diff --git a/examples/junit/README.md b/examples/junit/README.md index edab34d..dca18d1 100644 --- a/examples/junit/README.md +++ b/examples/junit/README.md @@ -1,8 +1,8 @@ # **JUnit Test Evidence Example** -This repository provides a working example of a GitHub Actions workflow that automates Java Maven project testing using **JUnit**. It then attaches the resulting test report as signed, verifiable evidence to the package in **JFrog Artifactory**. +This repository provides a working example of a GitHub Actions workflow that automates the testing of a Java Maven project using JUnit. It then attaches the resulting consolidated test report as signed, verifiable evidence to the build information in JFrog Artifactory. -This workflow is an essential pattern for DevSecOps, creating a traceable, compliant, and secure software supply chain with comprehensive test coverage validation. +This workflow creates an essential quality gate, ### **Key Features** @@ -117,6 +117,7 @@ Once the workflow completes successfully, you can navigate to your repository in * **Build and Deploy Maven Package:** ```bash +The workflow compiles and packages the Java application using Maven. It then uploads the resulting `.jar` file directly to Artifactory using the JFrog CLI and publishes the associated build information. cd examples/junit/src mvn clean compile mvn deploy -DaltDeploymentRepository=artifactory::default::$REGISTRY_DOMAIN/$REPO_NAME @@ -130,6 +131,7 @@ mvn test ``` * **Generate Test Reports:** + The workflow executes the standard Maven test lifecycle. The Surefire plugin runs all JUnit tests and generates XML reports. Additional Maven commands are run to create a user-friendly HTML site with the test results. ```bash cd examples/junit/src @@ -138,6 +140,7 @@ mvn site:site ``` * **Consolidate Test Results:** + The XML reports generated by Maven are not ideal for evidence. This step runs custom shell scripts to merge all individual XML test reports into one, and then converts that consolidated report into a single `consolidated-test-report.json` file. ```bash cd examples/junit/src @@ -153,6 +156,7 @@ python ../junit_json_to_markdown_helper.py target/consolidated-test-report.json ``` * **Attach Evidence:** + This final step uses `jf evd create --build-name` to attach the consolidated JSON test report to the **build information** that was published in the first step. This creates a verifiable link between the CI process and its resulting test quality. ```bash jf evd create \ @@ -199,4 +203,4 @@ The workflow generates a consolidated JSON test report with the following struct * [JUnit 5 Documentation](https://junit.org/junit5/docs/current/user-guide/) * [Maven Surefire Plugin](https://maven.apache.org/surefire/maven-surefire-plugin/) * [JFrog Evidence Management](https://jfrog.com/help/r/jfrog-artifactory-documentation/evidence-management) -* [JFrog CLI Documentation](https://jfrog.com/getcli/) \ No newline at end of file +* [JFrog CLI Documentation](https://jfrog.com/getcli/)