pending changes for finos migration (#382)

finos · Jun 17, 2024 · ceabaae · ceabaae
1 parent 49c0f93
commit ceabaae
Show file tree

Hide file tree

Showing 6 changed files with 183 additions and 7 deletions.
diff --git a/.github/actions/maven-build/action.yml b/.github/actions/maven-build/action.yml
@@ -0,0 +1,31 @@
+name: Maven Build
+description: Run a Maven Build
+
+inputs:
+  build-command:
+    description: The Maven command to build the project. The default is `package`.
+    required: false
+    # type: string  - `type` field is not supported (yet). See comment below.
+    default: package
+  run-tests:
+    description: Whether or not to run tests. The default is true.
+    required: false
+    # type: boolean  - This is not supported (yet). All inputs are of type `string`. See https://github.com/actions/runner/issues/2238.
+    default: 'true'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up JDK 17 for x64
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        architecture: x64
+        cache: maven
+        server-id: ossrh
+        server-username: CI_DEPLOY_USERNAME
+        server-password: CI_DEPLOY_PASSWORD
+    - name: Build with Maven
+      shell: bash
+      run: mvn -B -U clean ${{ inputs.build-command }}${{ inputs.run-tests == 'false' && ' -DskipTests' || '' }}
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,10 @@
+Please include a summary of the change and the issue/story number.
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- Bug fix (non-breaking change which fixes an issue)
+- New feature (non-breaking change which adds functionality)
+- Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- This change requires a documentation update
diff --git a/.github/workflows/cve-scanning.yml b/.github/workflows/cve-scanning.yml
@@ -0,0 +1,47 @@
+name: CVE Scanning
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'pom.xml'
+      - 'CVE-suppressions.xml'
+      - '.github/workflows/cve-scanning.yml'
+  pull_request:
+    paths:
+      - 'pom.xml'
+      - 'CVE-suppressions.xml'
+      - '.github/workflows/cve-scanning.yml'
+
+# Cancel previous jobs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  depcheck:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: ./.github/actions/maven-build
+      with:
+        run-tests: false
+    - name: CVE scanning
+      uses: dependency-check/Dependency-Check_Action@1.1.0
+      env:
+        JAVA_HOME: /opt/jdk
+      with:
+        project: ${{github.repository}}
+        path: '.'
+        format: 'HTML'
+        out: 'reports'
+        args: >
+          --suppression CVE-suppressions.xml
+          --failOnCVSS 7
+    - name: Upload results
+      uses: actions/upload-artifact@v4
+      with:
+        name: CVE Scan Report
+        path: ${{github.workspace}}/reports
diff --git a/.github/workflows/license-scanning.yml b/.github/workflows/license-scanning.yml
@@ -0,0 +1,88 @@
+name: License Scanning for Maven
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'pom.xml'
+      - '.github/workflows/license-scanning.yml'
+  pull_request:
+    paths:
+      - 'pom.xml'
+      - '.github/workflows/license-scanning.yml'
+
+# Cancel previous jobs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+env:
+  ALLOW_LICENSES: "
+    licenses/license/name!='Apache License, Version 2.0' and
+    not(contains(licenses/license/url, '://www.apache.org/licenses/LICENSE-2.0.txt')) and
+    
+    licenses/license/name!='BSD License' and
+    not(contains(licenses/license/url, 'antlr.org/license.html')) and
+    
+    licenses/license/name!='New BSD License' and
+    not(contains(licenses/license/url, '://www.opensource.org/licenses/bsd-license.php')) and
+    
+    licenses/license/name!='BSD-3-Clause' and
+    not(contains(licenses/license/url, '://asm.ow2.io/license.html')) and
+    licenses/license/name!='BSD License 3' and
+    not(contains(licenses/license/url, '://opensource.org/license/BSD-3-Clause')) and
+    
+    licenses/license/name!='Eclipse Public License - v 1.0' and
+    not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-v10.html')) and
+    
+    licenses/license/name!='Eclipse Public License - v 2.0' and
+    not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-v20.html')) and
+    not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-2.0')) and
+    
+    licenses/license/name!='GNU Lesser General Public License' and
+    not(contains(licenses/license/url, '://www.gnu.org/licenses/old-licenses/lgpl-2.1.html')) and
+    
+    licenses/license/name!='GNU General Public License (GPL), version 2, with the Classpath exception' and
+    not(contains(licenses/license/url, '://openjdk.java.net/legal/gplv2+ce.html')) and
+    
+    licenses/license/name!='The MIT License' and
+    not(contains(licenses/license/url, '://opensource.org/licenses/MIT')) and
+    not(contains(licenses/license/url, '://www.opensource.org/licenses/mit-license.php')) and
+    
+    licenses/license/name!='CDDL + GPLv2 with classpath exception' and
+    not(contains(licenses/license/url, '://github.com/javaee/javax.annotation/blob/master/LICENSE')) and
+    
+    licenses/license/name!='Public Domain'
+    "
+  REPORT_PATH: "target/generated-resources"
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install XQ
+      run: pip install xq
+    - uses: ./.github/actions/maven-build
+      with:
+        build-command: install
+        run-tests: false
+    - name: License XML report
+      run: mvn org.codehaus.mojo:license-maven-plugin:2.4.0:aggregate-download-licenses
+    - name: Validate XML report
+      run: |
+        LICENSE_REPORT=`xq "//dependency[${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}/licenses.xml`
+        LINES_FOUND=`echo "$LICENSE_REPORT" | wc -l`
+        if [ $LINES_FOUND -gt 1 ]; then echo "License issues found ..." ; echo "$LICENSE_REPORT" ; exit -1; fi
+    - name: Upload license reports
+      uses: actions/upload-artifact@v4
+      with:
+        name: license-reports
+        path: '**/${{ env.REPORT_PATH }}/'
+    - name: Upload license XML reports
+      uses: actions/upload-artifact@v4
+      with:
+        name: license-xml-reports
+        path: '**/${{ env.REPORT_PATH }}/licenses.xml'
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 # Rune Common
 
-Rune Common is a java library that is utilised by [Rosetta Code Generators](https://github.com/REGnosys/rosetta-code-generators) and models expressed in the [Rune DSL](https://github.com/finos/rune-dsl).
+Rune Common is a java library that is utilised by [Rune Code Generators](https://github.com/REGnosys/rosetta-code-generators) and models expressed in the [Rune DSL](https://github.com/finos/rune-dsl) the main `Rune` project.
 
 ## Installation
 
@@ -35,7 +35,7 @@ For any questions, bugs or feature requests please open an [issue](https://githu
 For anything else please send an email to {project mailing list}.
 
 To submit a contribution:
-1. Fork it (<https://github.com/finos/rune-common/fork>)
+1. Fork it (<https://github.com/REGnosys/rosetta-common/fork>)
 2. Create your feature branch (`git checkout -b feature/fooBar`)
 3. Read our [contribution guidelines](.github/CONTRIBUTING.md) and [Community Code of Conduct](https://www.finos.org/code-of-conduct)
 4. Commit your changes (`git commit -am 'Add some fooBar'`)

diff --git a/codefresh.yml b/codefresh.yml
@@ -57,13 +57,13 @@ steps:
       - mvn -s settings.xml -U -B clean deploy -P gpg
 
   NotifySlackOnFail:
-    title: Trigger Slack dev channel notification if master build failed
+    title: Trigger Slack dev channel notification if main build failed
     stage: 'finalise'
     image: codefresh/cli
     when:
       branch:
         only:
-          - master
+          - main
       steps:
         - name: Build
           on:
@@ -107,17 +107,17 @@ steps:
       - git push https://${{REGNOSYS_OPS}}:${{REGNOSYS_OPS_TOKEN}}@github.com/REGnosys/${{CF_REPO_NAME}}.git ${{RELEASE_NAME}}
 
   StartNextBuild:
-    title: Build rosetta-components if on master
+    title: Build rosetta-testing if on main
     stage: 'finalise'
     image: codefresh/cli
     when:
       branch:
         only:
-          - master
+          - main
       condition:
         all:
           buildPassed: steps.Build.result == 'success'
           variableDefined: "${{TAG_REPO}} == false"
           skipNextBuild: "${{SKIP_NEXT_BUILD}} == false"
     commands:
-      - codefresh run REGnosys/rosetta-testing/rosetta-testing --branch master --trigger REGnosys/rosetta-testing --detach
+      - codefresh run REGnosys/rosetta-testing/rosetta-testing --branch main --trigger REGnosys/rosetta-testing --detach