Initial commit (#1)

Initial commit of aws-codeguru-cli

Author: martinschaef

.github/workflows/guru-reviewer.yml

@@ -0,0 +1,52 @@
+# Created using https://github.com/aws-samples/aws-codeguru-reviewer-cicd-cdk-sample
+name: Analyze with CodeGuru Reviewer
+
+on: [push]
+
+permissions:
+    id-token: write
+    contents: read
+    security-events: write 
+
+jobs:
+  build:
+    name: Run CodeGuru Reviewer
+    runs-on: ubuntu-latest
+    steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      continue-on-error: true
+      id: iam-role
+      with:
+        role-to-assume: arn:aws:iam::048169001733:role/GuruGitHubCICDRole
+        aws-region: us-west-2
+    
+    - uses: actions/checkout@v2
+      if: steps.iam-role.outcome == 'success'
+      with:
+        fetch-depth: 0
+
+    - name: Set up JDK 1.8
+      if: steps.iam-role.outcome == 'success'
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    - name: Build project
+      if: steps.iam-role.outcome == 'success'
+      run: ./gradlew clean installDist
+
+    - name: CodeGuru Reviewer
+      if: steps.iam-role.outcome == 'success'
+      id: codeguru
+      uses: aws-actions/[email protected]
+      continue-on-error: false
+      with:          
+        s3_bucket: codeguru-reviewer-build-artifacts-048169001733-us-west-2
+        build_path: ./build/libs
+
+    - name: Upload review result
+      if: steps.iam-role.outcome == 'success' && steps.codeguru.outcome == 'success'
+      continue-on-error: true
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: codeguru-results.sarif.json

.github/workflows/java-compatible.yml

@@ -0,0 +1,32 @@
+
+name: Build with different JDKs
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+    id-token: write
+    contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '8', '11', '16', '17' ]
+    name: Java ${{ matrix.Java }} build
+
+    steps:    
+    - uses: actions/checkout@v2
+    - name: Setup java
+      uses: actions/setup-java@v2
+      with:
+        distribution: 'temurin'
+        java-version: ${{ matrix.java }}
+    - name: Build project
+      run: ./gradlew clean installDist
+    - name: Run cli
+      run: ./build/install/aws-codeguru-cli/bin/aws-codeguru-cli
+

.github/workflows/self-test-and-release.yml

@@ -0,0 +1,57 @@
+# Created using https://github.com/aws-samples/aws-codeguru-reviewer-cicd-cdk-sample
+name: Self-test and release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+    id-token: write
+    contents: write
+
+jobs:
+  build:
+    name: Build, self-test, release
+    runs-on: ubuntu-latest
+    steps:    
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    - name: Build project
+      run: ./gradlew clean installDist distZip
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      continue-on-error: true
+      id: iam-role
+      with:
+        role-to-assume: arn:aws:iam::048169001733:role/GuruGitHubCICDRole
+        aws-region: us-west-2
+
+    - name: Self Test
+      if: steps.iam-role.outcome == 'success'
+      run: |
+        ./build/install/aws-codeguru-cli/bin/aws-codeguru-cli --region us-west-2 -r . -s src/main/java -b build/libs -c HEAD^:HEAD --no-prompt
+
+    - name: Get Release Version
+      run: |
+        echo "::set-output name=TAG_NAME::$(./gradlew properties -q | grep "version:" | awk '{print $2}')"
+      id: version
+
+    - name: Release
+      uses: softprops/action-gh-release@v1
+      with:
+        tag_name: ${{ steps.version.outputs.TAG_NAME }}
+        prerelease: false
+        draft: false
+        body: >
+          Version ${{ steps.version.outputs.TAG_NAME }} of the AWS CodeGuru Reviewer CLI.
+        files: |
+          ./build/distributions/aws-codeguru-cli.zip
+          LICENSE

.gitignore

@@ -0,0 +1,8 @@
+build
+.gradle
+.vscode
+.guru
+code-guru
+.DS_Store
+.idea
+test-output*

README.md

@@ -1,11 +1,106 @@
-## My Project
+# CodeGuru Reviewer CLI Wrapper
+Simple CLI wrapper for CodeGuru reviewer that provides a one-line command to scan a local clone of a repository and
+receive results. This CLI wraps the [AWS CLI](https://aws.amazon.com/cli/) commands to communicated with 
+[AWS CodeGuru Reviewer](https://aws.amazon.com/codeguru/). Using CodeGuru Reviewer may generate metering fees
+in your AWS account. See the [CodeGuru Reviewer pricing](https://aws.amazon.com/codeguru/pricing/) for details.
 
-TODO: Fill this README out!
+### Before you start
 
-Be sure to:
+Before we start, let's make sure that you can access an AWS account from your computer. 
+Follow the credential setup process for the [AWS CLI](https://github.com/aws/aws-cli#configuration).
+The credentials must have at least the following permissions:
 
-* Change the title in this README
-* Edit your repository description on GitHub
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "codeguru-reviewer:ListRepositoryAssociations",
+                "codeguru-reviewer:AssociateRepository",
+                "codeguru-reviewer:DescribeRepositoryAssociation",
+                "codeguru-reviewer:CreateCodeReview",
+                "codeguru-reviewer:DescribeCodeReview",
+                "codeguru-reviewer:ListRecommendations"
+            ],
+            "Resource": "*",
+            "Effect": "Allow"
+        },
+        {
+            "Action": [
+                "s3:CreateBucket",
+                "s3:GetBucket*",
+                "s3:List*",
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:DeleteObject"
+            ],
+            "Resource": [
+                "arn:aws:s3:::codeguru-reviewer-cli-*",
+                "arn:aws:s3:::codeguru-reviewer-cli-*/*"
+            ],
+            "Effect": "Allow"
+        }
+    ]
+}
+```
+
+
+### Download the CLI and scan an Example
+
+You can download the [aws-codeguru-cli](releases/download/latest/aws-codeguru-cli.zip) from the releases section.
+Download the latest version and add it to your `PATH`:
+```
+curl -OL https://github.com/martinschaef/aws-codeguru-cli/releases/download/latest/aws-codeguru-cli.zip
+unzip aws-codeguru-cli.zip
+export PATH=$PATH:./aws-codeguru-cli/bin
+```
+
+Now, lets download an example project (requires Maven):
+```
+git clone https://github.com/aws-samples/amazon-codeguru-reviewer-sample-app
+cd amazon-codeguru-reviewer-sample-app
+mvn clean compile
+```
+After compiling, we can run CodeGuru with:
+```
+aws-codeguru-cli --root-dir ./ --build target/classes --src src --output ./output
+open output/codeguru-report.html 
+```
+where `--root-dir .` specifies that the root of the project that we want to analyze. The option `--build target/classses` states that the build artifacts are located under `./target/classes` and `--src` says that we only want to analyze source files that are
+located under `./src`. The option `--output ./output` specifies where CodeGuru should write its recommendations to. By default,
+CodeGuru produces a Json and Html report.
+
+You can provide your own bucket name using the `--bucket-name` option. Note that, currently, CodeGuru Reviewer only
+accepts bucket names that start with the prefix `codeguru-reviewer-`.
+
+### Running from CI/CD
+
+You can use this CLI to run CodeGuru from inside your CI/CD pipeline. See [this action](.github/workflows/self-test-and-release.yml#L30-L41) as an example. First, you need credentials for a role with the permissions mentioned above. If you already scanned
+the repository once with the CLI, the S3 bucket has been created, and the you do not need the `s3:CreateBucket*` permission anymore.
+
+Then you can run the CLI in non-interactive mode using the `--no-prompt` option. Further, you can specify a region and 
+AWS profile using the `--region` and `--profile` options as needed:
+```
+aws-codeguru-cli --region [BUCKET REGION] --no-prompt -r ./ ...
+```
+obtain the commit range works differently for different CI/CD providers. For example, GitHub provides the relevant
+commits via environment variables such as `${{ github.event.before }}` and `${{ github.event.after }}`.
+
+### Build from Source
+
+To build the project, you need Java 8 or later. Checkout this repository and run:
+```
+./gradlew installDist
+```
+and now run your local build with:
+```
+./build/install/aws-codeguru-cli/bin/aws-codeguru-cli
+```
+you can run a self-test with:
+```
+./build/install/aws-codeguru-cli/bin/aws-codeguru-cli -r . -s src/main/java -b build/libs -c HEAD^:HEAD
+```
 
 ## Security
 
@@ -14,4 +109,3 @@ See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more inform
 ## License
 
 This project is licensed under the Apache-2.0 License.
-

build.gradle

@@ -0,0 +1,94 @@
+
+buildscript {
+  repositories {
+    maven {
+      url "https://plugins.gradle.org/m2/"
+    }
+  }
+  dependencies {
+    classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:5.0.3"
+  }
+}
+
+/*
+ Applies core Gradle plugins, which are ones built into Gradle itself.
+*/
+plugins {
+    // Java for compile and unit test of Java source files. Read more at:
+    // https://docs.gradle.org/current/userguide/java_plugin.html
+    id 'java'
+
+    // Checkstyle for style checks and reports on Java source files. Read more at:
+    // https://docs.gradle.org/current/userguide/checkstyle_plugin.html
+    id 'checkstyle'
+
+    id 'application'
+}
+
+// SpotBugs for quality checks and reports of source files. Read more at:
+// https://spotbugs.readthedocs.io/en/stable/gradle.html
+apply plugin: 'com.github.spotbugs'
+
+checkstyle {
+    sourceSets = [sourceSets.main]
+    ignoreFailures = false
+}
+
+spotbugs {
+    ignoreFailures.set(false)
+}
+
+repositories {
+    mavenCentral()
+}
+
+defaultTasks('installDist')
+
+version = '0.0.1'
+jar.archiveName = "${jar.baseName}.${jar.extension}"
+distZip.archiveName = "${jar.baseName}.zip"
+
+application {
+    mainClass = 'com.amazonaws.gurureviewercli.Main'
+}
+
+dependencies {
+    implementation 'software.amazon.awssdk:s3:2.17.113'
+    implementation 'software.amazon.awssdk:sts:2.17.113'
+    implementation 'software.amazon.awssdk:codegurureviewer:2.17.113'
+    implementation 'software.amazon.awssdk:sdk-core:2.17.113'
+
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.0'
+    implementation 'com.fasterxml.jackson.core:jackson-core:2.13.0'
+
+    implementation 'com.beust:jcommander:1.81'
+
+    implementation 'org.eclipse.jgit:org.eclipse.jgit:5.13.0.202109080827-r'
+
+    implementation 'org.apache.logging.log4j:log4j-core:2.17.1'
+    implementation 'org.slf4j:slf4j-nop:2.0.0-alpha5'
+
+    // For Java 9+
+    implementation 'javax.xml.bind:jaxb-api:2.3.1'
+
+    implementation 'org.commonmark:commonmark:0.18.1'
+
+    implementation 'org.beryx:text-io:3.4.1'
+
+    implementation 'com.google.code.findbugs:jsr305:3.0.2'
+
+    compileOnly 'org.projectlombok:lombok:1.18.22'
+    annotationProcessor 'org.projectlombok:lombok:1.18.22'
+    
+    testCompileOnly 'org.projectlombok:lombok:1.18.22'
+    testAnnotationProcessor 'org.projectlombok:lombok:1.18.22'
+
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.8.2'
+    testImplementation 'org.mockito:mockito-junit-jupiter:4.2.0'
+}
+
+test {
+    useJUnitPlatform()
+}
+

gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.2-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists