Merge pull request #7 from dvsa/feat-vol-5327-b

Feat: amended workflows

.github/workflows/cd.yaml

@@ -0,0 +1,54 @@
+name: CD
+
+on:
+    push:
+     branches:
+       -  main
+
+jobs:
+  release-please:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      tag_name: ${{ steps.release.outputs.tag_name }}
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release
+        with:
+          release-type: maven
+
+
+  publish:
+    if: ${{needs.release-please.outputs.release_created}}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: 
+      - release-please
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'corretto'
+          cache: 'maven'
+
+  push:
+      if: ${{needs.release-please.outputs.release_created}}
+      name: Publish to GitHub Packages Apache Maven
+      uses: ./.github/workflows/maven.yaml
+      with:
+        maven-goal: deploy
+      needs: release-please
+
+
+
+

.github/workflows/ci.yaml

@@ -0,0 +1,22 @@
+name: CI
+
+on:
+    pull_request:
+
+jobs:
+
+  security:
+    name: Security
+    uses: ./.github/workflows/security.yaml
+    secrets: inherit
+
+  build-maven:
+   name: Build Maven
+   uses: ./.github/workflows/maven.yaml
+   with:
+      maven-goal: package
+   needs: security
+
+
+
+

.github/workflows/maven.yaml

@@ -0,0 +1,26 @@
+name: Maven 
+
+on:
+  workflow_call:
+    inputs:
+      maven-goal:
+        description: 'Maven goal to run'
+        required: true
+        default: 'package'
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+    build:
+      name: build
+      runs-on: ubuntu-latest
+      steps:
+       - uses: actions/checkout@v4
+       - uses: whelk-io/maven-settings-xml-action@v22
+         with:
+          servers: '[{ "id":"dvsa-github-packages", "configuration": { "httpHeaders": { "property": { "name":"Authorization", "value":"Bearer ${{ secrets.GITHUB_TOKEN }}"} } } } ]'
+
+       - run: mvn -B -P github ${{ inputs.maven-goal}}
+

.github/workflows/security.yaml

@@ -0,0 +1,42 @@
+name: Security Scan
+
+on:
+  workflow_call:
+    inputs:
+      severity-threshold:
+        description: "Severity threshold"
+        required: false
+        default: "high"
+        type: string
+    secrets:
+      SNYK_TOKEN:
+        description: "Snyk token"
+        required: true
+  schedule:
+    # Weekly on Monday at 00:00 UTC
+    - cron: 0 0 * * 1
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:      
+    scan:
+        name: scan
+        runs-on: ubuntu-latest
+        steps:
+
+        - uses: actions/checkout@v4
+        - uses: snyk/actions/setup@master
+        - uses: actions/setup-java@v4
+          with:
+            distribution: "corretto"
+            java-version: "11"
+            cache: maven
+        - uses: whelk-io/maven-settings-xml-action@v22
+          with:
+            servers: '[{ "id":"dvsa-github-packages", "configuration": { "httpHeaders": { "property": { "name":"Authorization", "value":"Bearer ${{ secrets.GITHUB_TOKEN }}"} } } } ]'
+
+        - run: snyk test --severity-threshold=${{ inputs.severity-threshold || 'high' }} -- -P github 
+          env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.snyk

@@ -0,0 +1,45 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JAVA-DOM4J-174153:
+    - '*':
+        reason: None Given
+        expires: 2024-06-08T13:15:21.624Z
+        created: 2024-05-09T13:15:21.627Z
+  SNYK-JAVA-DOM4J-2812795:
+    - '*':
+        reason: None Given
+        expires: 2024-06-08T13:16:12.796Z
+        created: 2024-05-09T13:16:12.804Z
+  SNYK-JAVA-SOFTWAREAMAZONION-6153869:
+    - '*':
+        reason: None Given
+        expires: 2024-06-08T13:27:49.964Z
+        created: 2024-05-09T13:27:49.971Z
+  SNYK-JAVA-DOM4J-2812975:
+    - '*':
+        reason: no fix
+        expires: 2024-06-08T17:23:14.009Z
+        created: 2024-05-09T17:23:14.014Z
+  SNYK-JAVA-ORGSELENIUMHQSELENIUM-6062318:
+    - '*':
+        reason: None Given
+        expires: 2024-06-08T15:45:53.270Z
+        created: 2024-05-09T15:45:53.284Z
+  SNYK-JAVA-ORGBOUNCYCASTLE-6612984:
+    - '*':
+        reason: None Given
+        expires: 2024-06-08T15:46:16.314Z
+        created: 2024-05-09T15:46:16.322Z
+  SNYK-JAVA-ORGYAML-6056527:
+    - '*':
+        reason: no fix
+        expires: 2024-06-08T17:23:28.159Z
+        created: 2024-05-09T17:23:28.165Z
+  SNYK-JAVA-ORGYAML-2806360:
+    - '*':
+        reason: no fix
+        expires: 2024-06-08T17:24:05.946Z
+        created: 2024-05-09T17:24:05.953Z
+patch: {}

README.md

@@ -10,4 +10,15 @@ that consumes this library.
 # Rules
 
 This library uses AXE-CORE to scan for accessibility violations. The full rules that the scan covers
-can be found on the following link https://dequeuniversity.com/rules/axe/3.2
+can be found on the following link https://dequeuniversity.com/rules/axe/3.2
+
+## Installation
+Add the following Maven dependency to your project's `pom.xml` file:
+```xml
+<dependency>
+    <groupId>org.dvsa.testing.framework</groupId>
+    <artifactId>accessibility-library</artifactId>
+    <version>[insert latest version of package]</version>
+</dependency>
+```
+