initial commit

Author: claymccoy

.github/dependabot.yml

@@ -0,0 +1,40 @@
+version: 2
+updates:
+  # Enable version updates for Gradle
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "claymccoy"
+    assignees:
+      - "claymccoy"
+    commit-message:
+      prefix: "deps"
+      prefix-development: "deps-dev"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "gradle"
+    
+  # Enable version updates for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "claymccoy"
+    assignees:
+      - "claymccoy"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"

.github/pull_request_template.md

@@ -0,0 +1,38 @@
+## Description
+Brief description of the changes in this PR.
+
+## Type of Change
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Refactoring (no functional changes)
+- [ ] Performance improvement
+- [ ] Test coverage improvement
+
+## Changes Made
+- List the main changes made in this PR
+- Include any new dependencies added
+- Include any configuration changes
+
+## Testing
+- [ ] Unit tests pass locally
+- [ ] Integration tests pass locally
+- [ ] Manual testing completed
+- [ ] New tests added for new functionality
+
+## Checklist
+- [ ] My code follows the project's coding standards
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published
+
+## Screenshots (if applicable)
+Add screenshots to help explain your changes.
+
+## Additional Notes
+Any additional information that reviewers should know.

.github/workflows/README.md

@@ -0,0 +1,105 @@
+# GitHub Workflows Documentation
+
+This project includes several GitHub Actions workflows for continuous integration and security.
+
+## Workflows
+
+### 1. Build and Test (`build.yml`)
+
+**Triggers:**
+- Push to `main` or `develop` branches
+- Pull requests to `main` branch
+
+**Jobs:**
+- **test**: Runs tests on Java 17 and 21
+- **build**: Builds the application after successful tests
+- **release**: Creates releases on main branch pushes
+
+**Features:**
+- Multi-version Java testing (17, 21)
+- Test result reporting with `dorny/test-reporter`
+- Artifact uploads for build outputs
+- Automated releases with versioning
+
+### 2. CI/CD Pipeline (`ci.yml`)
+
+**Triggers:**
+- Push to `main` or `develop` branches  
+- Pull requests to `main` branch
+
+**Jobs:**
+- **test**: Comprehensive testing with matrix strategy
+- **build-and-publish**: Build and release management
+- **security-scan**: OWASP dependency vulnerability scanning
+
+**Features:**
+- Gradle caching for faster builds
+- Test result uploads
+- Security vulnerability reporting
+- Release artifact management
+
+### 3. Static Code Analysis (`static-analysis.yml`)
+
+**Triggers:**
+- Push to `main` or `develop` branches
+- Pull requests to `main` branch
+
+**Jobs:**
+- **static-analysis**: SpotBugs, PMD, and Checkstyle analysis
+- **security-scan**: OWASP dependency vulnerability scanning
+
+**Features:**
+- SpotBugs: Bug pattern detection and code quality
+- PMD: Code style and potential issues
+- Checkstyle: Code formatting and style compliance
+- OWASP dependency scanning for vulnerabilities
+- Detailed reporting and artifact uploads
+
+## Configuration Files
+
+### Dependabot (`dependabot.yml`)
+
+Automatically creates pull requests for:
+- Gradle dependency updates (weekly on Mondays)
+- GitHub Actions updates (weekly on Mondays)
+
+### Pull Request Template
+
+Located at `.github/pull_request_template.md`, provides:
+- Structured PR descriptions
+- Change type categorization
+- Testing checklists
+- Review guidelines
+
+## Security Features
+
+1. **OWASP Dependency Check**: Scans for known vulnerabilities
+2. **SpotBugs Analysis**: Static analysis for bug patterns and code quality
+3. **PMD Analysis**: Code style and potential issue detection
+4. **Checkstyle**: Code formatting and style compliance
+5. **Dependabot**: Automated dependency updates
+6. **JaCoCo Coverage**: Code coverage reporting and verification
+
+## Usage Examples
+
+### Local Development
+```bash
+# Run the same checks as CI
+./gradlew ciBuild
+
+# Run only static analysis
+./gradlew staticAnalysis
+
+# Run security scan
+./gradlew dependencyCheckAnalyze
+open build/reports/dependency-check-report.html
+
+# Run individual static analysis tools
+./gradlew spotbugsMain pmdMain checkstyleMain
+```
+
+### GitHub Actions
+- All pushes trigger the build pipeline
+- PRs run tests and security scans
+- Main branch pushes create releases
+- Weekly security scans run automatically

.github/workflows/build.yml

@@ -0,0 +1,63 @@
+name: Build and Test
+
+on:
+  push:
+    branches: [ master, develop ]
+  pull_request:
+    branches: [ master ]
+
+# Add permissions for test reporting
+permissions:
+  contents: read
+  checks: write
+  pull-requests: write
+
+jobs:
+  test:
+    name: Test on Java 21
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      
+    - name: Set up JDK 21
+      uses: actions/setup-java@v4
+      with:
+        java-version: '21'
+        distribution: 'temurin'
+        
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v2
+      with:
+        gradle-version: wrapper
+        
+    - name: Run CI build (tests + static analysis + coverage)
+      run: ./gradlew ciBuild --no-daemon
+      
+    - name: Publish Test Results
+      uses: EnricoMi/publish-unit-test-result-action@v2
+      if: always()
+      with:
+        files: |
+          build/test-results/test/*.xml
+        check_name: "Test Results (Java 21)"
+        comment_title: "Test Results (Java 21)"
+        
+    - name: Upload test results
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: test-results-java-21
+        path: |
+          build/reports/tests/
+          build/test-results/
+          
+    - name: Upload static analysis results
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: static-analysis-results
+        path: |
+          build/reports/pmd/
+          build/reports/checkstyle/

.gitignore

@@ -0,0 +1,62 @@
+# Gradle
+.gradle/
+build/
+target/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+# IDE
+.idea/
+*.iws
+*.iml
+*.ipr
+out/
+.vscode/
+*.swp
+*.swo
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Application specific
+logs/
+*.log
+*.log.*
+temp/
+tmp/
+
+# Spring Boot
+spring-boot-devtools.properties
+
+# Security
+*.key
+*.pem
+*.p12
+*.jks
+
+# Environment
+.env
+.env.local
+.env.*.local
+
+# Test reports
+/reports/
+/test-results/
+
+# Static analysis reports
+/build/reports/
+dependency-check-report.html
+dependency-check-report.json
+
+# JaCoCo
+*.exec
+
+# Temporary build files
+*.gradle.backup