+    // L O C A L   D E P E N D E N C I E S
+    implementation(project(":shared:common"))
 }
 
 tasks.register<Copy>("processFrontendResources") {