AST-146807: Create Claude MD file for ast-cli-java-wrapper repository#479
Open
cx-aniket-shinde wants to merge 7 commits into
Open
AST-146807: Create Claude MD file for ast-cli-java-wrapper repository#479cx-aniket-shinde wants to merge 7 commits into
cx-aniket-shinde wants to merge 7 commits into
Conversation
- Added comprehensive Cloud.md with all essential sections: - Project Overview - Architecture and design patterns - Repository structure - Technology stack (Maven, Java 8, Jackson, Lombok, etc.) - Development setup and prerequisites - Coding standards and guidelines - Project rules and conventions - Testing strategy with JUnit 5 and code coverage - Known issues and limitations - Included recommended sections: - Database schema (N/A for client library) - External integrations (AST Platform, Maven Central) - Deployment information - Performance considerations - API/Endpoints/Interfaces documentation - Security & Access controls - Logging configuration - Debugging steps and common issues - Documentation follows the standardization template from epic AST-146793
commit 8e107dc Author: Atish Jadhav <atish.jadhav@checkmarx.com> Date: Tue Jun 23 19:34:27 2026 +0530 security: fix SCA vulnerability for JUnit (#488) Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> commit 06dafaa Author: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> Date: Mon Jun 22 12:37:18 2026 +0100 security: harden release workflow and declare workflow_call secrets (#487) * security: harden release workflow and declare workflow_call secrets - Replace actions/checkout v4.3.1 with v6.0.3 and switch from PERSONAL_ACCESS_TOKEN to GITHUB_TOKEN - Fix script injection in Download CLI, Tag, Update POM, Build artifactId, and Publish steps by moving inputs to env vars - Replace deprecated ::set-output with $GITHUB_OUTPUT in Tag step - Update actions/setup-java v4.3.0 to v5.2.0 - Add explicit secrets declaration for workflow_call (MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, OSSRH_TOKEN, OSSRH_USERNAME) - Fix broken shell conditional in Build artifactId property step * chore(gha): harden GitHub Actions workflows security * chore(gha): disable nightly trigger and remove pr-labeler workflow * chore(gha): configure echo mirror for Maven dependency resolution commit 6661e60 Author: Atish Jadhav <141334503+cx-atish-jadhav@users.noreply.github.com> Date: Thu Jun 18 22:49:44 2026 +0530 Updating ast-cli version and binaries 2.3.54 (#485) * Updating ast-cli version and binaries * Harden workflows: scope permissions, fix set-output, replace dev-drprasad, remove repository_dispatch, comment notify and spotbugs * Remove Maven cache from release and CI workflows * Add publish input to gate Maven Central deploy --------- Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> commit 06b449c Author: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com> Date: Thu Jun 18 16:57:16 2026 +0300 chore: remove .github/workflows/dependabot-auto-merge.yml commit 6fb3166 Author: Ohad Israeli <243351248+cx-ohad-israeli@users.noreply.github.com> Date: Wed Jun 10 17:39:51 2026 +0300 chore: remove Dependabot configuration commit 814a504 Author: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> Date: Fri May 29 21:25:57 2026 -0400 [StepSecurity] Apply security best practices (#481) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Updates the AST CLI binaries to version 2.3.55 across all platforms (Linux, Linux ARM, macOS, Windows). Switches distribution from Sonatype Central to Checkmarx's Echo repository, adds Echo repository configuration to pom.xml for dependencies and plugins, and configures Maven mirror authentication in CI/release workflows with ECHO_LIBRARIES_ACCESS_KEY secret. Also adds .vscode to gitignore.
Contributor
Security Policy Alert: Secret Policy ViolationThis workflow run has been blocked by StepSecurity's secrets policy because it accesses secrets and the workflow file differs from the default branch. Secret references detected:
To approve this workflow, please add the Note: The label must be added by someone other than the PR author (cx-atish-jadhav) or automation bots to ensure proper security review. After the label is added, you can re-run the blocked workflow to proceed. This workflow will be automatically approved once merged into the default branch. For more information, see StepSecurity's Secret Exfiltration Policy documentation. |
Update Jackson dependency from 2.21.1 to 2.22.0 and bump CLI version to 2.3.56. Also includes: - Updated CLI binaries for all platforms (Linux, Linux ARM, macOS, Windows) - Fixed Maven mirror ID in CI workflows from 'echo' to 'echo-repo' for proper dependency resolution
Make configuring the Echo Maven mirror more robust in CI and release workflows. In .github/workflows/ci.yml create ~/.m2 and write a complete settings.xml via heredoc (ensures the file exists and injects the echo-repo server/mirror using the ECHO_LIBRARIES_ACCESS_KEY secret). In .github/workflows/release.yml replace the single fragile sed with two targeted sed commands to insert the server and mirrors entries. These changes reduce brittle sed usage and avoid failures when ~/.m2/settings.xml is missing or structured differently.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added comprehensive Cloud.md with all essential sections:
Included recommended sections:
Documentation follows the standardization template from epic AST-146793