improve github action (#279)

UrielCh · web-flow · commit c7dfb8f77342 · 2025-08-02T18:40:29.000+02:00
* improve testing

* fix maven-resources-plugin version to 3.3.1

* patch on github ations

* patch versions

* fix version

* rollback versions

* downgrade

* add condition for github workflows

* patch action

* test patch action

* edd exta test in action

* add  jacoco

* patch coverage

* patch coverage
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -0,0 +1,64 @@
+name: Coverage
+
+on:
+  push:
+    branches: [ master, upgrade ]
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - '.github/workflows/coverage.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - '.github/workflows/coverage.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  coverage:
+    name: Code Coverage
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: 11
+        distribution: 'temurin'
+        cache: 'maven'
+
+    - name: Build and test accessors-smart with coverage
+      run: cd accessors-smart && ./mvnw -q clean install
+
+    - name: Build and test json-smart with coverage
+      run: cd json-smart && ./mvnw -q clean test
+
+    - name: Upload accessors-smart coverage to Coveralls
+      uses: coverallsapp/github-action@v2
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        file: accessors-smart/target/site/jacoco/jacoco.xml
+        format: jacoco
+        flag-name: accessors-smart
+        parallel: true
+
+    - name: Upload json-smart coverage to Coveralls
+      uses: coverallsapp/github-action@v2
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        file: json-smart/target/site/jacoco/jacoco.xml
+        format: jacoco
+        flag-name: json-smart
+        parallel: true
+
+    - name: Finish parallel build
+      uses: coverallsapp/github-action@v2
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        parallel-finished: true
diff --git a/.github/workflows/json-smart-formatting.yml b/.github/workflows/json-smart-formatting.yml
@@ -4,9 +4,23 @@ on:
   push:
     branches:
       - master
+      - upgrade
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - 'json-smart-action/**'
+      - '.github/workflows/json-smart-formatting.yml'
   pull_request:
     branches:
       - master
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - 'json-smart-action/**'
+      - '.github/workflows/json-smart-formatting.yml'
+
+permissions:
+  contents: read
 
 jobs:
   formatting:
@@ -21,6 +35,14 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
           
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+          
       - name: Check formatting accessors-smart
         run: cd accessors-smart; ./mvnw spotless:check
 
diff --git a/.github/workflows/json-smart-unit-tests.yml b/.github/workflows/json-smart-unit-tests.yml
@@ -5,16 +5,30 @@ on:
     branches:
       - master
       - update2024
+      - upgrade
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - 'json-smart-action/**'
+      - '.github/workflows/json-smart-unit-tests.yml'
   pull_request:
     branches:
       - master
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - 'json-smart-action/**'
+      - '.github/workflows/json-smart-unit-tests.yml'
+
+permissions:
+  contents: read
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java-version: [8, 11, 16, 17, 21]
+        java-version: [8, 11, 17, 21, 22, 23]
     steps:
       - uses: actions/checkout@v4
       
@@ -25,6 +39,14 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
           
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+          
       - name: Unit tests accessors-smart
         run: cd accessors-smart; ./mvnw -B install; ./mvnw -B clean test
 
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,90 @@
+name: Security Scanning
+
+on:
+  push:
+    branches: [ master, upgrade ]
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - 'json-smart-action/**'
+      - '.github/workflows/security.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'accessors-smart/**'
+      - 'json-smart/**'
+      - 'json-smart-action/**'
+      - '.github/workflows/security.yml'
+  schedule:
+    - cron: '0 6 * * 1'  # Weekly on Monday at 6am UTC
+
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
+jobs:
+  codeql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: 11
+        distribution: 'temurin'
+        cache: 'maven'
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Build project accessors-smart
+      run: cd accessors-smart && ./mvnw -q clean install
+
+    - name: Build project json-smart
+      run: cd json-smart && ./mvnw -q clean install
+
+    - name: Build project json-smart-action
+      run: cd json-smart-action && ./mvnw -q clean install
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+
+  dependency-check:
+    name: Dependency Vulnerability Scan
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        java-version: 11
+        distribution: 'temurin'
+        cache: 'maven'
+
+    - name: Run OWASP Dependency Check
+      run: |
+        cd accessors-smart && ./mvnw -q org.owasp:dependency-check-maven:check -DnvdApiKey=${{ secrets.NVD_API_KEY }}
+        cd ../json-smart && ./mvnw -q org.owasp:dependency-check-maven:check -DnvdApiKey=${{ secrets.NVD_API_KEY }}
+        cd ../json-smart-action && ./mvnw -q org.owasp:dependency-check-maven:check -DnvdApiKey=${{ secrets.NVD_API_KEY }}
+      continue-on-error: true
+
+    - name: Upload dependency check results
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: dependency-check-reports
+        path: '**/target/dependency-check-report.html'
diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@
 **/bin
 **/target
 **/.vscode/
+.env
diff --git a/README.md b/README.md
@@ -1,7 +1,9 @@
 # json-smart-v2
-[![Build Status](https://travis-ci.org/netplex/json-smart-v2.svg?branch=master)](https://travis-ci.org/netplex/json-smart-v2)
+[![CI](https://github.com/netplex/json-smart-v2/actions/workflows/json-smart-unit-tests.yml/badge.svg)](https://github.com/netplex/json-smart-v2/actions/workflows/json-smart-unit-tests.yml)
+[![Security](https://github.com/netplex/json-smart-v2/actions/workflows/security.yml/badge.svg)](https://github.com/netplex/json-smart-v2/actions/workflows/security.yml)
 [![Maven Central](https://maven-badges.herokuapp.com/maven-central/net.minidev/json-smart/badge.svg?style=flat-square)](https://maven-badges.herokuapp.com/maven-central/net.minidev/json-smart/)
 [![Coverage Status](https://coveralls.io/repos/github/netplex/json-smart-v2/badge.svg?branch=master)](https://coveralls.io/github/netplex/json-smart-v2?branch=master)
+[![Java 8+](https://img.shields.io/badge/Java-8%2B-blue.svg)](https://openjdk.java.net/)
 
 
 Json-smart development started in 2010, when SQL servers did not support native JSON fields, NoSQL databases were slowly emerging, and all the existing JSON APIs were bogus. I wrote lots of tests to benchmark and compare JSON java parsers. 
diff --git a/accessors-smart/pom.xml b/accessors-smart/pom.xml
@@ -92,7 +92,7 @@ limitations under the License.
                         <!-- https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-gpg-plugin -->
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.2.7</version>
+                        <version>3.2.8</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -178,7 +178,7 @@ limitations under the License.
                 <!-- https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-compiler-plugin -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.13.0</version>
+                <version>3.14.0</version>
                 <configuration>
                     <encoding>UTF-8</encoding>
                     <source>${maven.compiler.source}</source>
@@ -204,7 +204,7 @@ limitations under the License.
                 <!-- https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-javadoc-plugin -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.10.1</version>
+                <version>3.11.2</version>
                 <!-- ONLY NEEDED With jdk 1.7+ -->
                 <configuration>
                     <source>8</source>
@@ -243,7 +243,7 @@ limitations under the License.
             <plugin>
                 <groupId>com.diffplug.spotless</groupId>
                 <artifactId>spotless-maven-plugin</artifactId>
-                <version>2.44.2</version>
+                <version>2.46.1</version>
                 <configuration>
                     <java>
                         <includes>
@@ -259,14 +259,33 @@ limitations under the License.
                     </java>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <version>0.8.13</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>prepare-agent</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>report</id>
+                        <phase>test</phase>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
     <dependencies>
         <!-- https://mvnrepository.com/artifact/org.junit.jupiter/junit-jupiter-api -->
             <dependency>
                 <groupId>org.junit.jupiter</groupId>
                 <artifactId>junit-jupiter-api</artifactId>
-                <version>5.11.2</version>
+                <version>5.13.4</version>
                 <scope>test</scope>
             </dependency>
             <!-- https://mvnrepository.com/artifact/org.ow2.asm/asm -->
diff --git a/json-smart-action/pom.xml b/json-smart-action/pom.xml
@@ -212,6 +212,7 @@
                 </executions>
             </plugin>
             <plugin>
+                <!-- https://mvnrepository.com/artifact/org.apache.felix/maven-bundle-plugin -->
                 <groupId>org.apache.felix</groupId>
                 <artifactId>maven-bundle-plugin</artifactId>
                 <version>5.1.9</version>
diff --git a/json-smart/pom.xml b/json-smart/pom.xml
@@ -270,6 +270,25 @@ limitations under the License.
 					</java>
 				</configuration>
 			</plugin>
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+				<version>0.8.13</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>prepare-agent</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>report</id>
+						<phase>test</phase>
+						<goals>
+							<goal>report</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 	<dependencies>
