diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..0177685 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,45 @@ +name: "CodeQL Advanced" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '22 2 * * 2' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + security-events: write + packages: read + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + - language: java-kotlin + # With 'build-mode: none', only Java is analyzed. + # Switch to 'autobuild' or 'manual' to analyze Kotlin as well. + build-mode: none + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + category: "/language:${{matrix.language}}" diff --git a/README.md b/README.md index b51f410..17f8211 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # ๐Ÿงช RESTful API with Java and Spring Boot [![Java CI with Maven](https://github.com/nanotaboada/java.samples.spring.boot/actions/workflows/maven.yml/badge.svg)](https://github.com/nanotaboada/java.samples.spring.boot/actions/workflows/maven.yml) +[![CodeQL Advanced](https://github.com/nanotaboada/java.samples.spring.boot/actions/workflows/codeql.yml/badge.svg)](https://github.com/nanotaboada/java.samples.spring.boot/actions/workflows/codeql.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=nanotaboada_java.samples.spring.boot&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=nanotaboada_java.samples.spring.boot) [![codecov](https://codecov.io/gh/nanotaboada/java.samples.spring.boot/branch/master/graph/badge.svg?token=D3FMNG0WOI)](https://codecov.io/gh/nanotaboada/java.samples.spring.boot) [![CodeFactor](https://www.codefactor.io/repository/github/nanotaboada/java.samples.spring.boot/badge)](https://www.codefactor.io/repository/github/nanotaboada/java.samples.spring.boot) @@ -47,7 +48,7 @@ Proof of Concept for a RESTful Web Service built with **Spring Boot 4** targetin ## Tech Stack | Component | Technology | -|-----------|------------| +| --------- | ---------- | | **Framework** | [Spring Boot](https://github.com/spring-projects/spring-boot) 4.0.0 | | **Runtime** | [Java](https://github.com/openjdk/jdk) (JDK 25 LTS) | | **Build Tool** | [Maven](https://github.com/apache/maven) | @@ -64,7 +65,7 @@ Proof of Concept for a RESTful Web Service built with **Spring Boot 4** targetin ## Project Structure -``` +```tree src/main/java/ar/com/nanotaboada/java/samples/spring/boot/ โ”œโ”€โ”€ Application.java # Main entry point, @SpringBootApplication โ”œโ”€โ”€ controllers/ # REST endpoints (@RestController) @@ -313,7 +314,7 @@ springdoc.api-docs.path=/v3/api-docs springdoc.swagger-ui.path=/swagger/index.html ``` -### Testing +### Testing (Local) Configuration in `src/test/resources/application.properties`: @@ -330,7 +331,7 @@ spring.jpa.hibernate.ddl-auto=create-drop ## Command Summary | Command | Description | -|---------|-------------| +| ------- | ----------- | | `./mvnw clean compile` | Clean and compile the project | | `./mvnw test` | Run tests without coverage | | `./mvnw verify` | Run tests with JaCoCo coverage |