MyShuttle is a sample Java/JEE application that provides booking system, admin portal and a control system for the drivers. The application uses entirely open source software including Linux, Java, Apache, and MySQL which creates a web front end, an order service, and an integration service.

For historical reasons the default branch for the repository is demos/main.

This is a sample application that is not intended to show any programming best practices. In fact it uses old dependencies on purpose to show dependabot, there is a branch with a hardcoded PAT to show credential scanning and the workflows have some bad practices on purpose (can you spot them?).

The intent of this repo is to show some capabilities:

• Environments:
  • Approvals
  • Protection rules
• Pull Requests and protected branches - When a pull request is created, it:
  • Builds code and runs unit tests using Maven (including code coverage).
  • Provisions an isolated ephemeral environment (which is destroyed when the pull request is closed/completed)
  • Runs integrations tests on the provisioned environment using Playwright
  • Tests (both unit and function tests) results are published as PR comments (and PR checks) as well as code coverage reports.
• Composite Actions - Uses composite actions as a way to have a template and to reduce repetitive steps. The composite action provisions, deploys and runs integration tests. The composite actions are stored in the actions folder. The implementation of this action is certainly debeatable since it downloads artifacts, which should be a responsibility of the workflow. Here is a nice writeup of the pros and cons of using composite actions.
• Packages - When a release is created a maven package is published to GitHub packages
• GitHub Advanced Security - CI/CD performs code scanning analysis and credential scanning is also enabled:
  • Code is scanned with CodeQL
  • Container image are scanned with both trivy and Anchore
  • We perform a DAST analysis on deployed code using OWASP Zap
• Dependabot - To ensure supply chain security
• code owners - Automatically assign pull request code reviewers based on the file path(s) of the proposed changes.
• Issue templates

Uses ARM templates, to provision the DEV and QA environments using Infrastructure as code (IaC) and GitHub Actions. The arm templates create both a WebApp and a MySql server (per environment, each environment is a separate resource group).

CI/CD Workflow

Releases, Packages and environment in repo view

I have created some instructions if you want to run this sample on your own repo.

Although you can fork the repository, if you want to try the enterprise features I recommend that you do a clone and push to your organization (or the simpler import). While you can fork a repository into an organization you can only have a fork per target organization, so it is recommended to clone the repository into your organization in order to allow more people on your organization to try it out.

NOTE If you import the repository you will need to change the default branch to demos/main. see Changing the default branch

It requires GitHub Enterprise to use environments and manual approvals. On a personal repo you won't see environments and approvals but everyhing else works without making changes.

The deletion of the ephemeral environment when the Pull request is closed requires you to create an app (or use a PAT token and changing the pr-closed workflow to use it instead of the app)