add ci/cd

Author: SenZhangAI

.github/codeql/codeql-config.yml

@@ -0,0 +1,18 @@
+name: "CodeQL Config"
+
+queries:
+    - uses: security-and-quality
+    - uses: security-extended
+
+paths:
+    - src
+paths-ignore:
+    - src/test
+    - "**/*.test.java"
+    - "**/*Test.java"
+
+query-filters:
+    - exclude:
+          problem.severity:
+              - warning
+              - recommendation

.github/dependabot.yml

@@ -0,0 +1,29 @@
+version: 2
+updates:
+    - package-ecosystem: "maven"
+      directory: "/"
+      schedule:
+          interval: "weekly"
+      ignore:
+          - dependency-name: "org.springframework.boot"
+            versions: ["3.x"]
+      commit-message:
+          prefix: "deps"
+          include: "scope"
+      labels:
+          - "dependencies"
+          - "security"
+      open-pull-requests-limit: 10
+      reviewers:
+          - "your-github-username"
+
+    - package-ecosystem: "github-actions"
+      directory: "/"
+      schedule:
+          interval: "weekly"
+      commit-message:
+          prefix: "ci"
+          include: "scope"
+      labels:
+          - "ci-cd"
+          - "dependencies"

.github/workflows/maven.yml

@@ -0,0 +1,55 @@
+name: Java CI with Maven
+
+on:
+    push:
+        branches: [main]
+    pull_request:
+        branches: [main]
+        types: [opened, synchronize, reopened]
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+
+            - name: Set up JDK 8
+              uses: actions/setup-java@v3
+              with:
+                  java-version: "8"
+                  distribution: "temurin"
+                  cache: maven
+
+            - name: Cache Maven packages
+              uses: actions/cache@v3
+              with:
+                  path: ~/.m2
+                  key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+                  restore-keys: ${{ runner.os }}-m2
+
+            - name: Build with Maven
+              run: mvn -B package --file pom.xml
+
+            - name: Run Tests
+              run: mvn test
+
+            - name: Run Security Check
+              run: |
+                  chmod +x ./security-check.sh
+                  ./security-check.sh
+
+            - name: Upload Test Results
+              if: always()
+              uses: actions/upload-artifact@v3
+              with:
+                  name: test-results
+                  path: target/surefire-reports/
+
+            - name: Upload Security Reports
+              if: always()
+              uses: actions/upload-artifact@v3
+              with:
+                  name: security-reports
+                  path: |
+                      target/dependency-check-report.html
+                      target/dependency-check-report.json

.github/workflows/security-scan.yml

@@ -0,0 +1,42 @@
+name: Security Scan
+
+on:
+    schedule:
+        - cron: "0 0 * * 0" # 每周日运行
+    workflow_dispatch: # 允许手动触发
+
+jobs:
+    security-scan:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+
+            - name: Set up JDK 8
+              uses: actions/setup-java@v3
+              with:
+                  java-version: "8"
+                  distribution: "temurin"
+                  cache: maven
+
+            - name: Initialize CodeQL
+              uses: github/codeql-action/init@v2
+              with:
+                  languages: java
+
+            - name: Build with Maven
+              run: mvn -B package --file pom.xml
+
+            - name: Perform CodeQL Analysis
+              uses: github/codeql-action/analyze@v2
+
+            - name: Run OWASP Dependency Check
+              run: mvn org.owasp:dependency-check-maven:check
+
+            - name: Upload Security Reports
+              if: always()
+              uses: actions/upload-artifact@v3
+              with:
+                  name: security-scan-reports
+                  path: |
+                      target/dependency-check-report.html
+                      target/dependency-check-report.json