feat(java-tests): add code quality job

.github/workflows/configs/.java-codeclimate.yml

@@ -0,0 +1,84 @@
+---
+version: "2"
+checks:
+  argument-count:
+    config:
+      threshold: 6
+  file-lines:
+    config:
+      threshold: 400
+  method-lines:
+    config:
+      threshold: 35
+  method-count:
+    config:
+      threshold: 25
+plugins:
+  # CSS Compatability & Bug risks
+  csslint:
+    enabled: false
+  # CoffeeScript style
+  coffeelint:
+    enabled: false
+  # Duplication
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+      - javascript
+      - python
+      - php
+  # Javascript complexity & Style
+  eslint:
+    enabled: false
+  fixme:
+    enabled: false
+  # Golang Style
+  gofmt:
+    enabled: false
+  golint:
+    enabled: false
+  # Golang bug risk
+  govet:
+    enabled: false
+  # Node
+  nodesecurity:
+    enabled: false
+  # Python Style
+  pep8:
+    enabled: false
+  radon:
+    enabled: false
+  # Python Style, complexity, security, performance, bug risk and clarity
+  sonar-python:
+    enabled: false
+  # Ruby Style, complexity, security, performance, bug risk and clarity
+  rubocop:
+    enabled: false
+  # Java Style, complexity, security, performance, bug risk and clarity
+  sonar-java:
+    enabled: true
+    config:
+      minimum_severity: minor
+      sonar.exclusions: "**/resources/*.yaml"
+      sonar.java.source: 11
+  # Swift sytle & conventions
+  swiftlint:
+    enabled: false
+exclude_patterns:
+- config/
+- db/
+- dist/
+- features/
+- "**/node_modules/"
+- script/
+- "**/spec/"
+- "**/test/"
+- "**/tests/"
+- Tests/
+- "**/vendor/"
+- "**/*_test.go"
+- "**/*.d.ts"
+- .mvn/
+- "**/cicd/**"

.github/workflows/java-tests.yml

@@ -0,0 +1,172 @@
+name: Build & Scan Container Image
+
+on:
+  workflow_call:
+    inputs:
+      # <---------------- GENERAL OPTIONS ---------------->
+      mvn-settings:
+        required: false
+        type: boolean
+        description: "If a maven-settings.xml is required this must be set to true along with the secret for its contents"
+        default: true
+      # <------------- CODE CLIMATE OPTIONS -------------->
+      cc-default-config:
+        required: false
+        type: boolean
+        description: "Set to false if you want to use your own .codeclimate.yml config"
+        default: true
+      cc-config-file:
+        required: false
+        type: string
+        description: "Set relative path to your own code climate configuration"
+        default: '.codeclimate.yml'
+      cc-info-threshold:
+        required: false
+        type: string
+        description: "Max number of INFO Code Climate findings allowed"
+        default: 0
+      cc-minor-threshold:
+        required: false
+        type: string
+        description: "Max number of MINOR Code Climate findings allowed"
+        default: 0
+      cc-major-threshold:
+        required: false
+        type: string
+        description: "Max number of MAJOR Code Climate findings allowed"
+        default: 0
+      cc-critical-threshold:
+        required: false
+        type: string
+        description: "Max number of CRITICAL Code Climate findings allowed"
+        default: 0
+      cc-blocker-threshold:
+        required: false
+        type: string
+        description: "Max number of BLOCKER Code Climate findings allowed"
+        default: 0
+    secrets:
+      mvn-settings-file:
+        required: false
+        description: "If a maven settings file is required for build then add it here"
+
+jobs:
+  # <------------------- CODE QUALITY -------------------->
+  code-quality:
+    name: Code Quality
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Get Configuration
+        if: ${{ inputs.cc-default-config }}
+        run: |
+          echo "Fetching default configuration from erzz/workflows..."
+          curl -L --fail -o .codeclimate.yml https://raw.githubusercontent.com/erzz/workflows/main/.github/workflows/configs/.java-codeclimate.yml || exit 1
+
+      - name: Code Climate Standalone
+        uses: erzz/[email protected]
+        with:
+          html_report: true
+          config_file: ${{ inputs.cc-config-file }}
+          info_threshold: ${{ inputs.cc-info-threshold }}
+          minor_threshold: ${{ inputs.cc-minor-threshold }}
+          major_threshold: ${{ inputs.cc-major-threshold }}
+          critical_threshold: ${{ inputs.cc-critical-threshold }}
+          blocker_threshold: ${{ inputs.cc-blocker-threshold }}
+
+      - name: Upload Code Climate Report
+        uses: actions/upload-artifact@v2
+        if: always()
+        with:
+          name: Code Climate Reports
+          path: |
+            codeclimate-report.json
+            codeclimate-report.html
+
+  # # <------------------- SAST POLARIS -------------------->
+  # sast:
+  #   name: Polaris SAST
+  #   runs-on: ubuntu-latest
+  #   env:
+  #     POLARIS_URL: https://ikea.polaris.synopsys.com
+  #     POLARIS_ACCESS_TOKEN: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+  #   steps:
+  #     - name: Checkout Source
+  #       uses: actions/checkout@v2
+
+  #     - name: Slugify github variables
+  #       uses: rlespinasse/[email protected]
+
+  #     - name: Add Maven Settings
+  #       env:
+  #         MAVEN_SETTINGS_FILE: ${{ secrets.MAVEN_SETTINGS_FILE }}
+  #       run: |
+  #         echo "$MAVEN_SETTINGS_FILE" > maven-settings.xml
+  #     - name: Polaris SAST Scan
+  #       env:
+  #         PROJECT_NAME: ${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG_URL }}
+  #         SEM_VER_REGEX: "^v[0-9]+\\.[0-9]+\\.[0-9]+$"
+  #       run: |
+  #         # skip if running as part of a release commit
+  #         if (echo ${{ env.GITHUB_REF_SLUG }} | grep -Eq ${{ env.SEM_VER_REGEX }}); then
+  #           echo "Skipping this job as it was triggered from a release commit" && exit 0
+  #         fi
+  #         # else install and execute
+  #         wget -q "$POLARIS_URL/api/tools/polaris_cli-linux64.zip"
+  #         unzip -j polaris_cli-linux64.zip -d /tmp
+  #         cp .github/polaris/polaris.yml $GITHUB_WORKSPACE/polaris.yml
+  #         /tmp/polaris \
+  #           -s $POLARIS_URL \
+  #           analyze -w
+  #         # Pass / Fail depending on the thresholds
+  #         python3 .github/polaris/polaris-result-analyzer.py --max-total=3 --max-critical=0 --max-high=0 --max-medium=2 --max-low=1
+
+  #     - name: Upload scan reports
+  #       if: always()
+  #       uses: actions/[email protected]
+  #       with:
+  #         name: Polaris SAST Reports
+  #         path: .synopsys/polaris/cli-scan.json
+
+  # # <------------------- UNIT TESTS --------------------->
+  # unit-tests:
+  #   name: Unit Tests
+  #   runs-on: ubuntu-latest
+  #   env:
+  #     GOOGLE_APPLICATION_CREDENTIALS: sa.json
+  #   steps:
+  #     - name: Checkout the code
+  #       uses: actions/checkout@v2
+
+  #     - name: Authenticate to GCP
+  #       id: auth
+  #       uses: google-github-actions/auth@v0
+  #       with:
+  #         credentials_json: ${{ secrets.DEV_API_SA_CREDS }}
+
+  #     - name: Add Maven Settings
+  #       env:
+  #         MAVEN_SETTINGS_FILE: ${{ secrets.MAVEN_SETTINGS_FILE }}
+  #       run: |
+  #         echo "$MAVEN_SETTINGS_FILE" > maven-settings.xml
+  #     - name: Execute Unit Tests
+  #       run: |
+  #         ./mvnw -s maven-settings.xml test --fail-at-end -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B
+  #     - name: Upload Surefire Reports
+  #       uses: ScaCap/action-surefire-report@v1
+  #       if: always()
+  #       with:
+  #         github_token: ${{ secrets.GITHUB_TOKEN }}
+  #         report_paths: "**/surefire-reports/TEST-*.xml"
+
+  #     - name: Upload Unit Test Reports
+  #       uses: actions/upload-artifact@v2
+  #       if: always()
+  #       with:
+  #         name: Unit Test Reports
+  #         path: |
+  #           retail-pim-api-srv/target/jacoco/reports/index.html
+  #           retail-pim-api-srv/target/surefire-reports/TEST-*.xml
+