generated from thriving-dev/java-library-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 044dacb
Showing
37 changed files
with
2,603 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # | ||
| # https://help.github.com/articles/dealing-with-line-endings/ | ||
| # | ||
| # Linux start script should use lf | ||
| /gradlew text eol=lf | ||
|
|
||
| # These are Windows script files and should use crlf | ||
| *.bat text eol=crlf | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| name: "🐞 Bug report" | ||
| description: Create a report to help us improve | ||
| labels: ["pending triage"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thank you for taking the time to fill out this bug report! | ||
| Please carefully read the contribution docs before creating a bug report | ||
| 👉 https://github.com/thriving-dev/java-library-template/blob/main/CONTRIBUTING.md | ||
| - type: textarea | ||
| id: bug-description | ||
| attributes: | ||
| label: Describe the bug | ||
| description: A clear and concise description of what the bug is. What is the current behaviour vs. what do you expect to happen? If you intend to submit a PR for this issue, tell us in the description. Thanks! | ||
| placeholder: Bug description | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: version | ||
| attributes: | ||
| label: Library version(s) affected | ||
| description: What library version did you experience this bug with? Which versions are affected (when known)? | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: reproduce | ||
| attributes: | ||
| label: Steps to reproduce | ||
| description: Please describe how we can reproduce the behavior. | ||
| - type: textarea | ||
| id: additonal | ||
| attributes: | ||
| label: Additional context, environment | ||
| description: If applicable, add any other context about the problem here. This could also include technical context and environment information such as e.g. OS, Java version, language. | ||
| - type: textarea | ||
| id: logs | ||
| attributes: | ||
| label: Logs | ||
| description: | | ||
| Optional if provided reproduction. Please try not to insert an image but copy paste the log text. | ||
| render: shell-script |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| blank_issues_enabled: true | ||
| contact_links: | ||
| - name: 💬 Discussions | ||
| url: https://github.com/thriving-dev/java-library-template/discussions | ||
| about: Use discussions if you have another issue, an idea for improvement or for asking questions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: "🚀 Feature request" | ||
| description: Suggest an idea for this project | ||
| labels: ["pending triage"] | ||
| body: | ||
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| Thank you for taking the time to fill out this feature request! | ||
| Please carefully read the contribution docs before suggesting a new feature | ||
| 👉 https://github.com/thriving-dev/java-library-template/blob/main/CONTRIBUTING.md | ||
| - type: textarea | ||
| id: feature-description | ||
| attributes: | ||
| label: Describe the feature | ||
| description: A clear and concise description of what you think would be a helpful addition, including the possible use cases and alternatives you have considered. If you have a working prototype that implements it, please include a link. | ||
| placeholder: Feature description | ||
| validations: | ||
| required: true | ||
| - type: checkboxes | ||
| id: additional-info | ||
| attributes: | ||
| label: Additional information | ||
| description: Additional information that helps us decide how to proceed. | ||
| options: | ||
| - label: Would you be willing to help implement this feature? | ||
| - type: checkboxes | ||
| id: required-info | ||
| attributes: | ||
| label: Final checks | ||
| description: Before submitting, please make sure you do the following | ||
| options: | ||
| - label: Read the [contribution guide](https://github.com/thriving-dev/java-library-template/blob/main/CONTRIBUTING.md). | ||
| required: true | ||
| - label: Check existing [discussions](https://github.com/thriving-dev/java-library-template/discussions) and [issues](https://github.com/thriving-dev/java-library-template/issues). | ||
| required: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| <!-- ☝️ PR title should follow conventional commits (https://conventionalcommits.org) --> | ||
| <!-- Thanks for taking the time to write this Pull Request! ❤️ --> | ||
|
|
||
| ### ❓ Type of change | ||
|
|
||
| <!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply. --> | ||
|
|
||
| - [ ] 📖 Documentation (updates to the documentation, readme or JSdoc annotations) | ||
| - [ ] 🐞 Bug fix (a non-breaking change that fixes an issue) | ||
| - [ ] 👌 Enhancement (improving an existing functionality like performance) | ||
| - [ ] ✨ New feature (a non-breaking change that adds functionality) | ||
| - [ ] 🧹 Chore (updates to the build process or auxiliary tools and libraries) | ||
| - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to change) | ||
|
|
||
| ### 📚 Description, Motivation and Context | ||
|
|
||
| <!-- Describe your changes in detail --> | ||
| <!-- Why is this change required? What problem does it solve? --> | ||
| <!-- If it resolves an open issue, please link to the issue here. For example "Resolves #1337" --> | ||
|
|
||
| ### 🧪 How Has This Been Tested? | ||
|
|
||
| <!-- Please describe in detail how you tested your changes. --> | ||
| <!-- Include details of your testing environment, tests ran to see how --> | ||
| <!-- your change affects other areas of the code, etc. --> | ||
|
|
||
| ### 📝 Checklist | ||
|
|
||
| <!-- Put an `x` in all the boxes that apply. --> | ||
| <!-- If your change requires a documentation PR, please link it appropriately --> | ||
| <!-- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> | ||
|
|
||
| - [ ] I have linked an issue or discussion. | ||
| - [ ] I have updated the documentation accordingly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,181 @@ | ||
| # %REPO_NAME% | ||
|
|
||
| [](https://github.com/thriving-dev/java-library-template/generate) | ||
| [](https://github.com/%REPO_OWNER%/%REPO_NAME%/actions/workflows/1.pipeline.yml) | ||
| [](https://central.sonatype.com/artifact/%ARTIFACT_GROUP%/%ARTIFACT_NAME%) | ||
| [](CODE_OF_CONDUCT.md) | ||
| [](https://%REPO_OWNER%.github.io/%REPO_NAME%/javadoc/) | ||
|
|
||
| Automated migration completed, enjoy the template. | ||
|
|
||
| ## Features | ||
| - 🥷 One-click **automated initial project migration workflow** (GitHub Action) | ||
| - **Java 21** (corretto) 🤝 **Gradle Kotlin DSL**, version catalog | ||
| - **GitHub Actions CI/CD pipeline**, 👷 efficient build pipeline, caching, integration tests, test report & failed test annotations | ||
| - 🚀 **One-click release** process + **publish** to **Maven Central** | ||
| - **Security & 🚦 Vulnerability scan** with **[trivy](https://github.com/aquasecurity/trivy)** & GitHub CodeQL Analysis | ||
| - **Automated dependency updates** with **[Renovate](https://github.com/renovatebot/renovate)** 🤖 | ||
| - **Javadoc** deployed with **GitHub Pages** | ||
| - Open Source **Community ready** (Code of Conduct, Contribution guidelines, Issue & PR Templates) | ||
|
|
||
| ## Quick Start | ||
| 1. [Use this template](https://github.com/thriving-dev/java-library-template/generate) to create your own repository | ||
| 2. Create & provide a PAT (Personal Access Token) for the CI/CD pipeline | ||
|
|
||
| Three workflows commit and push changes to the repository and therefore require additional permissions. ('migrate-repo-template', 'publish-javadoc', 'gradle-release') | ||
|
|
||
| The jobs expect a secret by the name `CI_GITHUB_TOKEN` that holds a PAT with _write_ permission for _Content_. | ||
|
|
||
| To create a new access token, the following steps are required (ref [GitHub documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token)): | ||
| 1. If the new repo owner is an organisation, **enrol** the organisation for '**Fine-grained personal access tokens**'. In the organisation ['Settings > Third-party Access > Personal access tokens'](https://github.com/organizations/%REPO_OWNER%/settings/personal-access-tokens). | ||
| 2. Head to the [Developer settings](https://github.com/settings/tokens?type=beta) and **enrol** your personal account for the new '**Fine-grained personal access tokens**'. (That's a one-off for your account and you might already have done this before) | ||
| 3. Next, click on the button '**Generate new token**' and create a token for the target _**Resource owner**_, with access to your project and the following '**Repository Permissions**' | ||
| * **Contents:** **Read** and **Write** access to code | ||
| * **Metadata:** **Read** access to metadata | ||
|
|
||
| <img width="680" alt="image" src="https://github.com/thriving-dev/java-library-template/assets/10864443/ff00fec5-36b5-46b3-9fae-83504aa00199"> | ||
|
|
||
| 4. Provide your new PAT either as an Organisation secret or a Repository secret with the name `CI_GITHUB_TOKEN`. | ||
|
|
||
| <img width="800" src="https://github.com/thriving-dev/java-library-template/assets/10864443/9a9224ef-ef58-4c59-9025-5d83ac5981b9"> | ||
|
|
||
| 3. Trigger the '**!! INITIAL: Migrate Repo Template !!**' workflow | ||
|
|
||
| ℹ️ This workflow automatically 'migrates' all files in your new repository, updating the **gradle project group**, **module name**, **package names**, and **all references** to the repo `<owner>/<name>`. | ||
|
|
||
| - Head over to **Actions** (1) | ||
| - on the left-hand side select the topmost workflow '**!! INITIAL: Migrate Repo Template !!**' (2) | ||
| - click the **Run workflow** button (3) | ||
| - **fill out** the form & **start** the pipeline (4)(5) | ||
|
|
||
|  | ||
|
|
||
| 4. Final one-off tasks | ||
| * Choose & update the LICENSE, [here](LICENSE) | ||
| * Update _Maven Publication_ details [here](%ARTIFACT_NAME%/build.gradle.kts#L6-L13) | ||
| * [Configure GitHub Pages](#prerequisites-configure-github-pages) to deploy branch 'gh-pages' (Javadoc) | ||
| * Add secrets required for [publishing to Maven Central](#prerequisites-sonatype-credentials--gpg-signing-key) | ||
| * Install & configure renovate app ([instructions](#prerequisites-enable--configure-renovate)) | ||
|
|
||
| ## Project Structure | ||
| The project template consists of three top-level _folders_: | ||
| * `.github/`: Defines the GitHub Actions CI tasks and templates for new pull requests, issues, etc. | ||
| * `gradle/`: Contains Gradle Configuration files such as the Gradle [Version Catalog](https://docs.gradle.org/current/userguide/platforms.html) and the Gradle Wrapper. | ||
| * `%ARTIFACT_NAME%/`: The library source code (Gradle sub-project). | ||
|
|
||
| In addition, following _files_ are worth highlighting: | ||
| * `gradle/libs.versions.toml`: A [conventional file](https://docs.gradle.org/current/userguide/platforms.html#sub:conventional-dependencies-toml) to declare a version catalog. | ||
| * `settings.gradle.kts`: The multi-project Gradle settings file. Here are all the sub-projects defined. | ||
| * `gradle.properties`: Holds the library version, needed & maintained by the CI/CD pipeline [release process](#release-process). | ||
| * `**/build.gradle.kts`: Gradle build file | ||
|
|
||
| ## CI/CD Pipeline | ||
| The heart of this template is the ['Main GitHub Actions CI/CD Pipeline'](https://github.com/%REPO_OWNER%/%REPO_NAME%/actions/workflows/1.pipeline.yml). | ||
|
|
||
|  | ||
|
|
||
| The workflow encompasses multiple jobs, modelled and linked with dependencies and conditions. | ||
| Based on the context (trigger, ref, input arguments) it meets different use cases: | ||
| 1. **Check**. Build, test, integration test; code quality & vulnerability scans. | ||
| Runs for active PRs - as well as part of all subsequent listed use cases. | ||
| 2. **Latest**. 'Check', publish SNAPSHOT version to Maven Central and Javadoc (GitHub Pages). | ||
| Runs on pushes to the main branch. | ||
| 3. **Release Process**. 'Check', executes (major|minor|patch) release process via the Gradle plugin. | ||
| Manually triggered workflow via GitHub UI/API. | ||
| 3. **Library Release**. 'Check', publish RELEASE version to Maven Central and Javadoc (GitHub Pages). | ||
| Runs for pushed tags. | ||
|
|
||
| ## Publish to Maven Central | ||
| ### Automated Process | ||
| The Maven publish process is fully automated and does not require manual action. | ||
| - The _main_ branch (per process definition) always is set to the next [SNAPSHOT version](gradle.properties) and is published to the Sonatype snapshot repository with each main CI/CD pipeline run. The pipeline runs e.g. when a PR is merged, but can also be triggered manually. | ||
| - Release deployment happens when a new tag is pushed to GitHub. (Part of the [release process](#release-process)) | ||
|
|
||
| ### Prerequisites: Sonatype Credentials & GPG Signing Key | ||
| The initial setup for your OSSRH repository requires some manual steps and human review (see why), after which your deployment process is typically modified to get components into OSSRH. These are all one time steps. | ||
| I recommend to follow the [official guide](https://central.sonatype.org/publish/publish-guide/). | ||
|
|
||
| In order to deploy your components to OSSRH with Gradle, you have to meet the [requirements](https://central.sonatype.org/publish/requirements/) for your metadata in the pom.xml as well as supply the required, signed components. | ||
|
|
||
| > ℹ️ The publish process uses [io.github.gradle-nexus.publish-plugin](https://plugins.gradle.org/plugin/io.github.gradle-nexus.publish-plugin) under the hood. | ||
| The gradle project as well as the CI/CD pipeline is already fully prepared for the publishing process. | ||
| The GH actions job [callable.publish-sonatype.yml](.github/workflows/callable.publish-sonatype.yml) requires the following Secrets: | ||
|
|
||
| | Secret name | Value | | ||
| |--------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| | `OSSRH_USERNAME` | The username of your OSSRH account. | | ||
| | `OSSRH_PASSWORD` | The password of your OSSRH account. | | ||
| | `GPG_SIGNING_KEY` | The GPG private key to sign your artifacts (in ascii-armored format). You can obtain it with `gpg --armor --export-secret-keys <your@email.here>` or you can create one key online on [pgpkeygen.com](https://pgpkeygen.com). | | ||
| | `GPG_SIGNING_PASSPHRASE` | The passphrase for unlocking the secret key. (you picked it when creating the key). | | ||
|
|
||
| Please define the secrets via your repository settings. ([Settings > Security > Secrets and variables > Actions](https://github.com/%REPO_OWNER%/%REPO_NAME%/settings/secrets/actions)) | ||
| <img width="800" alt="Preview of Javadoc published to GitHub Pages by the CI/CD pipeline" src="https://github.com/thriving-dev/java-library-template/assets/10864443/e6cf928c-6665-43fc-9506-c29d210b18de"> | ||
|
|
||
| ## Release Process | ||
| ### Creating a Release | ||
| To release a new version via the CI/CD Pipeline, please follow the instructions below. | ||
| - Navigate to Actions (1) | ||
| - \> Main Pipeline (2) | ||
| - Click 'Run workflow' button (3) | ||
| - Select a semver release type with the 'Release Library' dropdown (4) | ||
| - 'Run the workflow' (5) | ||
|  | ||
|
|
||
| The release process includes | ||
| - Pipeline run (incl. build & tests) that executes the release plugin (6) | ||
| - The release plugin first sets & commits the new version (7a) | ||
| - Creates & pushes a new tag (7b) | ||
| - Sets the main branch to the next SNAPSHOT version (7c) | ||
|  | ||
|
|
||
| The new version is automatically published to Maven Central! 🚀 | ||
|  | ||
|
|
||
| ### Prerequisites: PAT provided as `CI_GITHUB_TOKEN` | ||
| The CI/CD 'gradle-release' job expects a secret by the name `CI_GITHUB_TOKEN` that holds a PAT (Personal Access Token) with permission to push tags as part of the release process. | ||
|
|
||
| If you have been following the Quick Start guide you should already have this configured. Please refer to ['Quick Start' step 2](#quick-start). | ||
|
|
||
| ## Javadoc | ||
| ### Use | ||
| A Javadoc website of your library, generated by gradle, is 'published' to GitHub Pages by the CI/CD pipeline. In addition to each released version, the current snapshot version (_main_ branch) is published as `current`. | ||
| -> visit the [live preview](https://thriving-dev.github.io/java-library-template/javadoc/). | ||
|
|
||
| <img width="680" alt="Preview of Javadoc published to GitHub Pages by the CI/CD pipeline" src="https://github.com/thriving-dev/java-library-template/assets/10864443/119e8055-2755-40d4-8ec4-69bdc2e5339b"> | ||
|
|
||
| ### Prerequisites: Configure GitHub Pages | ||
| To host the generated Javadoc, configure GitHub Pages for your repository to deploy from branch `gh-pages`. You can also find all deployments under ['pages-build-deployment'](https://github.com/%REPO_OWNER%/%REPO_NAME%/actions/workflows/pages/pages-build-deployment). | ||
|
|
||
| > ℹ️ The branch is created with the first CI/CD pipeline run. ('Publish javadoc' job) | ||
|  | ||
|
|
||
| ## Security & CodeQL Analysis | ||
| ### Common Vulnerabilities and Exposures (CVE) | ||
| The libraries gradle dependencies are scanned for known [CVE](https://www.cve.org/) with **[aquasecurity/trivy](https://github.com/aquasecurity/trivy)**. The scan results can be reviewed and managed under [Security > Vulnerability alerts > Code scanning](https://github.com/%REPO_OWNER%/%REPO_NAME%/security/code-scanning). | ||
|
|
||
| Scans are triggered | ||
| 1. with each main CI/CD pipeline run | ||
| 2. Scheduled (weekly) ([ref](.github/workflows/2.scheduled.code-analysis.yml)) | ||
|
|
||
| <img width="800" alt="Preview of a critical CVE listed in the GitHub Security 'Code scanning' overview page" src="https://github.com/thriving-dev/java-library-template/assets/10864443/2980ba31-32c4-4bd8-9adf-4d852806614b"> | ||
|
|
||
| Please refer to [official GitHub documentation](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) for more details. | ||
|
|
||
| ## Automated Dependency Updates with Renovate | ||
| ### Dependency Dashboard | ||
|
|
||
| <img width="800" src="https://github.com/thriving-dev/java-library-template/assets/10864443/3300d418-8dee-4071-96df-dc53882315fd"> | ||
|
|
||
| ### PRs created by renovate bot | ||
| <img width="800" src="https://github.com/thriving-dev/java-library-template/assets/10864443/bcd03d8f-f620-4344-85d8-5f29d28be030"> | ||
|
|
||
| ### Prerequisites: Enable & Configure Renovate | ||
| This template ships with a prepared [renovate.json](renovate.json). | ||
|
|
||
| The recommended way to enable renovate is to use the [Renovate GitHub App](https://github.com/apps/renovate). | ||
|
|
||
|
|
||
| ## Credits | ||
| - Created by https://github.com/thriving-dev/java-library-template |
Oops, something went wrong.