[C4GT Community]: Configure GitHub Actions for Checkstyle code formatting and vulnerability scanning in AMRIT API repositories

[drtechie]

Ticket Contents

Description

To maintain code quality and security for AMRIT API repositories, we need to set up GitHub Actions workflows that perform code formatting checks using Checkstyle and vulnerability scanning with OWASP Dependency-Check. These workflows should ensure that code formatting issues are detected for changed files in pull requests, and vulnerability scanning is conducted when pom.xml changes. Merging of pull requests should be restricted unless these checks pass.

What You Will Learn:

As an intern, you will:

• Gain experience with GitHub Actions and CI/CD pipelines.
• Learn how to configure static code analysis and security scanning in Java projects.
• Develop skills in enforcing code quality and security practices.
• Work collaboratively with developers to ensure high standards in code quality.

Desired Skills:

• Basic knowledge of Java and Maven.
• Familiarity with GitHub Actions and CI/CD workflows.
• Understanding of static code analysis tools.
• Eagerness to learn and implement best practices in code quality and security.

Goals

Setup GitHub Actions for Checkstyle:

• Create a GitHub Actions workflow to run Checkstyle on pull requests.
• Configure the workflow to check code formatting for changed files only.
• Ensure that merging is blocked unless Checkstyle checks pass.

Setup GitHub Actions for OWASP Dependency-Check:

• Create a GitHub Actions workflow to run OWASP Dependency-Check.
• Configure the workflow to trigger only when pom.xml or pom.xml files change.
• Ensure that merging is blocked unless the vulnerability scan passes.

Expected Outcome

Fully functional GitHub Actions workflows that automatically check code formatting with Checkstyle and perform vulnerability scanning with OWASP Dependency-Check. These workflows will ensure that pull requests meet coding standards and are free of known vulnerabilities before merging.

Acceptance Criteria

Checkstyle Workflow:

• Checkstyle runs on changed files in pull requests.
• Merging is blocked unless Checkstyle checks pass without errors.

OWASP Dependency-Check Workflow:

• OWASP Dependency-Check runs when pom.xml changes.
• Merging is blocked unless no critical vulnerabilities are found.

Implementation Details

https://github.com/checkstyle/checkstyle
https://central.sonatype.com/artifact/org.owasp/dependency-check-maven/8.4.0/overview
https://github.com/marketplace/actions/dependency-check
https://github.com/marketplace?query=checkstyle

Mockups/Wireframes

NA

Product Name

AMRIT

Organisation Name

Piramal Swasthya Management Research Institute

Domain

Healthcare

Tech Skills Needed

CI/CD, Debugging, DevOps, Java, Security, Spring Boot

Mentor(s)

@drtechie

Complexity

Medium

Category

CI/CD, Documentation, Delpoyment

[RAJEEVKUMAR9598]

can you assign a healthcare ml model fir c4gt?

[Amrit02102004]

@RAJEEVKUMAR9598 Have you fixed the issue ?
If possible I would like to try

[RAJEEVKUMAR9598]

Today i will fix it

[gupta-soham]

@drtechie where is pom.xml located and isn't OWASP Dependency-Check a Java specific workflow? Should it trigger changes to package.json and yarn.lock instead?

[drtechie]

@gupta-soham this ticket is related to AMRIT API repositories.
All of are API repos based on Spring Boot and Java.
There is no relevance for npm package.json/yarn.lock here.
pom.xml file is located in the root of the projects.