[REFACTOR]remove unused imports and integrate sonarcloud

.github/workflows/ci.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - master
       - staging_new
+      - subbox-management
 
 jobs:
   build:

.github/workflows/scorecard.yml

@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: "40 19 * * 5"
+  push:
+    branches: ["master", "subbox-management"]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif

.github/workflows/sonarcloud.yml

@@ -0,0 +1,44 @@
+name: SonarCloud Analysis
+on:
+  # Trigger analysis when pushing in master or pull requests, and when creating
+  # a pull request.
+  push:
+  pull_request:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out the Git repository
+        uses: actions/checkout@v4
+        with:
+          # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
+      - name: Set up Java Toolchain
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: "21"
+          cache: "gradle"
+      - name: Cache Gradle packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Set gradlew as executable
+        run: chmod +x ./gradlew
+      - name: Build and analyze
+        run: ./gradlew build jacocoTestReport sonar --info
+        env:
+          # Needed to get some information about the pull request, if any
+          GITHUB_TOKEN: ${{ secrets.GIT_HUB_TOKEN }}
+          # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

README.md

@@ -1,10 +1,12 @@
 # Subscription Box Management by Admin
-
+#### Home Link: http://34.124.168.155/subscription-box
+
 ### Penanggung Jawab :
 #### Muhammad Faishal Adly Nelwan (2206030754)
 
 ##### Link Get All Subscription BOX
-##### Link Get All Subscription BOX
+http://34.124.168.155/subscription-box/list
+##### Link Create Subscription BOX
 ##### Link Get All Subscription BOX
 ##### Link Get All Subscription BOX
 ##### Link Get All Subscription BOX

build.gradle.kts

@@ -6,6 +6,14 @@ plugins {
     id("org.sonarqube") version "4.4.1.3373"
 }
 
+sonar {
+    properties {
+        property("sonar.host.url", "https://sonarcloud.io")
+        property("sonar.organization","adpro-c11")
+        property("sonar.projectKey", "ADPRO-C11_snackscription-subscriptionbox-admin")
+    }
+}
+
 group = "snackscription"
 version = "0.0.1-SNAPSHOT"
 

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/controller/SubscriptionBoxController.java

@@ -4,16 +4,13 @@
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.utils.JWTUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import id.ac.ui.cs.advprog.snackscription_subscriptionbox.dto.DTOMapper;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.dto.SubscriptionBoxDTO;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.SubscriptionBox;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.service.SubscriptionBoxService;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
-import java.util.Locale;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/dto/SubscriptionBoxDTO.java

@@ -1,7 +1,6 @@
 package id.ac.ui.cs.advprog.snackscription_subscriptionbox.dto;
 
 import lombok.*;
-import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.Item;
 
 import java.util.List;
 

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/model/SubscriptionBox.java

@@ -3,7 +3,6 @@
 
 import com.fasterxml.jackson.annotation.JsonManagedReference;
 import jakarta.persistence.*;
-import lombok.Builder;
 import lombok.Getter;
 import lombok.Setter;
 
@@ -38,7 +37,6 @@ public class SubscriptionBox {
 
     @Column(name = "box_description")
     String description;
-    // Rating rating;
 
     public SubscriptionBox(){
         this.id = UUID.randomUUID().toString();

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/repository/ItemRepository.java

@@ -1,7 +1,6 @@
 package id.ac.ui.cs.advprog.snackscription_subscriptionbox.repository;
 
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.Item;
-import lombok.Getter;
 import org.springframework.stereotype.Repository;
 import java.util.ArrayList;
 import java.util.List;

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/repository/LogRepository.java

@@ -1,7 +1,6 @@
 package id.ac.ui.cs.advprog.snackscription_subscriptionbox.repository;
 
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.LogAdmin;
-import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.SubscriptionBox;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/repository/SubscriptionBoxRepository.java

@@ -3,18 +3,13 @@
 
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.Item;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.SubscriptionBox;
-import jakarta.transaction.TransactionScoped;
 import org.springframework.stereotype.Repository;
 import java.util.ArrayList;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.TypedQuery;
 import jakarta.transaction.Transactional;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Repository;
-
-import java.util.Collections;
-import java.util.Comparator;
 import java.util.List;
 import java.util.Optional;
 

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/service/SubscriptionBoxService.java

@@ -5,7 +5,7 @@
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.dto.SubscriptionBoxDTO;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.LogAdmin;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.SubscriptionBox;
-import org.springframework.scheduling.annotation.Async;
+
 
 import java.util.Optional;
 import java.util.concurrent.CompletableFuture;
@@ -33,11 +33,4 @@ public interface SubscriptionBoxService {
     CompletableFuture<List<LogAdmin>> getLog();
 
 
-//    public SubscriptionBox addBox(SubscriptionBox subscriptionBox);
-//    public SubscriptionBox editBox(String id, SubscriptionBox subscriptionBox);
-//    public SubscriptionBox deleteBox(String id);
-//    public List<SubscriptionBox> viewAll();
-//    public String viewDetails(String boxId);
-//    public List<SubscriptionBox> filterByPrice(int price);
-//    // public List<SubscriptionBox> filterByRating(int rating);
 }

src/main/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/service/SubscriptionBoxServiceImpl.java

@@ -46,7 +46,7 @@ public CompletableFuture<Optional<SubscriptionBoxDTO>> findById(String id) {
         return subscriptionBoxRepository.findById(id)
                 .map(subscriptionBox -> CompletableFuture.completedFuture(Optional.of(DTOMapper.convertModelToDto(subscriptionBox))))
                 .orElse(CompletableFuture.completedFuture(Optional.empty()));
-//
+
     }
 
     @Override
@@ -59,10 +59,7 @@ public CompletableFuture<List<SubscriptionBox>> findAll() {
     @Override
     @Async
     public CompletableFuture<SubscriptionBox> update(SubscriptionBoxDTO subscriptionBoxDTO) {
-//        if (subscriptionBox == null) {
-//            throw new IllegalArgumentException("SubscriptionBox cannot be null");
-//        }
-//        return CompletableFuture.completedFuture(subscriptionBoxRepository.update(subscriptionBox));
+
         if (subscriptionBoxDTO == null) {
             throw new IllegalArgumentException("Subscription cannot be null");
         }

src/test/java/id/ac/ui/cs/advprog/snackscription_subscriptionbox/service/SubscriptionBoxServiceImplTest.java

@@ -1,9 +1,8 @@
 package id.ac.ui.cs.advprog.snackscription_subscriptionbox.service;
-import id.ac.ui.cs.advprog.snackscription_subscriptionbox.dto.DTOMapper;
+
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.dto.SubscriptionBoxDTO;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.model.SubscriptionBox;
 import id.ac.ui.cs.advprog.snackscription_subscriptionbox.repository.SubscriptionBoxRepository;
-import id.ac.ui.cs.advprog.snackscription_subscriptionbox.service.SubscriptionBoxServiceImpl;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;