Skip to content

feat(cli): compile plugin to native CLI#15

Merged
thestuckster merged 3 commits into
mainfrom
feat/build-native-cli
Jun 10, 2025
Merged

feat(cli): compile plugin to native CLI#15
thestuckster merged 3 commits into
mainfrom
feat/build-native-cli

Conversation

@Monforton

@Monforton Monforton commented May 2, 2025

Copy link
Copy Markdown
Collaborator

Summary by mrge

Added a native CLI tool for sending JUnit test reports to Fern, with cross-platform builds and a GitHub workflow to publish native executables.

  • New Features
    • New CLI with commands for sending test reports.
    • Native builds for Windows, macOS, and Linux using GraalVM.
    • GitHub Actions workflow to build and release native executables.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mrge found 13 issues across 10 files. View them in mrge.io

Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml
Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml Outdated
Comment thread src/main/kotlin/com/guidewire/cli/SendCommand.kt Outdated
Comment thread src/main/kotlin/com/guidewire/cli/SendCommand.kt Outdated
Comment thread build.gradle Outdated
Comment thread build.gradle
Comment thread build.gradle Outdated
@Monforton Monforton force-pushed the feat/build-native-cli branch 2 times, most recently from a919623 to 5b7d696 Compare May 2, 2025 21:42

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mrge found 12 issues across 9 files. View them in mrge.io

Comment thread build.gradle
Comment thread build.gradle Outdated
Comment thread build.gradle
Comment thread src/main/kotlin/io/github/guidewire/oss/DataSender.kt
Comment thread src/main/kotlin/io/github/guidewire/oss/Main.kt
Comment thread src/main/kotlin/io/github/guidewire/oss/cli/SendCommand.kt
Comment thread src/main/kotlin/io/github/guidewire/oss/cli/SendCommand.kt
Comment thread src/main/kotlin/io/github/guidewire/oss/cli/SendCommand.kt
Comment thread src/main/kotlin/io/github/guidewire/oss/cli/SendCommand.kt
Comment thread .github/workflows/release.yml Outdated
@Monforton Monforton force-pushed the feat/build-native-cli branch from da94e02 to b820ac8 Compare May 2, 2025 22:45
Comment thread src/main/kotlin/io/github/guidewire/oss/cli/FernJUnitClientCommand.kt Outdated
@Monforton Monforton force-pushed the feat/build-native-cli branch from 0f5f678 to bec4c0b Compare June 6, 2025 21:17
@Monforton Monforton requested a review from thestuckster June 6, 2025 21:17
@kusari-inspector

kusari-inspector Bot commented Jun 6, 2025

Copy link
Copy Markdown

Kusari Analysis Results

Analysis for commit: 976e602, performed at: 2025-06-06T21:25:09Z

@kusari-inspector rerun - Trigger a re-analysis of this PR

@kusari-inspector feedback [your message] - Send feedback to our AI and team


Recommendation

✅ PROCEED with this Pull Request

Summary

No Flagged Issues Detected

All values appear to be within acceptable risk parameters.

The PR introduces a native CLI build feature with no dependency changes or code vulnerabilities. While there are several GitHub Actions workflow security issues, they are configuration-related rather than functional code problems. The previous command injection vulnerability appears to have been addressed, making the core changes safe to merge.

Found this helpful? Give it a 👍 or 👎 reaction!

Click to expand for details and specific link to issues

Recommended Mitigations

Recommended Code Mitigations

Location: .github/workflows/release.yml:35
Pin GitHub Actions to specific commit hashes instead of version tags for better security against supply chain attacks.

Potential Code Fix:

      - name: Setup GraalVM
        uses: graalvm/setup-graalvm@<specific-commit-hash> # Replace with actual hash

Location: .github/workflows/release.yml:66
Pin GitHub Actions to specific commit hashes instead of version tags for better security against supply chain attacks.

Potential Code Fix:

      - name: Create GitHub Release
        id: create_release
        uses: ncipollo/release-action@<specific-commit-hash> # Replace with actual hash

Location: .github/workflows/release.yml:3
Add a permissions block to limit workflow permissions to only what's needed, following the principle of least privilege.

Potential Code Fix:

on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag for the release (e.g., 1.0.0)'
        required: true
        default: '0.0.0'
      draft-release:
        description: 'Should this release be a draft?'
        type: boolean
        required: false
        default: true

permissions:
  contents: write # For creating releases
  actions: read # For artifacts

Location: .github/workflows/release.yml:32
Set persist-credentials to false to prevent credential persistence through GitHub Actions artifacts.

Potential Code Fix:

      - name: Checkout code
        uses: actions/checkout@v4
        with:
          persist-credentials: false

Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml
Comment thread .github/workflows/release.yml
Comment thread .github/workflows/release.yml
@kusari-inspector

Copy link
Copy Markdown

Kusari PR Analysis rerun based on - 976e602 performed at: 2025-06-06T21:25:09Z - link to updated analysis

@thestuckster thestuckster merged commit 0efe7a5 into main Jun 10, 2025
2 checks passed
@thestuckster thestuckster deleted the feat/build-native-cli branch June 10, 2025 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants