dvsa · dean-sogeti · May 20, 2024 · May 9, 2024 · May 11, 2024 · May 11, 2024
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -0,0 +1,54 @@
+name: CD
+
+on:
+    push:
+     branches:
+       -  main
+
+jobs:
+  release-please:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      tag_name: ${{ steps.release.outputs.tag_name }}
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release
+        with:
+          release-type: maven
+
+  publish:
+    if: ${{needs.release-please.outputs.release_created}}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: 
+      - release-please
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'corretto'
+          cache: 'maven'
+
+  push:
+      if: ${{needs.release-please.outputs.release_created}}
+      permissions:
+        contents: read
+        packages: write
+
+      name: Publish to GitHub Packages Apache Maven
+      uses: ./.github/workflows/maven.yaml
+      secrets: inherit
+      with:
+        maven-goal: deploy
+      needs: release-please
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,19 @@
+name: CI
+
+on:
+    pull_request:
+
+jobs:
+  security:
+    name: Security
+    uses: ./.github/workflows/security.yaml
+    secrets: inherit
+
+  build-maven:      
+    name: build with Maven
+    uses: ./.github/workflows/maven.yaml
+    with:
+      maven-goal: 'package'
+    needs: security
+
+
diff --git a/.github/workflows/maven.yaml b/.github/workflows/maven.yaml
@@ -0,0 +1,30 @@
+name: Maven 
+
+on:
+  workflow_call:
+    inputs:
+      maven-goal:
+        description: 'Maven goal to run'
+        required: true
+        default: 'package'
+        type: string
+
+permissions:
+  contents: read
+  packages: write
+
+
+jobs:
+    build:
+      name: build
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      runs-on: ubuntu-latest
+      steps:
+       - uses: actions/checkout@v4
+       - uses: whelk-io/maven-settings-xml-action@v22
+         with:
+          servers: '[{ "id":"dvsa-github-packages", "configuration": { "httpHeaders": { "property": { "name":"Authorization", "value":"Bearer ${{ secrets.GITHUB_TOKEN }}"} } } },{ "id":"github", "configuration": { "httpHeaders": { "property": { "name":"Authorization", "value":"Bearer ${{ secrets.GITHUB_TOKEN }}"} } } } ]'
+
+       - run: mvn -B -P github ${{ inputs.maven-goal}}
+
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,39 @@
+name: Security Scan
+
+on:
+  workflow_call:
+    inputs:
+      severity-threshold:
+        description: "Severity threshold"
+        required: false
+        default: "high"
+        type: string
+    secrets:
+      SNYK_TOKEN:
+        description: "Snyk token"
+        required: true
+  schedule:
+    # Weekly on Monday at 00:00 UTC
+    - cron: 0 0 * * 1
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:      
+    scan:
+        name: scan
+        runs-on: ubuntu-latest
+        steps:
+
+        - uses: actions/checkout@v4
+        - uses: snyk/actions/setup@master
+        - uses: actions/setup-java@v4
+          with:
+            distribution: "corretto"
+            java-version: "11"
+            cache: maven
+
+        - run: snyk test --severity-threshold=${{ inputs.severity-threshold || 'high' }}
+          env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.snyk b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JAVA-ORGJDOM-1311147:
+    - '*':
+        reason: None Given
+        expires: 2024-06-10T08:57:50.668Z
+        created: 2024-05-11T08:57:50.670Z
+patch: {}
diff --git a/README.md b/README.md
@@ -12,4 +12,13 @@ Use the following command ```mvn clean install```
 Use the following command ```mvn clean deploy```
 
 ## To instantiate use the following 
-```ScannerMethods xx = new ScannerMethods();```
+```ScannerMethods xx = new ScannerMethods();```
+
+## Installation
+Add the following Maven dependency to your project's `pom.xml` file:
+```xml
+<dependency>
+    <groupId>org.dvsa.testing.lib</groupId>
+    <artifactId>zap-scanner-suite</artifactId>
+    <version>LATEST</version>
+</dependency>
diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
     <zap-clientapi.version>1.13.0</zap-clientapi.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.version>3.8.1</maven.compiler.version>
-    <nexus.releases>https://nexus.olcs.dev-dvsacloud.uk/repository/maven-releases</nexus.releases>
+   <github.url>https://maven.pkg.github.com/dvsa/vol-app-security-lib</github.url>
   </properties>
 
   <build>
@@ -46,11 +46,12 @@
     </dependency>
   </dependencies>
 
-  <!--  Nexus Configuration  -->
+
   <distributionManagement>
     <repository>
-      <id>maven-releases</id>
-      <url>${nexus.releases}</url>
+        <id>dvsa-github-packages</id>
+        <name>GitHub dvsa Apache Maven Packages</name>
+        <url>${github.url}</url>
     </repository>
-  </distributionManagement>
+</distributionManagement>
 </project>