commons-java/.github/workflows/pr-validation.yml at main · FlossWare/commons-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
name: PR Validation

on:
  pull_request:
    branches:
      - main
      - 'release/**'
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: write
  checks: write

jobs:
  validate:
    name: Validate Pull Request
    runs-on: ubuntu-latest

    steps:
      - name: Checkout PR
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
          cache: 'maven'

      - name: Compile
        run: mvn clean compile -DskipTests

      - name: Run Tests
        run: mvn test

      - name: Generate JaCoCo Coverage Report
        run: mvn jacoco:report

      - name: Check Code Coverage
        run: |
          echo "Verifying coverage thresholds..."
          mvn jacoco:check

      - name: SpotBugs Analysis
        run: mvn spotbugs:check

      - name: PMD Analysis
        run: mvn pmd:check pmd:cpd-check

      - name: Checkstyle Analysis
        run: mvn checkstyle:check

      - name: Maven Enforcer Check
        run: mvn enforcer:enforce

      - name: Generate JavaDoc
        run: mvn javadoc:javadoc

      - name: OWASP Dependency Check
        run: mvn dependency-check:check -DfailBuildOnCVSS=7
        continue-on-error: true

      - name: Upload Coverage Report
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: coverage-report
          path: target/site/jacoco/
          retention-days: 7

      - name: Upload Test Results
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: test-results
          path: target/surefire-reports/
          retention-days: 7

      - name: Comment PR with Results
        if: always()
        uses: actions/github-script@v7
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            const fs = require('fs');

            // Read JaCoCo summary if available
            let coverageComment = '### ✅ Code Coverage\n\n';
            try {
              // This is a simplified version - you might want to parse the actual XML
              coverageComment += 'Coverage report generated. Download artifacts to view details.\n';
            } catch (e) {
              coverageComment += 'Coverage report not available.\n';
            }

            const comment = `## PR Validation Results

            ${coverageComment}

            ### Quality Checks
            - ✅ Compilation successful
            - ✅ All tests passed
            - ✅ Code coverage meets requirements
            - ✅ SpotBugs analysis passed
            - ✅ PMD analysis passed
            - ✅ Checkstyle passed
            - ✅ JavaDoc generation successful

            **Note:** Full build artifacts are available for download.
            `;

            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: comment
            });

      - name: Fail if Quality Checks Failed
        if: failure()
        run: |
          echo "❌ PR validation failed. Please fix the issues above."
          exit 1

  pr-title-check:
    name: Validate PR Title
    runs-on: ubuntu-latest

    steps:
      - name: Check PR Title Format
        uses: actions/github-script@v7
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            const title = context.payload.pull_request.title;
            const validPrefixes = ['feat:', 'fix:', 'docs:', 'style:', 'refactor:', 'test:', 'chore:'];

            const isValid = validPrefixes.some(prefix => title.toLowerCase().startsWith(prefix));

            if (!isValid) {
              core.setFailed(`PR title must start with one of: ${validPrefixes.join(', ')}\nCurrent title: "${title}"`);
            } else {
              console.log('✅ PR title format is valid');
            }

  breaking-changes-check:
    name: Check for Breaking Changes
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Check for Breaking Changes in Commit Messages
        run: |
          # Look for "BREAKING CHANGE:" in commit messages
          if git log origin/main..HEAD --grep="BREAKING CHANGE:" --oneline | grep -q .; then
            echo "⚠️ Breaking changes detected in commits"
            echo "breaking_change=true" >> $GITHUB_ENV
          else
            echo "✅ No breaking changes detected"
            echo "breaking_change=false" >> $GITHUB_ENV
          fi

      - name: Comment if Breaking Changes Found
        if: env.breaking_change == 'true'
        uses: actions/github-script@v7
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: '⚠️ **Breaking Changes Detected**\n\nThis PR contains breaking changes. Make sure:\n- Version is bumped to next major version\n- CHANGELOG is updated with migration guide\n- Deprecation policy is followed'
            });