-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AJ-1094: Initial Project Setup and Hello World CLI #1
Conversation
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
add workflows Revert "rename to java pfb" This reverts commit 166b8c9b6910920a20de9156a4bbb304652fdd84. rename to java pfb
47919e4
to
97c0103
Compare
Remove template docs Remove datasource from App
remove .idea files
See questions in PR descriptions
50a7cb3
to
843eef0
Compare
add help command
More cleanup
leftover changes
update jib GHA
Co-authored-by: Phil Shapiro <pshapiro@broadinstitute.org>
rework
Update README.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this looks great! Thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looking good! A few comments inline, all of which can be deferred for future PRs.
uses: broadinstitute/workflow-dispatch@v1 | ||
with: | ||
workflow: Tag | ||
token: ${{ secrets.BROADBOT_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure we will want to tag on every push to main - but I'm totally fine leaving this as-is and addressing in the future, once we have a better idea of what we DO want
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok! I'm inclined to tag on every push to main, but agreed - let's leave as-is and we'll address it in the future once we've had a chance to discuss!
implementation 'com.diffplug.spotless:spotless-plugin-gradle:6.11.0' | ||
implementation 'com.srcclr.gradle:com.srcclr.gradle.gradle.plugin:3.1.12' | ||
implementation 'org.sonarqube:org.sonarqube.gradle.plugin:4.2.1.3168' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will these be included in, or required by, the final jar we publish to artifactory? I haven't tried it myself to see what the results are. If these ARE included or required, can that be prevented, potentially by choosing a configuration other than implementation
? We want the published jar to be as small and as dependency-free as possible; and these are only used by build tasks, not at runtime, correct?
I'm fine fixing this in a follow-on PR if you want to defer this work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great point, I will make sure this is covered with AJ-1095
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file (buildSrc/build.gradle
) is different than other gradle project configuration files. It's (normally) only used to configure plugins, and its "dependencies" block only affects the plugins loaded by gradle, not compile or runtime dependencies used when running gradle tasks.
So these dependencies have no effect on the jar published to artifactory. They're here so when a plugin is used elsewhere in the project you don't need to specify the version. It provides a way to make sure that the same plugin versions are used in all subprojects.
With that in mind, the repositories
block should only include those that are needed to load plugins. In my project I use:
repositories {
maven {
url 'https://broadinstitute.jfrog.io/artifactory/plugins-snapshot'
}
gradlePluginPortal()
}
The artifactory configuration is needed for the terra-test-runner
plugin which is locally published. If you aren't using that plugin then gradlePluginPortal()
should be sufficient.
Also I'd remove the test
block below. I don't think it has any effect, and it should go in one of the plugin subprojects instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pshapiro4broad thanks for this context, I think I understand the buildSrc setup a little better now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like how this is set up as two SonarCloud projects.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few more comments, looks good to me overall!
name = "pfb", | ||
mixinStandardHelpOptions = true, | ||
description = "A java implementation of pyPFB", | ||
version = "java-pfb 0.1.0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if you want to do it now, but I think this should use picocli's dynamic version support and use the data generated by the gradle-git-properties plugin. That would help confirm that the git-properties plugin is working as expected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok! I started taking a look at this, but I think this PR is at a good stopping point to be merged. So, I will take a look at this with my next chunk of publishing work!
|
||
sonar { | ||
properties { | ||
property "sonar.projectKey", "DataBiosphere_java-pfb-cli" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also wanted to set up sonar scanning for a project that has multiple gradle subprojects but hadn't looked into it yet. i think there's a way to combine scans (and code coverage data) across different subprojects, did you look into doing it this way before running the scans as separate projects? How does this work on PRs? Does it show the result of both scans?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great question -- I was hoping to use the monorepo setup that's available for sonarcloud that I think should do what you're talking about. But, it's really hard to fiddle with settings because engineers don't have access to the admin settings on sonarcloud. Tom flipped the monorepo switch on the project, but as far as I could tell, nothing changed. The two projects still went into two separate sonarcloud projects.
This technically works -- I have two steps in GHA that runs against the two projects. Sonarcloud comments twice in the PR, once for each project (unfortunately, the comments don't distinguish between the two projects).
I think this is good enough for now, but I would definitely be interested in looking at the monorepo setup more -- this would require more time from infosec or more permissions in sonarcloud.
Note: Waiting on https://github.com/broadinstitute/dsp-appsec-sourceclear-github-actions/pull/103 to be merged before the results of the source clear scan is uploaded. |
add back picocli
Kudos, SonarCloud Quality Gate passed! |
Kudos, SonarCloud Quality Gate passed! |
dsp-appsec-sourceclear-github-actions PR cannot be merged until there is code in the java-pfb repo, so I will confirm that this is setup works after this java-pfb PR is merged. |
https://broadworkbench.atlassian.net/browse/AJ-1094
Background
This pull request provides the base repo structure for the java-pfb library. Our goal is to reproduce the pyPFB library, but in the format of a Java client. We will use the generated Java client in WDS to parse incoming files in the PFB format. We will also create command line tools so that java-pfb can be used in a similar manner to pyPFB.
General Outline of modules included in repo:
Testing out the changes
First, run "jar" gradle task in cli project.
Then, you can use the CLI with the following command:
Available Commands:
Review Requests
Github Actions
I don't expect to fully work out all of the GHAs before merging this, like the publish action. This will be handled in a follow-on ticket. Some questions to consider in the meantime:
Remaining TODOs