Prep release (#12)

- Import Makefile and security scanning dependency/CI step from easypost-java
- Make install -> make install-checkstyle -> download latest Java style guide from easypost-java

.github/workflows/ci.yml

@@ -2,24 +2,33 @@ name: CI
 
 on:
   push:
-    branches: [main]
+    branches: [ main ]
   pull_request: ~
 
 jobs:
   build:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        javaversion: ["8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18"]
+        javaversion: [ "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18" ]
     steps:
       - uses: actions/checkout@v3
+      - name: Load Maven dependencies cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-build${{ matrix.javaversion }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Install dependencies
+        run: make install
       - name: Set up Java ${{ matrix.javaversion }}
         uses: actions/setup-java@v3
         with:
           distribution: "zulu"
           java-version: ${{ matrix.javaversion }}
       - name: Build and test with Maven
-        run: mvn --batch-mode install -Dgpg.skip=true -Dcheckstyle.skip=true
+        run: make test
   lint:
     runs-on: ubuntu-latest
     steps:
@@ -31,3 +40,21 @@ jobs:
           fail_on_error: true
           checkstyle_config: easypost_java_style.xml
           tool_name: "style_enforcer"
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Load Maven dependencies and CVE database cache
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository # The CVE database is included in the Maven repository folder
+          key: ${{ runner.os }}-maven-security-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Run security analysis
+        run: make scan
+      - name: Upload Test results
+        uses: actions/upload-artifact@master
+        with:
+          name: DependencyCheck report
+          path: ${{github.workspace}}/target/dependency-check-report.html

CHANGELOG.md

@@ -1,6 +1,7 @@
 # CHANGELOG
 
-## Next Release
+## v0.4.0 (2022-10-04)
+
 - New feature: Set expiration time for interactions (how long since it was recorded should an interaction be considered valid)
   - Can determine what to do if a matching interaction is considered invalid:
     - Warn the user, but proceed with the interaction

Makefile

@@ -0,0 +1,56 @@
+## help - Display help about make targets for this Makefile
+help:
+	@cat Makefile | grep '^## ' --color=never | cut -c4- | sed -e "`printf 's/ - /\t- /;'`" | column -s "`printf '\t'`" -t
+
+## build - Builds the project for development
+build:
+	mvn clean install -DskipTests=true -Dgpg.skip=true -Dcheckstyle.skip=true -Dcheckstyle.skip=true -Ddependency-check.skip=true -Djavadoc.skip=true
+
+## clean - Cleans the project
+clean:
+	mvn clean
+
+## coverage - Test the project and generate a coverage report
+coverage:
+	mvn --batch-mode install -Dgpg.skip=true -Dcheckstyle.skip=true -Dcheckstyle.skip=true -Ddependency-check.skip=true -Djavadoc.skip=true jacoco:report
+
+## install-checkstyle - Install CheckStyle
+install-checkstyle:
+	curl -LJs https://github.com/checkstyle/checkstyle/releases/download/checkstyle-10.3.1/checkstyle-10.3.1-all.jar -o checkstyle.jar
+	curl -LJs https://raw.githubusercontent.com/EasyPost/easypost-java/master/easypost_java_style.xml -o easypost_java_style.xml
+
+## install - Install requirements
+install: | install-checkstyle
+	git submodule init
+	git submodule update
+
+## lint - Check if project follows CheckStyle rules (must run install-checkstyle first)
+lint:
+	java -jar checkstyle.jar src -c easypost_java_style.xml -d
+
+## publish - Publish a release of the project
+# @parameters:
+# pass= - The GPG password to sign the release
+publish:
+	mvn clean deploy -Dgpg.passphrase=${pass}
+
+## publish-dry - Build the project as a dry run to publishing
+# @parameters:
+# pass= - The GPG password to sign the release
+publish-dry:
+	mvn clean install -Dgpg.passphrase=${pass}
+
+## release - Cuts a release for the project on GitHub (requires GitHub CLI)
+# tag = The associated tag title of the release
+release:
+	gh release create ${tag} target/*.jar target/*.asc target/*.pom
+
+## scan - Scan the project for serious security issues
+scan:
+	mvn verify -DskipTests=true -Dgpg.skip=true -Dcheckstyle.skip=true -Djavadoc.skip=true -Ddependency-check.failBuildOnCVSS=0 -Ddependency-check.junitFailOnCVSS=0
+
+## test - Test the project
+test:
+	mvn --batch-mode install -Dgpg.skip=true -Dcheckstyle.skip=true -Dcheckstyle.skip=true -Ddependency-check.skip=true -Djavadoc.skip=true
+
+.PHONY: help build clean install-checkstyle install lint publish publish-dry release scan test

README.md

@@ -180,8 +180,8 @@ public class Example {
         Cassette cassette = new Cassette("path/to/cassettes", "my_cassette");
 
         AdvancedSettings advancedSettings = new AdvancedSettings();
-        advancedSettings.timeFrame = new TimeFrame(30, 0, 0,
-                0); // Any matching request is considered expired if it was recorded more than 30 days ago
+        advancedSettings.timeFrame = 
+                new TimeFrame(30, 0, 0, 0); // Any matching request is considered expired if it was recorded more than 30 days ago
         // or
         advancedSettings.timeFrame =
                 TimeFrame.months12(); // Any matching request is considered expired if it was recorded more than a year ago

VERSION

@@ -1 +1 @@
-0.3.0
+0.4.0

easypost_java_style.xml

@@ -61,6 +61,7 @@
 
     <!-- Checks that a package-info.java file exists for each package -->
     <!-- See https://checkstyle.org/config_javadoc.html#JavadocPackage -->
+    <module name="JavadocPackage"/>
 
     <!-- Checks whether files end with a new line -->
     <!-- See https://checkstyle.org/config_misc.html#NewlineAtEndOfFile -->
@@ -88,7 +89,7 @@
     <module name="RegexpSingleline">
         <property name="format" value="\s+$"/>
         <property name="minimum" value="0"/>
-        <property name="maximum" value="0"/>
+        <property name="maximum" value="1"/>
         <property name="message" value="Line has trailing spaces."/>
     </module>
 
@@ -137,11 +138,12 @@
         <module name="IllegalImport"/> <!-- defaults to sun.* packages -->
         <module name="RedundantImport"/>
         <module name="UnusedImports">
-            <property name="processJavadoc" value="true"/>
+            <property name="processJavadoc" value="false"/>
         </module>
 
         <!-- Checks for name length violations -->
         <!-- See https://checkstyle.org/config_sizes.html -->
+        <module name="MethodLength"/>
         <module name="ParameterNumber"/>
 
         <!-- Checks for whitespace -->
@@ -158,7 +160,11 @@
         <module name="ParenPad"/>
         <module name="TypecastParenPad"/>
         <module name="WhitespaceAfter"/>
-        <module name="WhitespaceAround"/>
+        <module name="SingleSpaceSeparator"/>
+        <module name="EmptyLineSeparator">
+            <property name="allowNoEmptyLineBetweenFields" value="true"/>
+            <property name="allowMultipleEmptyLines" value="false"/>
+        </module>
 
         <!-- Modifier Checks -->
         <!-- See https://checkstyle.org/config_modifier.html -->
@@ -180,6 +186,7 @@
         <!-- <module name="HiddenField"/> -->
         <module name="IllegalInstantiation"/>
         <module name="InnerAssignment"/>
+        <module name="MagicNumber"/>
         <module name="MissingSwitchDefault"/>
         <module name="MultipleVariableDeclarations"/>
         <module name="SimplifyBooleanExpression"/>
@@ -189,7 +196,9 @@
         <!-- See https://checkstyle.org/config_design.html -->
         <module name="DesignForExtension"/>
         <module name="FinalClass"/>
+        <module name="HideUtilityClassConstructor"/>
         <module name="InterfaceIsType"/>
+        <module name="VisibilityModifier"/>
 
         <!-- Miscellaneous other checks -->
         <!-- See https://checkstyle.org/config_misc.html -->
@@ -207,12 +216,6 @@
         <!-- i.e. @SuppressWarnings("checkstyle:methodname") -->
         <module name="SuppressWarningsHolder"/>
 
-        <module name="SuppressionCommentFilter">
-            <property name="offCommentFormat" value="CHECKSTYLE.OFF\: ([\w\|]+)"/>
-            <property name="onCommentFormat" value="CHECKSTYLE.ON\: ([\w\|]+)"/>
-            <property name="checkFormat" value="$1"/>
-        </module>
-
     </module>
 
 </module>

pom.xml

@@ -1,12 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>com.easypost</groupId>
     <artifactId>easyvcr</artifactId>
 
-    <version>0.3.0</version>
+    <version>0.4.0</version>
     <packaging>jar</packaging>
 
     <name>com.easypost:easyvcr</name>
@@ -108,7 +109,7 @@
                 <version>3.0.0-M3</version>
                 <configuration>
                     <properties>
-                        <configurationParameters> junit.jupiter.execution.order.random.seed=99
+                        <configurationParameters>junit.jupiter.execution.order.random.seed=99
                         </configurationParameters>
                     </properties>
                 </configuration>
@@ -259,6 +260,22 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>7.2.1</version>
+                <configuration>
+                    <failBuildOnCVSS>7</failBuildOnCVSS>
+                    <junitFailOnCVSS>7</junitFailOnCVSS>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>