Saltar al contenido
mypipelines
Pipelines Actions Gradle Buscar
Java (Spring Boot)· Reusable workflow ·on: workflow_call

Java Pr Pipeline

Java - Pull Request Pipeline

.github/workflows/java-pr-pipeline.yml

.github/workflows/java-pr-pipeline.yml
name: Java - Pull Request Pipeline
on:
workflow_call:
inputs:
runner:
description: 'Runner type'
required: false
type: string
default: 'ubuntu-latest'
java_version:
description: 'Java version'
required: false
type: string
default: '21'
java_distribution:
description: 'Java distribution'
required: false
type: string
default: 'temurin'
build_tool:
description: 'Build tool: gradle or maven'
required: false
type: string
default: 'gradle'
# Security
run_commit_lint:
description: 'Run commit message validation'
required: false
type: boolean
default: false
run_trufflehog:
description: 'Run TruffleHog secret scanning'
required: false
type: boolean
default: false
trufflehog_only_verified:
description: 'Only report verified secrets'
required: false
type: boolean
default: true
trufflehog_fail_on_findings:
description: 'Fail the workflow if secrets are found'
required: false
type: boolean
default: true
run_dependency_review:
description: 'Run dependency review'
required: false
type: boolean
default: false
dependency_review_severity:
description: 'Minimum severity to fail: low, moderate, high, critical'
required: false
type: string
default: 'high'
# Quality gates
run_test:
description: 'Run test job'
required: false
type: boolean
default: true
run_coverage:
description: 'Run JaCoCo coverage report'
required: false
type: boolean
default: true
coverage_instruction_threshold:
description: 'Minimum instruction coverage percentage (0-100)'
required: false
type: number
default: 0
coverage_branch_threshold:
description: 'Minimum branch coverage percentage (0-100)'
required: false
type: number
default: 0
coverage_line_threshold:
description: 'Minimum line coverage percentage (0-100). Set to 0 to disable.'
required: false
type: number
default: 0
run_code_analysis:
description: 'Run code analysis'
required: false
type: boolean
default: false
code_analysis_tool:
description: 'Code analysis tool: sonar or qodana'
required: false
type: string
default: 'sonar'
skip_quality_gate:
description: 'Skip Quality Gate check'
required: false
type: boolean
default: false
run_owasp:
description: 'Run OWASP Dependency Check'
required: false
type: boolean
default: false
owasp_fail_on_cvss:
description: 'CVSS score threshold to fail (7 = HIGH+CRITICAL, 9 = CRITICAL only)'
required: false
type: number
default: 7
run_architecture:
description: 'Run architecture validation (ArchUnit + diagrams)'
required: false
type: boolean
default: false
outputs:
coverage:
description: 'Code coverage percentage (line)'
value: ${{ jobs.pipeline.outputs.coverage }}
coverage_instruction:
description: 'Instruction coverage percentage'
value: ${{ jobs.pipeline.outputs.coverage_instruction }}
coverage_branch:
description: 'Branch coverage percentage'
value: ${{ jobs.pipeline.outputs.coverage_branch }}
quality_gate:
description: 'SonarQube Quality Gate status'
value: ${{ jobs.pipeline.outputs.quality_gate }}
owasp_vulnerabilities:
description: 'Number of OWASP vulnerabilities found'
value: ${{ jobs.pipeline.outputs.owasp_vulnerabilities }}
arch_test_result:
description: 'Architecture test result'
value: ${{ jobs.pipeline.outputs.arch_test_result }}
jobs:
pipeline:
name: PR Quality Gates
uses: ./.github/workflows/java-main-pipeline.yml
with:
runner: ${{ inputs.runner }}
java_version: ${{ inputs.java_version }}
java_distribution: ${{ inputs.java_distribution }}
build_tool: ${{ inputs.build_tool }}
# Security
run_commit_lint: ${{ inputs.run_commit_lint }}
run_trufflehog: ${{ inputs.run_trufflehog }}
trufflehog_only_verified: ${{ inputs.trufflehog_only_verified }}
trufflehog_fail_on_findings: ${{ inputs.trufflehog_fail_on_findings }}
run_dependency_review: ${{ inputs.run_dependency_review }}
dependency_review_severity: ${{ inputs.dependency_review_severity }}
# Quality gates
run_build: true
run_test: ${{ inputs.run_test }}
run_coverage: ${{ inputs.run_coverage }}
coverage_instruction_threshold: ${{ inputs.coverage_instruction_threshold }}
coverage_branch_threshold: ${{ inputs.coverage_branch_threshold }}
coverage_line_threshold: ${{ inputs.coverage_line_threshold }}
run_code_analysis: ${{ inputs.run_code_analysis }}
code_analysis_tool: ${{ inputs.code_analysis_tool }}
skip_quality_gate: ${{ inputs.skip_quality_gate }}
run_owasp: ${{ inputs.run_owasp }}
owasp_fail_on_cvss: ${{ inputs.owasp_fail_on_cvss }}
run_architecture: ${{ inputs.run_architecture }}
# Disabled for PRs
run_artifact: false
run_deploy: false
run_cleanup: false
run_release: false # deprecated, kept for clarity
secrets: inherit