feat: add checkstyle to PR checks

.github/workflows/pull_requests.yml

@@ -85,32 +85,36 @@ jobs:
           name: it-test-logs
           retention-days: 7
           path: maven/target/it/**/build.log
-# this action has been failing - so I'm disabling it; we never really found anything anyways
-#  audit:
-#    runs-on: ubuntu-latest
-#    permissions: 
-#      contents: read
-#      pull-requests: write
-#    name: Audit
-#    steps:
-#      - uses: actions/checkout@v4
-#      - name: Check Maven Cache
-#        id: maven-cache
-#        uses: actions/cache@v4
-#        with:
-#          path: ~/.m2/repository/
-#          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-#          restore-keys: |
-#            ${{ runner.os }}-maven-
-#      - name: Semgrep
-#        id: semgrep
-#        run: |
-#            docker run --rm -v "${PWD}:/src" returntocorp/semgrep semgrep --config "p/ci" --sarif > semgrep.sarif
-#      - name: Maven Site
-#        if: always()
-#        run: |
-#            mvn -s settings.xml package site -DskipTests=true --no-transfer-progress --batch-mode
-#      - name: Publish Comments
-#        if: always()
-#        run: |
-#            mvn se.bjurr.violations:violation-comments-to-github-maven-plugin:violation-comments --no-transfer-progress --batch-mode -DpullRequestId=${{ github.event.pull_request.number }} -DoAuth2Token=${{ secrets.GITHUB_TOKEN }}
+
+
+  checkstyle:
+    name: Checkstyle Validation
+    permissions:
+      security-events: write
+      contents: read
+    runs-on: ubuntu-latest 
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check Maven Cache
+        id: maven-cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository/
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Set up JDK 11
+        id: jdk-11
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'zulu'
+      - name: Checkstyle
+        id: checkstyle
+        run: |
+            mvn -V -s settings.xml checkstyle:checkstyle-aggregate --no-transfer-progress --batch-mode
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: target/checkstyle-result.sarif
+          category: checkstyle

pom.xml

@@ -761,50 +761,28 @@ Copyright (c) 2012 - Jeremy Long
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>se.bjurr.violations</groupId>
-                <artifactId>violation-comments-to-github-maven-plugin</artifactId>
-                <dependencies>
-                    <dependency>
-                        <groupId>se.bjurr.violations</groupId>
-                        <artifactId>violation-comments-to-github-lib</artifactId>
-                        <version>1.83.1</version>
-                    </dependency>
-                    <dependency>
-                        <groupId>se.bjurr.violations</groupId>
-                        <artifactId>violations-lib</artifactId>
-                        <version>1.157.1</version>
-                    </dependency>
-                </dependencies>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-checkstyle-plugin</artifactId>
+                <version>${reporting.checkstyle-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <inherited>false</inherited>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>checkstyle-aggregate</goal>
+                        </goals>
+                    </execution>
+                </executions>
                 <configuration>
-                    <inherited>false</inherited>
-                    <repositoryOwner>jeremylong</repositoryOwner>
-                    <repositoryName>DependencyCheck</repositoryName>
-                    <gitHubUrl>https://api.github.com/</gitHubUrl>
-                    <createCommentWithAllSingleFileComments>false</createCommentWithAllSingleFileComments>
-                    <createSingleFileComments>true</createSingleFileComments>
-                    <commentOnlyChangedContent>true</commentOnlyChangedContent>
-                    <!-- INFO, WARN, ERROR //-->
-                    <minSeverity>INFO</minSeverity>
-                    <violations>
-                        <violation>
-                            <parser>FINDBUGS</parser>
-                            <reporter>Spotbugs</reporter>
-                            <folder>.</folder>
-                            <pattern>.*/spotbugsXml.xml$</pattern>
-                        </violation>
-                        <violation>
-                            <parser>CHECKSTYLE</parser>
-                            <reporter>Checkstyle</reporter>
-                            <folder>.</folder>
-                            <pattern>.*/checkstyle-result.xml$</pattern>
-                        </violation>
-                        <violation>
-                            <parser>SARIF</parser>
-                            <reporter>Sarif</reporter>
-                            <folder>.</folder>
-                            <pattern>.*/semgrep.sarif$</pattern>
-                        </violation>
-                    </violations>
+                    <outputFile>${project.build.directory}/checkstyle-result.sarif</outputFile>
+                    <outputFileFormat>sarif</outputFileFormat>
+                    <enableRulesSummary>false</enableRulesSummary>
+                    <enableFilesSummary>false</enableFilesSummary>
+                    <excludes>**/HelpMojo.java</excludes>
+                    <configLocation>${project.basedir}/src/main/config/checkstyle-checks.xml</configLocation>
+                    <headerLocation>${project.basedir}/src/main/config/checkstyle-header.txt</headerLocation>
+                    <suppressionsLocation>${project.basedir}/src/main/config/checkstyle-suppressions.xml</suppressionsLocation>
+                    <suppressionsFileExpression>checkstyle.suppressions.file</suppressionsFileExpression>
                 </configuration>
             </plugin>
         </plugins>

src/main/config/checkstyle-checks.xml

@@ -203,9 +203,9 @@
         <module name="ParameterAssignment"/>
 
         <!-- Generates quite a few errors -->
-        <module name="CyclomaticComplexity">
+<!--        <module name="CyclomaticComplexity">
             <property name="severity" value="ignore"/>
-        </module>
+        </module>-->
 
         <module name="NestedForDepth">
             <property name="max" value="2"/>