From 4f8ac79afa40ccc318f0ea285008640415d630c1 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Wed, 3 Jun 2026 18:39:52 +0200
Subject: [PATCH 01/15] feat(ci): add coverage reports to sonar and github
---
.github/workflows/basic_code_checks.yml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index a5388fe3..5b9ea374 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -57,6 +57,7 @@ jobs:
needs: license_compliance
permissions:
contents: write
+ code-quality: write
steps:
- name: Checkout repository
@@ -79,6 +80,29 @@ jobs:
- name: Build Maven project
run: mvn clean verify
+ - name: Run SonarCloud Analysis
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ mvn sonar:sonar \
+ -Dsonar.organization=Decathlon \
+ -Dsonar.projectKey=Decathlon_internal-developer-platform \
+ -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \
+ -B
+
+ - name: Convert JaCoCo report to Cobertura format
+ run: |
+ pip install cover2cover --quiet
+ cover2cover target/site/jacoco/jacoco.xml src/main/java > cobertura.xml
+
+ - name: Upload code coverage to GitHub
+ uses: actions/upload-code-coverage@abb5995db9e0199b0e2bb9dbd136fce4cb1ec4d3 # v1
+ with:
+ file: cobertura.xml
+ language: Java
+ label: code-coverage/jacoco
+
- name: Upload built jar
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
From beb7f76264412f1d31285ea001770750b3b815ca Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Wed, 3 Jun 2026 18:58:21 +0200
Subject: [PATCH 02/15] fix(conar): fix the sonar scanner url
---
.github/workflows/basic_code_checks.yml | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index 5b9ea374..7d9b270b 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -77,18 +77,16 @@ jobs:
distribution: temurin
java-version: 25
- - name: Build Maven project
- run: mvn clean verify
-
- - name: Run SonarCloud Analysis
+ - name: Build Maven project and Sonar analysis
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
- mvn sonar:sonar \
+ mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.organization=Decathlon \
-Dsonar.projectKey=Decathlon_internal-developer-platform \
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \
+ -Dsonar.host.url=https://sonarcloud.io
-B
- name: Convert JaCoCo report to Cobertura format
From fcec697b4a145afd1135c11dc69ee89cc7d95f22 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 09:29:25 +0200
Subject: [PATCH 03/15] fix(ci): fix shell error
---
.github/workflows/basic_code_checks.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index 7d9b270b..1c9b5c63 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -86,7 +86,7 @@ jobs:
-Dsonar.organization=Decathlon \
-Dsonar.projectKey=Decathlon_internal-developer-platform \
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \
- -Dsonar.host.url=https://sonarcloud.io
+ -Dsonar.host.url=https://sonarcloud.io \
-B
- name: Convert JaCoCo report to Cobertura format
From 921c452de442a504d6c175ce46d0162e703154c6 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 09:36:36 +0200
Subject: [PATCH 04/15] fix(sonar): upgrade sonar scanner
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a5e4c3e7..7d97a6ba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -253,7 +253,7 @@
org.sonarsource.scanner.maven
sonar-maven-plugin
- 3.9.1.2184
+ 5.7.0.6970
From 6d03bc2428d0c4ed7583f12869c1002dd517e642 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 09:46:08 +0200
Subject: [PATCH 05/15] fix(sonar): upgrade sonar org
---
.github/workflows/basic_code_checks.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index 1c9b5c63..f52dbe4a 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -83,7 +83,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
- -Dsonar.organization=Decathlon \
+ -Dsonar.organization=decathlon \
-Dsonar.projectKey=Decathlon_internal-developer-platform \
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \
-Dsonar.host.url=https://sonarcloud.io \
From 8e2d963bbd3f376e7d6a6e96e61aa75bf8a07429 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 10:41:19 +0200
Subject: [PATCH 06/15] fix(sonar): change cobertura converter
---
.github/workflows/basic_code_checks.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index f52dbe4a..3a8bd6d0 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -91,8 +91,8 @@ jobs:
- name: Convert JaCoCo report to Cobertura format
run: |
- pip install cover2cover --quiet
- cover2cover target/site/jacoco/jacoco.xml src/main/java > cobertura.xml
+ pip install jacoco2cobertura --quiet
+ jacoco2cobertura target/site/jacoco/jacoco.xml > cobertura.xml
- name: Upload code coverage to GitHub
uses: actions/upload-code-coverage@abb5995db9e0199b0e2bb9dbd136fce4cb1ec4d3 # v1
From 414dae3bd7d5db2fb8a44268ae9c24e54d97b269 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:17:14 +0200
Subject: [PATCH 07/15] fix(coverage): change the conversion script. Improve
security in CI
---
.github/scripts/jacoco-to-cobertura.xsl | 167 ++++++++++++++++++++++
.github/workflows/basic_code_checks.yml | 6 +-
.github/workflows/copilot-setup-steps.yml | 2 +-
.github/workflows/deploy_docs.yml | 4 +-
pom.xml | 24 ++++
5 files changed, 196 insertions(+), 7 deletions(-)
create mode 100644 .github/scripts/jacoco-to-cobertura.xsl
diff --git a/.github/scripts/jacoco-to-cobertura.xsl b/.github/scripts/jacoco-to-cobertura.xsl
new file mode 100644
index 00000000..a93764ed
--- /dev/null
+++ b/.github/scripts/jacoco-to-cobertura.xsl
@@ -0,0 +1,167 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+
+ 0
+ 0.1
+ 0
+
+ .
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ % (
+
+ /
+
+ )
+
+
+
+ false
+
+
+
+
+
+
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index 3a8bd6d0..133e1a65 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -90,14 +90,12 @@ jobs:
-B
- name: Convert JaCoCo report to Cobertura format
- run: |
- pip install jacoco2cobertura --quiet
- jacoco2cobertura target/site/jacoco/jacoco.xml > cobertura.xml
+ run: mvn org.codehaus.mojo:xml-maven-plugin:transform -B
- name: Upload code coverage to GitHub
uses: actions/upload-code-coverage@abb5995db9e0199b0e2bb9dbd136fce4cb1ec4d3 # v1
with:
- file: cobertura.xml
+ file: target/cobertura.xml
language: Java
label: code-coverage/jacoco
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
index 779c7bb9..4ece252c 100644
--- a/.github/workflows/copilot-setup-steps.yml
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -42,4 +42,4 @@ jobs:
- name: Install dependencies
working-directory: docs
run: |
- uv sync
+ uv sync --no-build --frozen
diff --git a/.github/workflows/deploy_docs.yml b/.github/workflows/deploy_docs.yml
index 2d33a98b..915d3714 100644
--- a/.github/workflows/deploy_docs.yml
+++ b/.github/workflows/deploy_docs.yml
@@ -48,12 +48,12 @@ jobs:
- name: Install dependencies
working-directory: docs
run: |
- uv sync
+ uv sync --no-build --frozen
- name: Build documentation
working-directory: docs
run: |
- uv run zensical build
+ uv run --no-build --frozen zensical build
- name: Check navigation links
run: |
diff --git a/pom.xml b/pom.xml
index 7d97a6ba..c28b6e87 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,6 +24,7 @@
1.21.4
3.15.0
0.8.14
+ 1.1.0
1.5.5.Final
@@ -314,6 +315,29 @@
+
+ org.codehaus.mojo
+ xml-maven-plugin
+ ${xml-maven-plugin.version}
+
+
+
+ ${project.build.directory}/site/jacoco
+
+ jacoco.xml
+
+ ${project.basedir}/.github/scripts/jacoco-to-cobertura.xsl
+ ${project.build.directory}
+
+
+ cobertura.xml
+
+
+
+
+
+
+
com.github.spotbugs
spotbugs-maven-plugin
From d5ccce64a023f4adae92b6fe3065dd5b920719db Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:34:13 +0200
Subject: [PATCH 08/15] fix(ci): fix build
---
pom.xml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/pom.xml b/pom.xml
index c28b6e87..dd65e9d7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -328,6 +328,20 @@
${project.basedir}/.github/scripts/jacoco-to-cobertura.xsl
${project.build.directory}
+
+
+ http://apache.org/xml/features/nonvalidating/load-external-dtd
+ false
+
+
+ http://xml.org/sax/features/external-general-entities
+ false
+
+
+ http://xml.org/sax/features/external-parameter-entities
+ false
+
+
cobertura.xml
From 7f48d2c31669c7dc08e241ba4644b4509e882d63 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:42:20 +0200
Subject: [PATCH 09/15] fix(ci): fix report conversion
---
.github/workflows/basic_code_checks.yml | 3 ---
pom.xml | 8 ++++++++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index 133e1a65..eaf30230 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -89,9 +89,6 @@ jobs:
-Dsonar.host.url=https://sonarcloud.io \
-B
- - name: Convert JaCoCo report to Cobertura format
- run: mvn org.codehaus.mojo:xml-maven-plugin:transform -B
-
- name: Upload code coverage to GitHub
uses: actions/upload-code-coverage@abb5995db9e0199b0e2bb9dbd136fce4cb1ec4d3 # v1
with:
diff --git a/pom.xml b/pom.xml
index dd65e9d7..4c5fa9bc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -319,6 +319,14 @@
org.codehaus.mojo
xml-maven-plugin
${xml-maven-plugin.version}
+
+
+ verify
+
+ transform
+
+
+
From 9d136cddd0a88b8c07b48e485654e2e156a92af9 Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:44:43 +0200
Subject: [PATCH 10/15] fix(security): fix permissions scope in ci
---
.github/workflows/build_and_push.yml | 7 +++----
.github/workflows/deploy_docs.yml | 13 ++++++++-----
.github/workflows/lint_pull_request_title.yml | 7 +++----
3 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/.github/workflows/build_and_push.yml b/.github/workflows/build_and_push.yml
index 387ae029..bedfc8bc 100644
--- a/.github/workflows/build_and_push.yml
+++ b/.github/workflows/build_and_push.yml
@@ -9,15 +9,14 @@ on: # yamllint disable-line rule:truthy
description: 'Tag name for the release (e.g., v1.0.0)'
required: true
-permissions:
- contents: read
- id-token: write
-
jobs:
build-and-push:
runs-on: ubuntu-latest
name: Build and Push Docker Image
timeout-minutes: 20
+ permissions:
+ contents: read
+ id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
diff --git a/.github/workflows/deploy_docs.yml b/.github/workflows/deploy_docs.yml
index 915d3714..95bc5757 100644
--- a/.github/workflows/deploy_docs.yml
+++ b/.github/workflows/deploy_docs.yml
@@ -18,11 +18,6 @@ on: # yamllint disable-line rule:truthy
types: [created]
workflow_dispatch:
-permissions:
- contents: read
- pages: write
- id-token: write
-
concurrency:
group: "pages-${{ github.ref }}"
cancel-in-progress: false
@@ -31,6 +26,10 @@ jobs:
build:
name: Build Documentation
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pages: write
+ id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -77,6 +76,10 @@ jobs:
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
+ permissions:
+ contents: read
+ pages: write
+ id-token: write
steps:
- name: Deploy to GitHub Pages
id: deployment
diff --git a/.github/workflows/lint_pull_request_title.yml b/.github/workflows/lint_pull_request_title.yml
index 25e5a1b0..993b1c34 100644
--- a/.github/workflows/lint_pull_request_title.yml
+++ b/.github/workflows/lint_pull_request_title.yml
@@ -10,14 +10,13 @@ on: # yamllint disable-line rule:truthy
- edited
- synchronize
-permissions:
- pull-requests: write
- statuses: write
-
jobs:
lint-title:
name: Lint PR title
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
+ statuses: write
steps:
- name: Check PR title convention
From 81551d9c192d1dfff6162980a44e105c40b748ba Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:45:59 +0200
Subject: [PATCH 11/15] fix(lint): fix pom lint
---
pom.xml | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/pom.xml b/pom.xml
index 4c5fa9bc..acb58998 100644
--- a/pom.xml
+++ b/pom.xml
@@ -319,14 +319,6 @@
org.codehaus.mojo
xml-maven-plugin
${xml-maven-plugin.version}
-
-
- verify
-
- transform
-
-
-
@@ -358,6 +350,14 @@
+
+
+
+ transform
+
+ verify
+
+
From c8f29aa1eb1860c8738a4a23a4f8e0eecb7d590a Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:51:48 +0200
Subject: [PATCH 12/15] fix(ci): fix report conversion
---
pom.xml | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/pom.xml b/pom.xml
index acb58998..5b9c1e97 100644
--- a/pom.xml
+++ b/pom.xml
@@ -320,6 +320,9 @@
xml-maven-plugin
${xml-maven-plugin.version}
+
+ 2
+
${project.build.directory}/site/jacoco
@@ -328,20 +331,6 @@
${project.basedir}/.github/scripts/jacoco-to-cobertura.xsl
${project.build.directory}
-
-
- http://apache.org/xml/features/nonvalidating/load-external-dtd
- false
-
-
- http://xml.org/sax/features/external-general-entities
- false
-
-
- http://xml.org/sax/features/external-parameter-entities
- false
-
-
cobertura.xml
@@ -350,8 +339,16 @@
+
+
+ net.sf.saxon
+ Saxon-HE
+ 12.4
+
+
+ jacoco-to-cobertura
transform
From cac28ccd37c072e8428b71066edd92af3ddc1a2b Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 11:57:49 +0200
Subject: [PATCH 13/15] fix(ci): fix report conversion
---
pom.xml | 35 +++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)
diff --git a/pom.xml b/pom.xml
index 5b9c1e97..7f41eb34 100644
--- a/pom.xml
+++ b/pom.xml
@@ -315,14 +315,36 @@
+
+ com.google.code.maven-replacer-plugin
+ maven-replacer-plugin
+ 1.4.1
+
+
+ remove-dtd-from-jacoco
+ verify
+
+ replace
+
+
+ ${project.build.directory}/site/jacoco/jacoco.xml
+ true
+
+
+ <!DOCTYPE[^>]*>
+
+
+
+
+
+
+
+
org.codehaus.mojo
xml-maven-plugin
${xml-maven-plugin.version}
-
- 2
-
${project.build.directory}/site/jacoco
@@ -339,13 +361,6 @@
-
-
- net.sf.saxon
- Saxon-HE
- 12.4
-
-
jacoco-to-cobertura
From fa513dc91ea4ad1a56ddc14d34654f83a0be03dd Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 12:01:25 +0200
Subject: [PATCH 14/15] fix(ci): fix report conversion
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 7f41eb34..e659b476 100644
--- a/pom.xml
+++ b/pom.xml
@@ -322,17 +322,17 @@
remove-dtd-from-jacoco
- verify
replace
+ verify
${project.build.directory}/site/jacoco/jacoco.xml
true
<!DOCTYPE[^>]*>
-
+
From d8369d85c52f14ff4b581bb616bc7c20abd5b8ad Mon Sep 17 00:00:00 2001
From: ejacqu22 <2057151+etiennej70@users.noreply.github.com>
Date: Thu, 4 Jun 2026 12:15:24 +0200
Subject: [PATCH 15/15] fix(ci): fix report conversion
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index e659b476..e19c2749 100644
--- a/pom.xml
+++ b/pom.xml
@@ -327,7 +327,7 @@
verify
- ${project.build.directory}/site/jacoco/jacoco.xml
+ target/site/jacoco/jacoco.xml
true