diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ed1e4591..0079c9ca 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,6 @@ +# This workflow is designed to automate the update process for various package ecosystems, +# ensuring that dependencies are kept up-to-date with regular checks. +# # For more details about configuring Dependabot, see full documentations here: # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates @@ -5,11 +8,11 @@ version: 2 updates: # Configuration for pip - package-ecosystem: "pip" - directory: "/" + directory: "/" # Search for "requirements.txt" on root directory schedule: interval: "daily" commit-message: - prefix: "pip updated" + prefix: "pip" include: "scope" labels: - "dependencies" @@ -18,11 +21,24 @@ updates: # Configuration for GitHub Actions - package-ecosystem: "github-actions" - directory: "/" + directory: "/" # Search for ".github/workflows" on root directory schedule: interval: "daily" commit-message: - prefix: "GitHub Actions updated" + prefix: "GH Actions" + include: "scope" + labels: + - "dependencies" + assignees: + - "mitsuki31" + + # Configuration for Maven + - package-ecosystem: "maven" + directory: "/" # Search for "pom.xml" on root directory + schedule: + interval: "weekly" + commit-message: + prefix: "Maven" include: "scope" labels: - "dependencies" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 280c185b..57942867 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -1,9 +1,10 @@ -name-template: 'Release v$RESOLVED_VERSION' +name-template: 'v$RESOLVED_VERSION' tag-template: 'v$RESOLVED_VERSION' + # Categories filter categories: # New Features - - title: '🚀 New Features' + - title: '🚀 Features & Enhancements' labels: - 'feature' - 'enhancement' @@ -27,13 +28,44 @@ categories: - title: '⛔ Removed' labels: - 'remove' + - 'deprecate' # Dependencies Updates - title: '🧩 Dependencies' labels: - 'dependencies' + - 'deps' exclude-labels: - 'skip-changelog' +# Auto Labeler +autolabeler: + # Documentation + - label: 'documentation' + files: + - '*.md' + branch: + - '/docs\/.+/' + - '/updatedocs\/.+/' + # Bug Fixes + - label: 'bugfix' + branch: + - '/fix\/.+/' + - '/fixes\/.+/' + # Enhancements / New Features + - label: 'enhancement' + branch: + - '/feature\/.+/' + - '/features\/.+/' + + # Changes on Java code + - label: 'lang:java' + files: + - '*.java' + # Changes on Python code + - label: 'lang:python' + files: + - '*.py' + change-template: '- $TITLE (#$NUMBER) - @$AUTHOR' change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. version-resolver: @@ -52,5 +84,21 @@ template: | $CHANGES - For more details, see [full changelogs](https://github.com/mitsuki31/jmatrix/compare/$PREVIOUS_TAG...$NEXT_MINOR_VERSION) + For more details, see the [full changelogs][changelogs]. + + ## 🚧 Issues + + Report any issues or have any suggestions? [Create new issue][new-issue] and help us improve **JMatrix**. + + --- + + 🛡ī¸ [VirusTotal][virustotal] Scan Detections: + + - jmatrix-$RESOLVED_VERSION.jar + - jmatrix-$RESOLVED_VERSION_with_sources.jar + + + [changelogs]: https://github.com/mitsuki31/jmatrix/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION + [new-issue]: https://github.com/mitsuki31/jmatrix/issues/new + [virustotal]: https://www.virustotal.com diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 89a4bb15..504945a8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,92 +1,69 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. +# This workflow focuses on enhancing code security and identifying +# potential vulnerabilities in the Java codebase. The workflow is triggered +# by push events to the "master" and "release" branches, as well as by +# a weekly schedule. It targets Java source files located in the "src" directory. # -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. +# This workflow is crucial for maintaining code security and quality by +# regularly analyzing the Java codebase for vulnerabilities and providing +# insights to address potential security issues. # +# The workflow runs on both Ubuntu and Windows platforms for comprehensive +# code portability checks. + name: "CodeQL" on: push: - branches: [ "master", "develop" ] + branches: [ "master", "release" ] + # Only run when the specific file(s) are changed paths: - - 'src/' - - '**/*.java' - - '**/*.py' + - 'src/**/*.java' # All Java source files + pull_request: # The branches below must be a subset of the branches above - branches: [ "master", "develop" ] + branches: [ "master", "release" ] + # Only run when the specific file(s) are changed paths: - - 'src/' - - '**/*.java' - - '**/*.py' + - 'src/**/*.java' # All Java source files + schedule: - cron: '30 7 * * 6' jobs: analyze: - name: Analyze Code - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + name: ${{ matrix.os }} / Analyze Code + runs-on: ${{ matrix.os }}-latest permissions: actions: read contents: read security-events: write + env: + language: java + java-dist: temurin + java-version: 11 + strategy: fail-fast: false matrix: - language: [ 'java', 'python' ] + os: [Ubuntu, Windows] # Run on Ubuntu and Windows steps: - name: Checkout Repository uses: actions/checkout@v3 # Setup the Java Virtual Machine - - name: Setup JVM - if: ${{ matrix.language == 'java' }} + - name: Setup JVM / ${{ matrix.os }} uses: actions/setup-java@v3 with: - distribution: temurin - java-version: '11' - - # Setup the Python - - name: Setup Python - if: ${{ matrix.language == 'python' }} - uses: actions/setup-python@v3 - with: - python-version: '3.7' - - # Install and setup Python dependencies - - name: Install Python Dependencies - if: ${{ matrix.language == 'python' }} - run: | - python -m pip install --upgrade pip - if [ -f requirements.txt ]; then - pip install -r requirements.txt; - fi - echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV + distribution: ${{ env.java-dist }} + java-version: ${{ env.java-version }} # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL + - name: Initialize CodeQL / ${{ matrix.os }} uses: github/codeql-action/init@v2 with: - languages: ${{ matrix.language }} - # Only run if CodeQL detecting Python - if: ${{ matrix.language == 'python' }} - setup-python-dependencies: false - - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - + languages: ${{ env.language }} # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) @@ -96,14 +73,22 @@ jobs: # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # Now CodeQL will checking the code with Maven - # instead checking it separately. - - name: Build the Project with Maven + - name: Caching Dependencies / ${{ matrix.os }} + uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven-${{ hashfiles('**/pom.xml') }} + ${{ runner.os }}-maven- + + - name: Build Project / ${{ matrix.os }} run: | echo "Building the project..." - mvn clean install + mvn clean install -Dskiptests # Installing necessary packages without testing + mvn test - - name: Perform CodeQL Analysis + - name: Perform CodeQL Analysis / ${{ matrix.os }} uses: github/codeql-action/analyze@v2 with: - category: "/language:${{ matrix.language }}" + category: "/language:${{ env.language }}" diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index 7190bce9..2bcd7521 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -1,32 +1,54 @@ +# This workflow focuses on ensuring the quality and consistency of Python code +# in the repository. It is triggered by both push and pull request events. +# The workflow runs on both Ubuntu and Windows platforms, covering Python +# versions 3.7 and 3.x (latest version). +# +# This workflow helps maintain code quality and adherence to coding standards +# by regularly analyzing the Python codebase and providing insights into +# potential issues or areas for improvement. +# +# NOTE: +# The Python code is analyzed using a custom configuration file (`.pylintrc`). +# The configuration file can be found on the root of this repository. + name: PyLint on: [push, pull_request] jobs: build: - runs-on: ubuntu-latest + name: ${{ matrix.os }} / ${{ matrix.python-version }} + runs-on: ${{ matrix.os }}-latest + strategy: matrix: - python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"] + os: [Ubuntu, Windows] # Run on Ubuntu and Windows + python-version: ["3.7", "3.x"] # Run on Py3.7 and the latest version + steps: # Checkout the repo - name: Checkout repository uses: actions/checkout@v3 - + # Setup Python - name: Set up Python ${{ matrix.python-version }} + id: setup-py uses: actions/setup-python@v3 with: python-version: ${{ matrix.python-version }} - - # Install the dependencies + architecture: x64 + cache: 'pip' + cache-dependency-path: '**/requirements.txt' + + # Update pip and install the PyLint - name: Install dependencies + if: ${{ steps.setup-py.outputs.cache-hit != true }} run: | echo "Updating 'pip'..." python -m pip install --upgrade pip echo "Installing 'pylint'..." pip install pylint - + # Analyze the Python code - name: Analyzing the code with pylint run: | diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 5ddee858..a4ce1522 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -1,3 +1,17 @@ +# The "Release Drafter" workflow automates the process of drafting +# new releases by generating release notes based on pull requests +# and commits. This workflow is triggered when changes are pushed to +# the `master` branch and when pull requests are opened, reopened, +# or synchronized. +# +# This workflow streamlines the process of creating informative and organized +# release notes for each new version of the project. It ensures that +# the release notes accurately reflect the changes introduced by pull requests +# and commits, enhancing transparency and communication with users and contributors. +# +# For more details about Release Drafter, consider refer to link below. +# https://github.com/release-drafter/release-drafter + name: Release Drafter on: @@ -5,7 +19,7 @@ on: # branches to consider in the event; optional, defaults to all branches: - master - # - develop + # pull_request event is required only for autolabeler pull_request: # Only following types are handled by the action, but one can default to all as well diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 00000000..57f29ca2 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,167 @@ +name: Project Tester + +on: + # Run on push, pull request, and manual trigger + push: + # Only run when the specific files are changed + paths: + - 'src/**/*.java' # Java files + - 'src/**/*.py' # Python files + + # Unlike push, the workflow always runs on pull requests + pull_request: + + # The workflow also can be triggered manually, and choose whether + # to run with or without debug mode + workflow_dispatch: + inputs: + debug: + description: 'Debug Mode' + required: false + type: boolean + +jobs: + # ::---:: Maven Test ::---:: # + maven-test: + name: Maven Test / ${{ matrix.os }} + runs-on: ${{ matrix.os }}-latest + + env: + java-ver: 11 + java-dist: temurin + DEBUG: ${{ inputs.debug }} + + strategy: + matrix: + os: [Ubuntu, Windows] + + steps: + # Checkout repository + - name: Checkout repository + uses: actions/checkout@v3 + + # Caching Maven deps + - name: Cache Maven dependencies + id: cache-maven + uses: actions/cache@v2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + ${{ runner.os }}-maven- + + # Setup Java + - name: Setup Java / ${{ matrix.os }} + uses: actions/setup-java@v3 + with: + java-version: ${{ env.java-ver }} + distribution: ${{ env.java-dist }} + + # Install deps + - name: Install dependencies + if: ${{ steps.cache-maven.outputs.cache-hit != true && env.DEBUG != true }} + run: mvn install -DskipTests + + - name: Install dependencies (Debug) + if: ${{ steps.cache-maven.outputs.cache-hit != true && env.DEBUG == true }} + run: mvn install -DskipTests -X + + # Packaging with source files + - name: Package source + if: ${{ env.DEBUG != true }} + run: mvn package -P include-src + + - name: Package source (Debug) + if: ${{ env.DEBUG == true }} + run: mvn package -P include-src -X + + # Test + - name: Test project + if: ${{ env.DEBUG != true }} + run: mvn test + + - name: Test project (Debug) + if: ${{ env.DEBUG == true }} + run: mvn test -X + + # Clean up + - name: Clean up the project + run: mvn clean + + + # ::---:: Make Test ::---:: # + make-test: + name: Make Test + runs-on: ubuntu-latest + continue-on-error: true + + strategy: + matrix: + py-ver: ['3.7', '3.x'] + + env: + arch: x64 + DEPS_FILE: 'requirements.txt' + DEBUG: ${{ inputs.debug }} + + steps: + # Checkout + - name: Checkout repository + uses: actions/checkout@v3 + + # Setup Python + - name: Setup Python ${{ matrix.py-ver }} + id: setup-py + uses: actions/setup-python@v3 + with: + python-version: ${{ matrix.py-ver }} + architecture: ${{ env.arch }} + cache: 'pip' + cache-dependency-path: '**/${{ env.DEPS_FILE }}' + + # Install deps + - name: Install dependencies + if: ${{ steps.setup-py.outputs.cache-hit != true }} + run: | + if [ $DEBUG = 'true' ]; then + python -m pip install -r $DEPS_FILE --debug + else + python -m pip install -r $DEPS_FILE + fi + + # Sadly, Make cannot tests the project thoroughly due to unavailability + # of necessary packages (e.g "org.junit"), so here it just tests + # the project on compiling, packaging, and generating docs. + + # Compile + - name: Compile the project + run: | + [ -d target/classes ] && make clean + make compile VERBOSE=$DEBUG LINT=true + + # Package + - name: Packaging the project + run: | + make package VERBOSE=$DEBUG + + - name: Packaging the project (with source) + run: | + make package INCLUDE-SRC=true VERBOSE=$DEBUG + + # Build docs + - name: Build the docs + run: | + # Build docs + # For more information on debugging, we prefer to change it + # to "all" mode. + if [ $DEBUG = 'true' ]; then + make build-docs VERBOSE=all + else + make build-docs + fi + + # Clean up + - name: Clean up the project + run: | + [ -d target ] && echo "Clean the project" && make clean diff --git a/.github/workflows/virus-scan.yml b/.github/workflows/virus-scan.yml index 3483c5a0..c33bedad 100644 --- a/.github/workflows/virus-scan.yml +++ b/.github/workflows/virus-scan.yml @@ -1,4 +1,10 @@ -name: Scan Virus on Releases +# This workflow is triggered upon the publication of a release. +# It performs a virus scan on the released files using the VirusTotal API. +# Designed to enhance the security of the release process by performing +# virus scans on the released ".jar" files using the VirusTotal service. + + +name: VirusTotal Scan on: release: