From 7e3ccf372e206f943765fd824a79e49da2786a8e Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:11:18 +0200 Subject: [PATCH 01/18] Add pull request template to standardize contributions. --- .github/pull_request_template.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..fd90986 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,9 @@ +Closes #issuenumber(s). + +### Changes + + +### How Was This Patch Tested? + +- [ ] Unit tests +- [ ] Manual executed tests From 32395dd27df533ebc3970eef816176f51902c29b Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:11:50 +0200 Subject: [PATCH 02/18] Add bug report template to standardize issue reporting --- .github/ISSUE_TEMPLATE/bug_report_template.md | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report_template.md diff --git a/.github/ISSUE_TEMPLATE/bug_report_template.md b/.github/ISSUE_TEMPLATE/bug_report_template.md new file mode 100644 index 0000000..b38bdf6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report_template.md @@ -0,0 +1,29 @@ +--- +name: Bug Report +about: Use this template for reporting a bug +labels: needs triage, bug report +--- + +### Description + + +### Affected Linter Version + + +### To Reproduce + + +### Expected Behavior + + +### Actual Behavior + + +### Linter Output / Error Message + +``` +Paste linter output or stack trace here ... +``` + +### Screenshots + From d4aff0a1a4fbffc82df04511394b3444367caafb Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:12:02 +0200 Subject: [PATCH 03/18] Add feature request template to standardize new feature suggestions --- .github/ISSUE_TEMPLATE/feature_request_template.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/feature_request_template.md diff --git a/.github/ISSUE_TEMPLATE/feature_request_template.md b/.github/ISSUE_TEMPLATE/feature_request_template.md new file mode 100644 index 0000000..44b0354 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request_template.md @@ -0,0 +1,14 @@ +--- +name: Feature Request +about: Use this template if you want to request a new feature or linting rule +labels: needs triage, enhancement +--- + +### Related Problem + + +### Proposed Solution + + +### Additional Context + From 2784f41088bdd22f614147357db99e137483306f Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:12:33 +0200 Subject: [PATCH 04/18] Add issue template configuration to guide users on documentation and support resources --- .github/ISSUE_TEMPLATE/config.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/config.yml diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..84c4f66 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: true +contact_links: + - name: DSF Documentation + url: https://dsf.dev/process-development/linter-tool/linter-tool.html + about: Read the DSF Linter documentation. + - name: Getting Help + url: https://github.com/datasharingframework/dsf-linter/discussions + about: For general questions about the DSF Linter, please use GitHub Discussions. From 450461cfd9d1c0ed71ca1275cddda6ec26cc6452 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:12:48 +0200 Subject: [PATCH 05/18] Add Dependabot configuration for dependency and GitHub Actions updates --- .github/dependabot.yml | 44 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..84eb421 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,44 @@ +version: 2 +updates: + # Java / Maven dependencies + - package-ecosystem: "maven" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + day: "sunday" + open-pull-requests-limit: 10 + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + groups: + fhir: + patterns: + - "hapi-fhir*" + - "org.hl7.fhir*" + slf4j: + patterns: + - "org.slf4j*" + testing-tools: + patterns: + - "org.junit*" + - "org.mockito*" + safe-patch-updates: + update-types: + - "patch" + remaining-minor-updates: + update-types: + - "minor" + + # GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + day: "sunday" + open-pull-requests-limit: 5 + groups: + github-actions: + patterns: + - "*" From e75c28df419e7c484fe1c063c39b273e76c179f3 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:13:16 +0200 Subject: [PATCH 06/18] Add CodeQL workflow for security and quality analysis --- .github/workflows/codeql.yml | 54 ++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..471259b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,54 @@ +name: CodeQL Analysis + +on: + push: + branches: [ "main", "develop" ] + pull_request: + branches: [ "main", "develop" ] + schedule: + - cron: '11 15 * * 0' # Sundays, 15:11 + +permissions: {} + +jobs: + codeql: + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + - language: java-kotlin + build-mode: manual + name: 'codeql: ${{ matrix.language }}' + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK 25 + if: ${{ matrix.language == 'java-kotlin' }} + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-version: 25 + cache: 'maven' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + queries: security-extended, security-and-quality + + - name: Build with Maven + if: ${{ matrix.language == 'java-kotlin' }} + run: mvn package --batch-mode --fail-at-end -DskipTests + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: '/language:${{ matrix.language }}' From b0a2b0e695bf64ca9d971745e5f10537a99e8051 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 14:13:21 +0200 Subject: [PATCH 07/18] Add CodeQL workflow for security and quality analysis --- .github/workflows/build.yml | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..409ece2 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,38 @@ +name: DSF Linter Build + +on: + push: + branches: [ "main", "develop", "release/*", "hotfix/*" ] + tags: + - v[0-9]+.[0-9]+.[0-9]+ + - v[0-9]+.[0-9]+.[0-9]+-M[0-9]+ + - v[0-9]+.[0-9]+.[0-9]+-RC[0-9]+ + pull_request: + branches: [ "main", "develop" ] + schedule: + - cron: '11 15 * * 0' # Sundays, 15:11 + +permissions: {} + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK 25 + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-version: 25 + cache: 'maven' + + - name: Build with Maven + run: mvn verify --batch-mode --fail-at-end From c255af6b4a4af2946d321bc3997eff93b4326fde Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 20:41:21 +0200 Subject: [PATCH 08/18] Update POM files for Maven Central compatibility and improved project metadata - Refine project groupId and organization details. - Add SCM and developer metadata. - Configure Maven plugins for source, Javadoc, and artifact signing. - Include distribution and release management profiles. - Update dependency declarations for consistency. --- linter-cli/pom.xml | 10 ++-- linter-core/pom.xml | 39 +++++++++---- pom.xml | 135 ++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 162 insertions(+), 22 deletions(-) diff --git a/linter-cli/pom.xml b/linter-cli/pom.xml index 9c19482..beaf64f 100644 --- a/linter-cli/pom.xml +++ b/linter-cli/pom.xml @@ -5,7 +5,7 @@ 4.0.0 - dev.dsf.utils.linter + dev.dsf.linter dsf-linter 0.1.2 @@ -13,14 +13,13 @@ linter-cli - 25 - 25 - UTF-8 + + true - dev.dsf.utils.linter + dev.dsf.linter linter-core ${project.version} @@ -48,7 +47,6 @@ org.apache.maven.plugins maven-shade-plugin - 3.4.1 package diff --git a/linter-core/pom.xml b/linter-core/pom.xml index 17ab91c..ed76a58 100644 --- a/linter-core/pom.xml +++ b/linter-core/pom.xml @@ -9,7 +9,7 @@ - dev.dsf.utils.linter + dev.dsf.linter dsf-linter 0.1.2 @@ -17,12 +17,6 @@ linter-core - - 25 - 25 - UTF-8 - - 1.15.8 @@ -156,11 +150,38 @@ + + + org.apache.maven.plugins + maven-source-plugin + + + attach-sources + + jar-no-fork + + + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + + attach-javadocs + + jar + + + + + org.apache.maven.plugins maven-shade-plugin - 3.4.1 package @@ -189,9 +210,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.0.0-M9 - -Dnet.bytebuddy.experimental=true diff --git a/pom.xml b/pom.xml index 28787fd..d93b823 100644 --- a/pom.xml +++ b/pom.xml @@ -4,32 +4,155 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - dev.dsf.utils.linter + dev.dsf.linter dsf-linter 0.1.2 pom + DSF Linter + Linting tool for DSF plugins that validates BPMN, FHIR, and plugin configuration from JAR artifacts, with HTML/JSON reports. + https://dsf.dev/process-development/linter-tool/linter-tool.html + Apache License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 repo - Heilbronn University of Applied Sciences + GECKO Institute, Heilbronn University of Applied Sciences + https://www.hs-heilbronn.de + + + Khalil Malla + dsf-gecko@hs-heilbronn.de + GECKO Institute, Heilbronn University of Applied Sciences + https://www.hs-heilbronn.de + + + + + scm:git:git://github.com/datasharingframework/dsf-linter.git + scm:git:ssh://github.com/datasharingframework/dsf-linter.git + https://github.com/datasharingframework/dsf-linter/tree/main + + linter-core linter-cli - 25 - 25 UTF-8 - \ No newline at end of file + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.15.0 + + 25 + + + + org.apache.maven.plugins + maven-source-plugin + 3.4.0 + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.12.0 + + none + true + + + + org.apache.maven.plugins + maven-surefire-plugin + 3.5.4 + + + org.apache.maven.plugins + maven-shade-plugin + 3.6.1 + + + org.apache.maven.plugins + maven-gpg-plugin + 3.2.8 + + + org.sonatype.central + central-publishing-maven-plugin + 0.10.0 + + + + + + + + central + Maven Central + https://central.sonatype.com/api/v1/publisher + + + github + GitHub Packages + https://maven.pkg.github.com/datasharingframework/dsf-linter + + + + + + release + + + + + org.apache.maven.plugins + maven-gpg-plugin + + + sign-artifacts + verify + + sign + + + + --pinentry-mode + loopback + + + + + + + + org.sonatype.central + central-publishing-maven-plugin + true + + + central + + false + validated + + + + + + + + From 2cfdb034b6c213dd8e14c2abbae1b574b3ab4129 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Wed, 29 Apr 2026 20:42:16 +0200 Subject: [PATCH 09/18] Add Maven publish workflow for automated artifact deployment to Maven Central --- .github/workflows/maven-publish.yml | 54 +++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/maven-publish.yml diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml new file mode 100644 index 0000000..bdd8bd4 --- /dev/null +++ b/.github/workflows/maven-publish.yml @@ -0,0 +1,54 @@ +name: DSF Linter Publish with Maven + +on: + pull_request: + types: closed + branches: [ "main" ] + +jobs: + publish: + # Only run if pull requests are merged, omit running if pull requests are closed without merging + if: github.event.pull_request.merged + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK 21 + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-version: 21 + cache: 'maven' + + - name: Import GPG key + run: | + echo "${{ secrets.MAVEN_GPG_PRIVATE_KEY }}" | gpg --batch --import + gpg --list-secret-keys --keyid-format LONG + + - name: Create Maven settings.xml with Sonatype credentials + run: | + mkdir -p ~/.m2 + cat > ~/.m2/settings.xml < + + + central + ${{ secrets.OSSRH_USERNAME }} + ${{ secrets.OSSRH_TOKEN }} + + + + EOF + + - name: Publish to Maven Central + env: + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + run: mvn --batch-mode --fail-at-end -P release -Dgpg.passphrase="${MAVEN_GPG_PASSPHRASE}" clean deploy From 4d6b17bdf126a109f27354f9e909cd26dc442fec Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 17:59:11 +0200 Subject: [PATCH 10/18] Remove CodeQL and Maven publish workflows --- .github/workflows/codeql.yml | 54 ----------------------------- .github/workflows/maven-publish.yml | 54 ----------------------------- 2 files changed, 108 deletions(-) delete mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/maven-publish.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 471259b..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: CodeQL Analysis - -on: - push: - branches: [ "main", "develop" ] - pull_request: - branches: [ "main", "develop" ] - schedule: - - cron: '11 15 * * 0' # Sundays, 15:11 - -permissions: {} - -jobs: - codeql: - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - strategy: - fail-fast: false - matrix: - include: - - language: actions - build-mode: none - - language: java-kotlin - build-mode: manual - name: 'codeql: ${{ matrix.language }}' - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up JDK 25 - if: ${{ matrix.language == 'java-kotlin' }} - uses: actions/setup-java@v4 - with: - distribution: 'zulu' - java-version: 25 - cache: 'maven' - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - queries: security-extended, security-and-quality - - - name: Build with Maven - if: ${{ matrix.language == 'java-kotlin' }} - run: mvn package --batch-mode --fail-at-end -DskipTests - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: '/language:${{ matrix.language }}' diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml deleted file mode 100644 index bdd8bd4..0000000 --- a/.github/workflows/maven-publish.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: DSF Linter Publish with Maven - -on: - pull_request: - types: closed - branches: [ "main" ] - -jobs: - publish: - # Only run if pull requests are merged, omit running if pull requests are closed without merging - if: github.event.pull_request.merged - runs-on: ubuntu-latest - - permissions: - contents: read - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up JDK 21 - uses: actions/setup-java@v4 - with: - distribution: 'zulu' - java-version: 21 - cache: 'maven' - - - name: Import GPG key - run: | - echo "${{ secrets.MAVEN_GPG_PRIVATE_KEY }}" | gpg --batch --import - gpg --list-secret-keys --keyid-format LONG - - - name: Create Maven settings.xml with Sonatype credentials - run: | - mkdir -p ~/.m2 - cat > ~/.m2/settings.xml < - - - central - ${{ secrets.OSSRH_USERNAME }} - ${{ secrets.OSSRH_TOKEN }} - - - - EOF - - - name: Publish to Maven Central - env: - MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - run: mvn --batch-mode --fail-at-end -P release -Dgpg.passphrase="${MAVEN_GPG_PASSPHRASE}" clean deploy From 24ec4d4aa1cf9f6cf4659c0fd4341df1f93153da Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:00:06 +0200 Subject: [PATCH 11/18] Enhance pull request template with detailed contribution guidelines and testing instructions. --- .github/pull_request_template.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fd90986..bc38e0a 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,9 +1,30 @@ + + + + + Closes #issuenumber(s). ### Changes + ### How Was This Patch Tested? - + - [ ] Unit tests -- [ ] Manual executed tests +- [ ] Integration tests +- [ ] Manual executed tests \ No newline at end of file From d807fcbcb1fc93aee9a0a6291d6ce104308425ab Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:00:14 +0200 Subject: [PATCH 12/18] Refine bug report template with clearer guidance and additional sections for detailed issue reporting --- .github/ISSUE_TEMPLATE/bug_report_template.md | 40 +++++++++++++++---- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report_template.md b/.github/ISSUE_TEMPLATE/bug_report_template.md index b38bdf6..b444cc8 100644 --- a/.github/ISSUE_TEMPLATE/bug_report_template.md +++ b/.github/ISSUE_TEMPLATE/bug_report_template.md @@ -4,26 +4,52 @@ about: Use this template for reporting a bug labels: needs triage, bug report --- + + + + ### Description + + +### Affected DSF Linter Version + ### To Reproduce + -### Actual Behavior +### Expected Behavior + -### Linter Output / Error Message -``` -Paste linter output or stack trace here ... +### Logs + + +*CLI / Maven Output:* +```text +Log output here ... ``` ### Screenshots - + \ No newline at end of file From 369a510ea63e9478454b75f3b32625ffc86d5dfd Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:00:22 +0200 Subject: [PATCH 13/18] Refine feature request template with clearer guidance and improved structure --- .../ISSUE_TEMPLATE/feature_request_template.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/feature_request_template.md b/.github/ISSUE_TEMPLATE/feature_request_template.md index 44b0354..462ca56 100644 --- a/.github/ISSUE_TEMPLATE/feature_request_template.md +++ b/.github/ISSUE_TEMPLATE/feature_request_template.md @@ -1,14 +1,21 @@ --- name: Feature Request -about: Use this template if you want to request a new feature or linting rule +about: Use this template if you want to request a new feature labels: needs triage, enhancement --- -### Related Problem - + + -### Proposed Solution +### Related Problem + -### Additional Context +### Describe the Solution You’d Like + +### Describe Alternatives You’ve Considered + From 990607fb839565203ecc81dc2475459127489faf Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:00:44 +0200 Subject: [PATCH 14/18] Add new issue template for MII/NUM-related questions with Zulipchat link --- .github/ISSUE_TEMPLATE/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 84c4f66..c3b724a 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -6,3 +6,6 @@ contact_links: - name: Getting Help url: https://github.com/datasharingframework/dsf-linter/discussions about: For general questions about the DSF Linter, please use GitHub Discussions. + - name: MII / NUM Related Questions + url: https://mii.zulipchat.com/#narrow/channel/392426-Data-Sharing-Framework-.28DSF.29/topic/DSF.20Linter/with/574964964 + about: For questions about the use of the DSF Linter in the Medical Informatics Initiative (MII) or the Network University Medicine (NUM), please use the channels in the MII Zulipchat. From 9b2c45d0e44d6d020c8d34a96f42711b0ffafdd8 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:01:01 +0200 Subject: [PATCH 15/18] Update Dependabot configuration to adjust PR limits and add `jackson` dependency group --- .github/dependabot.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 84eb421..8d1769d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,11 +7,14 @@ updates: schedule: interval: "weekly" day: "sunday" - open-pull-requests-limit: 10 + open-pull-requests-limit: 15 ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] groups: + jackson: + patterns: + - "com.fasterxml.jackson*" fhir: patterns: - "hapi-fhir*" @@ -37,7 +40,7 @@ updates: schedule: interval: "weekly" day: "sunday" - open-pull-requests-limit: 5 + open-pull-requests-limit: 10 groups: github-actions: patterns: From 29d4300d0b9eac8d8b51cd74d3611d9ffcb62174 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:01:43 +0200 Subject: [PATCH 16/18] Revamp build workflow with new jobs for CodeQL, Maven quick and full builds, and automated deployment. --- .github/workflows/build.yml | 140 ++++++++++++++++++++++++++++++++++-- 1 file changed, 134 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 409ece2..8bafacd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,13 +2,14 @@ name: DSF Linter Build on: push: - branches: [ "main", "develop", "release/*", "hotfix/*" ] + branches: [ "release/*", "hotfix/*" ] tags: - v[0-9]+.[0-9]+.[0-9]+ - v[0-9]+.[0-9]+.[0-9]+-M[0-9]+ - v[0-9]+.[0-9]+.[0-9]+-RC[0-9]+ pull_request: branches: [ "main", "develop" ] + types: [opened, synchronize, reopened, closed] schedule: - cron: '11 15 * * 0' # Sundays, 15:11 @@ -18,21 +19,148 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true +env: + MVN_BATCH_MODE_FAIL_AT_END: --batch-mode --fail-at-end + MVN_SKIP_MOST: -P!generate-source-and-javadoc-jars -Dimpsort.skip=true -Dformatter.skip=true -Dlicense.skip=true -Denforcer.skip -Dmaven.buildNumber.skip=true -DskipShadePlugin=true + jobs: - build: + codeql: runs-on: ubuntu-latest permissions: contents: read + security-events: write + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + - language: java-kotlin + build-mode: manual + - language: javascript-typescript + build-mode: none + name: 'codeql: ${{ matrix.language }}' steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Set up JDK 25 + if: ${{ matrix.language == 'java-kotlin' }} + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + with: + distribution: 'zulu' + java-version: 25 + cache: 'maven' + - name: Initialize CodeQL + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + queries: security-extended, security-and-quality + - name: Minimal Maven Build + if: ${{ matrix.language == 'java-kotlin' }} + run: mvn package $MVN_BATCH_MODE_FAIL_AT_END $MVN_SKIP_MOST -DskipTests + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + with: + category: "/language:${{matrix.language}}" + + maven-quick: + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + version: ${{ steps.version.outputs.version }} + main: ${{ steps.main.outputs.main }} + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Set up JDK 25 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + with: + distribution: 'zulu' + java-version: 25 + cache: 'maven' + - name: Minimal Maven Build + run: mvn install $MVN_BATCH_MODE_FAIL_AT_END $MVN_SKIP_MOST -DskipTests -DbuildNumber=${GITHUB_SHA} -DscmBranch=${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}} + - name: Upload quick-build results + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: quick_build + path: | + ./**/target + - name: Get Maven project version + id: version + run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:3.6.3:exec)" >> $GITHUB_OUTPUT + - name: Checkout main branch + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: main + - name: Check if ref is main HEAD + id: main + run: echo "main=$( [ "$GITHUB_SHA" = "$(git rev-parse HEAD)" ] && echo true || echo false )" >> $GITHUB_OUTPUT + maven-full: + runs-on: ubuntu-latest + needs: maven-quick + permissions: + contents: read + strategy: + fail-fast: false + matrix: + mvn: + - name: JavaDoc + cmd: mvn javadoc:javadoc $MVN_BATCH_MODE_FAIL_AT_END -Dformatter.skip=true -Denforcer.skip -Dmaven.buildNumber.skip=true -DskipShadePlugin=true + - name: Formatter, Impsort, Enforcer + cmd: mvn compile test-compile $MVN_BATCH_MODE_FAIL_AT_END -Dmaven.buildNumber.skip=true + - name: Unit Tests + cmd: mvn dependency:properties surefire:test $MVN_BATCH_MODE_FAIL_AT_END $MVN_SKIP_MOST + name: ${{ matrix.mvn.name }} + timeout-minutes: 8 + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Download quick-build results + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: quick_build + path: ./ - name: Set up JDK 25 - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'zulu' java-version: 25 cache: 'maven' + - name: ${{ matrix.mvn.name }} + run: ${{ matrix.mvn.cmd }} - - name: Build with Maven - run: mvn verify --batch-mode --fail-at-end + maven-deploy: + if: ${{ !endsWith(needs.maven-quick.outputs.version, '-SNAPSHOT') && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }} + runs-on: ubuntu-latest + needs: [codeql, maven-quick, maven-full] + permissions: + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Download quick-build results + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: quick_build + path: ./ + - name: Set up JDK 25 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + with: + distribution: 'zulu' + java-version: 25 + cache: 'maven' + server-id: central + server-username: MAVEN_CENTRAL_USERNAME + server-password: MAVEN_CENTRAL_TOKEN + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: Deploy to Maven Central + run: mvn deploy -Dimpsort.skip=true -Dformatter.skip=true -Dlicense.skip=true -DskipTests -Ppublish-to-maven-central -Dmaven.buildNumber.skip=true -DbuildNumber=${GITHUB_SHA} -DscmBranch=${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}} + env: + MAVEN_CENTRAL_USERNAME: ${{ secrets.MAVEN_CENTRAL_USERNAME }} + MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} \ No newline at end of file From d356395f6a88323094b8bf9cd84b0899a40e9763 Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:25:05 +0200 Subject: [PATCH 17/18] chore(build): align Maven Central release configuration with DSF standard - Refactored profile structure in the root pom.xml to match the main DSF repository: - Renamed the `release` profile to `publish-to-maven-central` (handling GPG signing and Sonatype deployment). - Introduced a `generate-source-and-javadoc-jars` profile to centrally manage the attachment of source and javadoc artifacts for all deployable modules. - Removed the redundant `` entry for Maven Central from ``, as the `central-publishing-maven-plugin` manages the deployment directly. - Removed `maven-shade-plugin` from `linter-core/pom.xml` to prevent it from being built as a fat JAR. This ensures `linter-core` acts as a clean library and won't cause classpath collisions (e.g., with Spring, Camunda, or HAPI FHIR) when consumed by other projects. - Removed duplicated source and javadoc plugin executions from `linter-core/pom.xml` since they are now inherited from the parent POM. --- linter-core/pom.xml | 56 --------------------------------------------- pom.xml | 41 ++++++++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 62 deletions(-) diff --git a/linter-core/pom.xml b/linter-core/pom.xml index ed76a58..3c83208 100644 --- a/linter-core/pom.xml +++ b/linter-core/pom.xml @@ -150,62 +150,6 @@ - - - org.apache.maven.plugins - maven-source-plugin - - - attach-sources - - jar-no-fork - - - - - - - - org.apache.maven.plugins - maven-javadoc-plugin - - - attach-javadocs - - jar - - - - - - - - org.apache.maven.plugins - maven-shade-plugin - - - package - - shade - - - - - dev.dsf:dsf-bpe-process-api-v1 - dev.dsf:dsf-bpe-process-api-v2 - org.camunda.bpm:camunda-engine - ca.uhn.hapi.fhir:hapi-fhir-base - org.springframework:spring-beans - org.springframework:spring-core - org.springframework:spring-jcl - - - - - - - - org.apache.maven.plugins diff --git a/pom.xml b/pom.xml index d93b823..cced2c6 100644 --- a/pom.xml +++ b/pom.xml @@ -100,11 +100,6 @@ - - central - Maven Central - https://central.sonatype.com/api/v1/publisher - github GitHub Packages @@ -114,7 +109,41 @@ - release + generate-source-and-javadoc-jars + + true + + + + + org.apache.maven.plugins + maven-source-plugin + + + attach-sources + + jar-no-fork + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + + attach-javadocs + + jar + + + + + + + + + publish-to-maven-central From cf46d9514759e9a5c491a156f80b548d9a13ad7d Mon Sep 17 00:00:00 2001 From: khalilmalla95 Date: Tue, 12 May 2026 18:50:21 +0200 Subject: [PATCH 18/18] fix(core): add JAXB dependencies to resolve NoClassDefFoundError in tests - Added `jakarta.xml.bind-api` and `jaxb-runtime` to `linter-core/pom.xml`. - JAXB is no longer included in the standard JDK since Java 11. Because the project targets Java 25, these libraries must be provided explicitly. - This resolves a `java.lang.NoClassDefFoundError: jakarta/xml/bind/annotation/XmlElement` that caused the GitHub Actions unit test job to fail during `DsfMultiPluginLinterTest`, as the HAPI FHIR module requires JAXB at runtime. --- linter-core/pom.xml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/linter-core/pom.xml b/linter-core/pom.xml index 3c83208..19d98ae 100644 --- a/linter-core/pom.xml +++ b/linter-core/pom.xml @@ -144,7 +144,18 @@ runtime - + + + jakarta.xml.bind + jakarta.xml.bind-api + 4.0.5 + + + org.glassfish.jaxb + jaxb-runtime + 4.0.8 + runtime +