AJ-1094: Initial Project Setup and Hello World CLI (#1)

undefined

Author: snf2ye

.github/workflows/build-and-test.yml

@@ -0,0 +1,101 @@
+name: Build and Test
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore: [ '*.md' ]
+  pull_request:
+    branches: [ '**' ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+
+      - name: Build all projects without running tests
+        run: ./gradlew --build-cache build -x test
+
+  source-clear:
+    needs: [ build ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+
+      - name: SourceClear scan
+        env:
+          SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }}
+        run: ./gradlew --build-cache srcclr
+
+  unit-tests-and-sonarqube:
+    needs: [ build ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        # Needed by sonar to get the git history for the branch the PR will be merged into.
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+      - name: Test with coverage
+        run: ./gradlew --build-cache test jacocoTestReport
+      - name: SonarQube scan for library
+        run: ./gradlew --build-cache :library:sonar --info
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: SonarQube scan for cli
+        run: ./gradlew --build-cache :cli:sonar --info
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  notify-slack:
+    needs: [ build, unit-tests-and-sonarqube, source-clear ]
+    runs-on: ubuntu-latest
+
+    if: failure() && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Notify slack on failure
+        uses: broadinstitute/[email protected]
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        with:
+          channel: '#dsp-analysis-journeys-alerts'
+          status: failure
+          author_name: Build on dev
+          fields: job,message
+          text: 'Build failed :sadpanda:'
+          username: 'Java-PFB GitHub Action'
+
+  dispatch-tag:
+    needs: [ build, unit-tests-and-sonarqube, source-clear ]
+    runs-on: ubuntu-latest
+
+    if: success() && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Fire off tag action
+        uses: broadinstitute/workflow-dispatch@v1
+        with:
+          workflow: Tag
+          token: ${{ secrets.BROADBOT_TOKEN }}

.github/workflows/publish.yml

@@ -0,0 +1,50 @@
+name: Publish and deploy
+on: create
+
+env:
+  SERVICE_NAME: ${{ github.event.repository.name }}
+  GOOGLE_PROJECT: broad-dsp-gcr-public
+
+jobs:
+  publish-job:
+    if: startsWith(github.ref, 'refs/tags/')
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - name: Enable publish with AJ-1095
+        run: echo "TODO"
+#      - uses: actions/checkout@v3
+#      - name: Set up JDK
+#        uses: actions/setup-java@v3
+#        with:
+#          java-version: '17'
+#          distribution: 'temurin'
+#          cache: 'gradle'
+
+#      - name: Parse tag
+#        id: tag
+#        run: echo "tag=$(git describe --tags)" >> $GITHUB_OUTPUT
+#
+#      - name: Publish to Artifactory
+#        run: ./gradlew --build-cache :client:artifactoryPublish
+#        env:
+#          ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
+#          ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
+#          ARTIFACTORY_REPO_KEY: "libs-release-local"
+#
+#      - name: Notify slack on failure
+#        uses: broadinstitute/[email protected]
+#        if: failure()
+#        env:
+#          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+#        with:
+#          channel: '#dsp-analysis-journeys-alerts'
+#          status: failure
+#          author_name: Publish to dev
+#          fields: job
+#          text: 'Publish failed :sadpanda:'
+#          username: 'Java-PFB GitHub Action'

.github/workflows/tag.yml

@@ -0,0 +1,22 @@
+name: Tag
+on: workflow_dispatch
+
+jobs:
+  tag-job:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout current code
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.BROADBOT_TOKEN }} # this allows the push to succeed later
+      - name: Bump the tag to a new version
+        # https://github.com/DataBiosphere/github-actions/tree/master/actions/bumper
+        uses: databiosphere/github-actions/actions/[email protected]
+        id: tag
+        env:
+          GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
+          HOTFIX_BRANCHES: hotfix.*
+          DEFAULT_BUMP: minor
+          RELEASE_BRANCHES: main
+          VERSION_FILE_PATH: settings.gradle
+          VERSION_LINE_MATCH: "^\\s*gradle.ext.releaseVersion\\s*=\\s*'.*'"

.gitignore

@@ -0,0 +1,38 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+bootrun.log
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+# Emacs backup files #
+*.*~
+
+### IntelliJ IDEA ###
+.idea/
+*.iml
+
+### VS Code ###
+.vscode/
+
+# Mac directory metadata
+.DS_Store
+
+# PyEnv environment files
+.env/
+
+# Ignore generated credentials from google-github-actions/auth
+gha-creds-*.json

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2023, Broad Institute
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -1 +1,40 @@
-# java-pfb
+# Java-PFB
+
+A java implementation of the [pyPFB](https://github.com/uc-cdis/pypfb) library that includes a CLI and a java library. 
+
+The CLI is a wrapper around the library. See the [CLI README](cli/README.md) for more information.
+
+## Running SourceClear locally
+
+[SourceClear](https://srcclr.github.io) is a static analysis tool that scans a project's Java
+dependencies for known vulnerabilities. If you get a build failure due a SourceClear error and want
+to debug the problem locally, you need to get the API token from vault before running the gradle
+task.
+
+```shell
+export SRCCLR_API_TOKEN=$(vault read -field=api_token secret/secops/ci/srcclr/gradle-agent)
+./gradlew srcclr
+```
+
+Results of the scan are uploaded to [Defect DOJO](https://defectdojo.dsp-appsec.broadinstitute.org/dashboard).
+
+## Running SonarQube locally
+
+[SonarQube](https://www.sonarqube.org) is a static analysis code that scans code for a wide
+range of issues, including maintainability and possible bugs. If you get a build failure due to
+SonarQube and want to debug the problem locally, you need to get the the sonar token from vault
+before runing the gradle task.
+
+```shell
+export SONAR_TOKEN=$(vault read -field=sonar_token secret/secops/ci/sonarcloud/java-pfb)
+./gradlew sonar
+```
+
+Unlike SourceClear, running this task produces no output unless your project has errors. To always
+generate a report, run using `--info`:
+
+```shell
+./gradlew sonar --info
+```
+
+We run the scans for two projects: [java-pfb](https://sonarcloud.io/project/overview?id=DataBiosphere_java-pfb) and [java-pfb-cli](https://sonarcloud.io/project/overview?id=DataBiosphere_java-pfb-cli). The results are uploaded to the sonarcloud dashbaord. 

buildSrc/build.gradle

@@ -0,0 +1,14 @@
+plugins {
+    id 'groovy-gradle-plugin'
+}
+
+repositories {
+    gradlePluginPortal()
+}
+
+dependencies {
+    implementation 'com.diffplug.spotless:spotless-plugin-gradle:6.11.0'
+    implementation 'com.srcclr.gradle:com.srcclr.gradle.gradle.plugin:3.1.12'
+    implementation 'org.sonarqube:org.sonarqube.gradle.plugin:4.2.1.3168'
+    implementation 'info.picocli:picocli:4.7.4'
+}

buildSrc/src/main/groovy/bio.terra.pfb.java-common-conventions.gradle

@@ -0,0 +1,75 @@
+plugins {
+    id 'idea'
+    id 'jacoco'
+    id 'java'
+    id 'org.sonarqube'
+    id 'com.diffplug.spotless'
+}
+
+boolean isCiServer = System.getenv().containsKey("CI")
+
+java {
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(17)
+    }
+}
+
+repositories {
+    maven {
+        // Terra proxy for maven central
+        url 'https://broadinstitute.jfrog.io/broadinstitute/maven-central/'
+    }
+    mavenCentral()
+    maven {
+        url 'https://broadinstitute.jfrog.io/broadinstitute/libs-release/'
+    }
+    maven {
+        url 'https://broadinstitute.jfrog.io/broadinstitute/libs-snapshot-local/'
+    }
+}
+
+dependencies {
+    testImplementation 'org.hamcrest:hamcrest:2.2'
+
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.1'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.1'
+}
+
+version = gradle.releaseVersion
+group = 'bio.terra'
+
+spotless {
+    java {
+        targetExclude "${buildDir}/**"
+        googleJavaFormat()
+    }
+}
+
+// Run spotless check when running in github actions, otherwise run spotless apply.
+compileJava {
+    if (isCiServer) {
+        dependsOn(spotlessCheck)
+    } else {
+        dependsOn(spotlessApply)
+    }
+}
+
+test {
+    useJUnitPlatform()
+}
+
+jacocoTestReport {
+    reports {
+        // sonarqube requires XML coverage output to upload coverage data
+        xml.required = true
+    }
+}
+
+sonar {
+    properties {
+        property "sonar.projectKey", "DataBiosphere_java-pfb"
+        property "sonar.projectName", "java-pfb"
+        property "sonar.organization", "broad-databiosphere"
+        property "sonar.host.url", "https://sonarcloud.io"
+    }
+}

buildSrc/src/main/groovy/bio.terra.pfb.java-library-conventions.gradle

@@ -0,0 +1,4 @@
+plugins {
+    id 'bio.terra.pfb.java-common-conventions'
+    id 'java-library'
+}