Merge branch 'master' into master

hasnainmakada-99 · Apr 18, 2024 · 2b20e52 · 2b20e52
2 parents 7d4a320 + 5dda530
commit 2b20e52
Show file tree

Hide file tree

Showing 68 changed files with 1,927 additions and 852 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -43,14 +43,79 @@ updates:
       - SaptarshiSarkar12
 
   - package-ecosystem: 'docker'
-    directory: '/'
+    directory: '/Docker/dev/CLI'
     schedule:
       # Check for updates to Docker every day
       interval: 'daily'
     commit-message:
       prefix: 'chore(docker)'
     labels:
         - 'dependencies 📦️'
-        - 'docker 🐋️'
+        - 'docker 🐋'
     reviewers:
-      - SaptarshiSarkar12
+      - SaptarshiSarkar12
+
+  - package-ecosystem: 'docker'
+    directory: '/Docker/dev/GUI'
+    schedule:
+      # Check for updates to Docker every day
+      interval: 'daily'
+    commit-message:
+      prefix: 'chore(docker)'
+    labels:
+        - 'dependencies 📦️'
+        - 'docker 🐋'
+    reviewers:
+      - SaptarshiSarkar12
+
+  - package-ecosystem: 'docker'
+    directory: '/Docker/dev/commons/base'
+    schedule:
+      # Check for updates to Docker every day
+      interval: 'daily'
+    commit-message:
+      prefix: 'chore(docker)'
+    labels:
+        - 'dependencies 📦️'
+        - 'docker 🐋'
+    reviewers:
+      - SaptarshiSarkar12
+
+  - package-ecosystem: 'docker'
+    directory: '/Docker/dev/commons/runner'
+    schedule:
+      # Check for updates to Docker every day
+      interval: 'daily'
+    commit-message:
+      prefix: 'chore(docker)'
+    labels:
+        - 'dependencies 📦️'
+        - 'docker 🐋'
+    reviewers:
+      - SaptarshiSarkar12
+
+  - package-ecosystem: 'docker'
+    directory: '/Docker/prod/CLI'
+    schedule:
+      # Check for updates to Docker every day
+      interval: 'daily'
+    commit-message:
+      prefix: 'chore(docker)'
+    labels:
+        - 'dependencies 📦️'
+        - 'docker 🐋'
+    reviewers:
+      - SaptarshiSarkar12
+
+  - package-ecosystem: 'docker'
+    directory: '/Docker/prod/GUI'
+    schedule:
+      # Check for updates to Docker every day
+      interval: 'daily'
+    commit-message:
+      prefix: 'chore(docker)'
+    labels:
+        - 'dependencies 📦️'
+        - 'docker 🐋'
+    reviewers:
+      - SaptarshiSarkar12
diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml
@@ -11,7 +11,6 @@ MD024: true # Multiple headers with the same content
 MD026:
   punctuation: ".,;:!" # Trailing punctuation in header
 MD027: true # Multiple spaces after blockquote symbol
-MD028: true # Blank line inside blockquote
 MD029: true # Ordered list item prefix
 MD036:
   punctuation: ".,;:!?。，；：！？" # Emphasis used instead of a header
@@ -30,4 +29,4 @@ MD049:
   style: consistent # Emphasis style should be consistent
 MD050:
   style: consistent # Strong style should be consistent
-MD051: true # Link Fragments should be valid
+MD051: true # Link Fragments should be valid
diff --git a/.github/linters/sun_checks.xml b/.github/linters/sun_checks.xml
@@ -27,7 +27,9 @@
         <module name="FallThrough"/>
         <module name="ModifiedControlVariable"/>
         <module name="MultipleVariableDeclarations"/>
-        <module name="NestedForDepth"/>
+        <module name="NestedForDepth">
+            <property name="max" value="2"/>
+        </module>
         <module name="NestedIfDepth">
             <property name="max" value="6"/>
         </module>

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -14,7 +14,7 @@ on:
   workflow_dispatch:
      inputs:
         create_release:
-          description: 'True to create release, else false'
+          description: 'Click to create latest release else pre-release will be created'
           required: true
           type: boolean
 
@@ -35,6 +35,15 @@ jobs:
     - uses: actions/checkout@v4
       with:
         ref: ${{ github.event.pull_request.head.sha }}
+      # Setup the Windows build environment
+    - name: Add msbuild to PATH
+      if: ${{ matrix.os == 'windows-latest' && matrix.mode == 'GUI' }}
+      uses: microsoft/setup-msbuild@v2
+      with:
+        msbuild-architecture: x64
+    - name: Visual Studio shell
+      if: ${{ matrix.os == 'windows-latest' && matrix.mode == 'GUI' }}
+      uses: egor-tensin/vs-shell@v2
     - name: Update system packages
       if: ${{ matrix.os == 'ubuntu-latest' && matrix.mode == 'GUI' }}
       run: sudo apt-get update
@@ -47,20 +56,22 @@ jobs:
       uses: graalvm/setup-graalvm@v1
       with:
         java-version: '21'
-        distribution: 'graalvm-community'
+        distribution: 'graalvm'
         github-token: ${{ secrets.GITHUB_TOKEN }}
         set-java-home: true
         cache: 'maven'
     - name: Package Drifty CLI for ${{ matrix.os }} with GraalVM
       if: ${{ matrix.mode == 'CLI' }}
+      shell: bash
       run: mvn -P build-drifty-cli-for-${{ matrix.os }} package
     - name: Set Up Maven version 3.8.8 # For GUI build issues, maven version 3.8.8 needs to be used
       if: ${{ matrix.mode == 'GUI' }}
-      uses: stCarolas/setup-maven@v4.5
+      uses: stCarolas/setup-maven@v5
       with:
         maven-version: 3.8.8
     - name: Build platform-specific C object for missing jdk libraries
       if: ${{ matrix.mode == 'GUI' }}
+      shell: bash
       run: gcc -c config/missing_symbols.c -o config/missing_symbols-${{ matrix.os }}.o
     - name: Install dependency modules for GUI
       if: ${{ matrix.mode == 'GUI' }}
@@ -153,7 +164,13 @@ jobs:
         echo "GUI_WINDOWS_EXE_SIZE=$(echo `du -h 'windows/build/GUI/Drifty-GUI.exe'` | sed 's/ .*//')" >> "$GITHUB_ENV"
     - name: Generate Artifact metadata summary
       run: |
-        echo "# Drifty v$VERSION Built! :rocket:" >> $GITHUB_STEP_SUMMARY
+        if ${{ github.event_name != 'pull_request' && inputs.create_release == false }}; then
+            echo "# Drifty v$VERSION Beta Built! :rocket:" >> $GITHUB_STEP_SUMMARY
+        elif ${{ github.event_name == 'pull_request' }}; then
+            echo "# Drifty Built! :rocket:" >> $GITHUB_STEP_SUMMARY
+        else
+            echo "# Drifty v$VERSION Built! :rocket:" >> $GITHUB_STEP_SUMMARY
+        fi
         echo "## Build Artifacts :package: Summary :memo:" >> $GITHUB_STEP_SUMMARY
         
         echo "### Artifacts :package: Generated for Linux :penguin:" >> $GITHUB_STEP_SUMMARY
@@ -176,15 +193,31 @@ jobs:
         echo "| GUI | Drifty-GUI.msi | $GUI_WINDOWS_MSI_SIZE |" >> $GITHUB_STEP_SUMMARY
         echo "| GUI | Drifty-GUI.exe | $GUI_WINDOWS_EXE_SIZE |" >> $GITHUB_STEP_SUMMARY
     
-        if [ ${{ !inputs.create_release }} ]; then
+        if ${{ github.event_name == 'pull_request' }}; then
           echo "## Release :bookmark: Drifty v$VERSION" >> $GITHUB_STEP_SUMMARY
           echo "Release Skipped :no_entry_sign:!" >> $GITHUB_STEP_SUMMARY
         fi
-    - name: Create Release with automated release notes
-      if: ${{ inputs.create_release }}
+    - name: Remove any existing pre-release with same version
+      if: ${{ github.event_name != 'pull_request' && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
+      continue-on-error: true
+      run: |
+          gh release delete v$VERSION-beta --yes --cleanup-tag
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Create Pre-Release with automated release notes
+      if: ${{ github.event_name != 'pull_request' && inputs.create_release == false && github.repository == 'SaptarshiSarkar12/Drifty' && github.ref_name == 'master' }}
+      run: |
+        echo "## Release :bookmark: Drifty v$VERSION-beta" >> $GITHUB_STEP_SUMMARY
+        gh release create v$VERSION-beta --prerelease --generate-notes 'linux/build/CLI/Drifty-CLI_linux#Drifty-CLI_linux' 'linux/build/GUI/Drifty-GUI_linux#Drifty-GUI_linux' 'macos/build/CLI/Drifty-CLI_macos#Drifty-CLI_macos' 'macos/build/GUI/Drifty-GUI.pkg#Drifty-GUI.pkg' 'windows/build/CLI/Drifty-CLI.exe#Drifty-CLI.exe' 'windows/build/GUI/Drifty-GUI.msi#Drifty-GUI.msi' 'windows/build/GUI/Drifty-GUI.exe#Drifty-GUI.exe' --title "Drifty v$VERSION Beta"
+        echo "[Released :white_check_mark: Drifty v$VERSION-beta](https://github.com/SaptarshiSarkar12/Drifty/releases/tag/v$VERSION-beta) successfully :rocket:!" >> $GITHUB_STEP_SUMMARY
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Create Latest Release with automated release notes
+      if: ${{ inputs.create_release == true && github.repository == 'SaptarshiSarkar12/Drifty' && github.event_name != 'pull_request' && github.ref_name == 'master' }}
       run: |
         echo "## Release :bookmark: Drifty v$VERSION" >> $GITHUB_STEP_SUMMARY
-        gh release create v$VERSION --generate-notes 'linux/build/CLI/Drifty-CLI_linux#Drifty-CLI_linux' 'linux/build/GUI/Drifty-GUI_linux#Drifty-GUI_linux' 'macos/build/CLI/Drifty-CLI_macos#Drifty-CLI_macos' 'macos/build/GUI/Drifty-GUI.pkg#Drifty-GUI.pkg' 'windows/build/CLI/Drifty-CLI.exe#Drifty-CLI.exe' 'windows/build/GUI/Drifty-GUI.msi#Drifty-GUI.msi' 'windows/build/GUI/Drifty-GUI.exe#Drifty-GUI.exe'
+        gh release create v$VERSION --generate-notes 'linux/build/CLI/Drifty-CLI_linux#Drifty-CLI_linux' 'linux/build/GUI/Drifty-GUI_linux#Drifty-GUI_linux' 'macos/build/CLI/Drifty-CLI_macos#Drifty-CLI_macos' 'macos/build/GUI/Drifty-GUI.pkg#Drifty-GUI.pkg' 'windows/build/CLI/Drifty-CLI.exe#Drifty-CLI.exe' 'windows/build/GUI/Drifty-GUI.msi#Drifty-GUI.msi' 'windows/build/GUI/Drifty-GUI.exe#Drifty-GUI.exe' --title "Drifty v$VERSION"
         echo "[Released :white_check_mark: Drifty v$VERSION](https://github.com/SaptarshiSarkar12/Drifty/releases/tag/v$VERSION) successfully :rocket:!" >> $GITHUB_STEP_SUMMARY
       env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,47 @@
+name: "CodeQL"
+
+on:
+  push: # Run CodeQL analysis on every push to all branches
+  pull_request: # Run CodeQL analysis on every pull request to the repository
+  schedule:
+    - cron: '0 0 * * *' # Run CodeQL analysis at 00:00 UTC every day
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java-kotlin', 'javascript-typescript' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        queries: security-extended,security-and-quality
+
+    - name: Setup JDK 21
+      if: ${{ matrix.language == 'java-kotlin' }}
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'oracle'
+        java-version: 21
+
+    - name: Build with Maven
+      if: ${{ matrix.language == 'java-kotlin' }}
+      run: mvn install
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,22 @@
+name: 'Dependency Review'
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    runs-on: 'ubuntu-latest'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-scopes: development, runtime
+          comment-summary-in-pr: on-failure
+          retry-on-snapshot-warnings: true
diff --git a/.github/workflows/dev-docker-build.yml b/.github/workflows/dev-docker-build.yml
@@ -5,22 +5,48 @@ on:
     paths-ignore:
       - "Website/**"
       - "*.md"
-  pull_request:
+  pull_request_target:
     paths-ignore:
       - "Website/**"
       - "*.md"
   workflow_dispatch:
 
 jobs:
-  build:
+  build-and-scan:
+    name: Build and Scan [drifty-${{ matrix.image_name_suffix }}, ${{ matrix.os }}]
     runs-on: ubuntu-latest
+    if: github.repository == 'SaptarshiSarkar12/Drifty'
+    strategy:
+      matrix:
+        os: [ 'ubuntu-latest', 'macos-14' ] # ubuntu-latest and macos-14 has amd64 and arm64 architecture respectively.
+        image_name_suffix: [ 'cli', 'gui' ]
+      fail-fast: false
+    permissions:
+      security-events: write
     steps:
-      - uses: actions/checkout@v4
-      - name: Build the base image
-        run: docker compose build base
-      - name: Build the runner image
-        run: docker compose build runner
-      - name: Build the CLI image
-        run: docker compose build cli
-      - name: Build the GUI image
-        run: docker compose build gui
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Build Docker image
+        run: |
+          docker compose build base
+          docker compose build runner
+          docker compose build ${{ matrix.image_name_suffix }}
+      - name: Run Trivy security scan
+        uses: aquasecurity/[email protected]
+        continue-on-error: true
+        with:
+          image-ref: drifty-${{ matrix.image_name_suffix }}
+          format: 'sarif'
+          exit-code: 1
+          vuln-type: os,library
+          ignore-unfixed: true
+          output: 'trivy-report.sarif'
+          hide-progress: false
+          scanners: vuln,secret,misconfig
+      - name: Upload Trivy security scan results
+        if: always()
+        uses: github/codeql-action/upload-sarif@main
+        with:
+          sarif_file: trivy-report.sarif