Merge pull request #11 from Alfresco/feature/PMD710

Upgrade to PMD 7.1.0.
Alfresco · May 8, 2024 · 3456557 · 3456557
2 parents bf720ef + cefd2ca
commit 3456557
Show file tree

Hide file tree

Showing 5 changed files with 201 additions and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,38 @@
+name: Yet Another PMD Scan GitHub Action
+
+on:
+  pull_request:
+    branches:
+      - feature/**
+      - fix/**
+      - master
+      - release/**
+  push:
+    branches:
+      - feature/**
+      - fix/**
+      - master
+      - release/**
+
+jobs:
+  pre_commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
+      - uses: actions/checkout@v3
+      - id: changed-files
+        uses: tj-actions/changed-files@7fc073d92265804a8d4e4982b637dee053daf6c5 # v42.0.7
+      - name: Store changed files in env
+        run: echo "GITHUB_MODIFIED_FILES=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_ENV
+      - uses: Alfresco/alfresco-build-tools/.github/actions/[email protected]
+
+  test_scan:
+    name: "Run test scan against this repository."
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.
+        with:
+          create-github-annotations: "false"
+          classpath-enable: "false"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: 001e16323a2f0162336345f4ceb6d72c204980b5 # v1.4.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: fix-byte-order-marker
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: detect-aws-credentials
+        args:
+          - --allow-missing-credentials
+      - id: detect-private-key
+      - id: check-case-conflict
+      - id: check-yaml
+      - id: trailing-whitespace
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,140 @@
+{
+  "version": "1.4.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {
+    ".pre-commit-config.yaml": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": ".pre-commit-config.yaml",
+        "hashed_secret": "c8b1019606f02af959020dd388b4007e4398835c",
+        "is_verified": true,
+        "line_number": 3
+      }
+    ],
+    "README.md": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "README.md",
+        "hashed_secret": "d9c637c5f0fe3f9db710d8065b131eb3e1214eec",
+        "is_verified": true,
+        "line_number": 20
+      }
+    ],
+    "action.yml": [
+      {
+        "type": "Hex High Entropy String",
+        "filename": "action.yml",
+        "hashed_secret": "d9c637c5f0fe3f9db710d8065b131eb3e1214eec",
+        "is_verified": true,
+        "line_number": 11
+      }
+    ]
+  },
+  "generated_at": "2024-05-08T12:37:04Z"
+}
diff --git a/README.md b/README.md
@@ -16,8 +16,8 @@ if: >
 steps:
   - uses: Alfresco/alfresco-build-tools/.github/actions/pmd@ref
     with:
-      pmd-version: "7.0.0" # The version of PMD to use (only 7.x versions are supported).
-      pmd-sha256-digest: "24be4bde2846cabea84e75e790ede1b86183f85f386cb120a41372f2b4844a54" # The expected SHA-256 digest of the PMD distribution binaries zip file (64 digit hexidecimal value).
+      pmd-version: "7.1.0" # The version of PMD to use (only 7.x versions are supported).
+      pmd-sha256-digest: "0d31d257450f85d995cc87099f5866a7334f26d6599dacab285f2d761c049354" # The expected SHA-256 digest of the PMD distribution binaries zip file (64 digit hexidecimal value).
       create-github-annotations: "true" # Whether to create annotations using the GitHub Advanced Security (nb. this is not free for private repositories)
       fail-on-new-issues: "true" # Whether the introduction of new issues should cause the build to fail.
       pmd-ruleset-repo: "Alfresco/pmd-ruleset" # The GitHub repository containing the PMD ruleset (by default https://github.com/Alfresco/pmd-ruleset/).

diff --git a/action.yml b/action.yml
@@ -4,11 +4,11 @@ inputs:
   pmd-version:
     description: The version of PMD to use
     required: false
-    default: "7.0.0"
+    default: "7.1.0"
   pmd-sha256-digest:
     description: The expected SHA-256 digest of the PMD zip file (64 digit hexidecimal value).
     required: false
-    default: "24be4bde2846cabea84e75e790ede1b86183f85f386cb120a41372f2b4844a54"
+    default: "0d31d257450f85d995cc87099f5866a7334f26d6599dacab285f2d761c049354"
   create-github-annotations:
     description: |
       Whether to create inline comments on the PR using GH Advanced Security. This is free for open source projects but