Back to Details

springboot-verification

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Spring Boot Verification Loop

Spring Boot 验证循环

Run before PRs, after major changes, and pre-deploy.
在提交PR前、重大变更后以及部署前运行。

Phase 1: Build

阶段1:构建

bash
mvn -T 4 clean verify -DskipTests
bash
mvn -T 4 clean verify -DskipTests

or

or

./gradlew clean assemble -x test

If build fails, stop and fix.
./gradlew clean assemble -x test

如果构建失败,停止并修复问题。

Phase 2: Static Analysis

阶段2:静态分析

Maven (common plugins):
bash
mvn -T 4 spotbugs:check pmd:check checkstyle:check
Gradle (if configured):
bash
./gradlew checkstyleMain pmdMain spotbugsMain
Maven(常用插件):
bash
mvn -T 4 spotbugs:check pmd:check checkstyle:check
Gradle(若已配置):
bash
./gradlew checkstyleMain pmdMain spotbugsMain

Phase 3: Tests + Coverage

阶段3:测试 + 覆盖率

bash
mvn -T 4 test
mvn jacoco:report   # verify 80%+ coverage
bash
mvn -T 4 test
mvn jacoco:report   # 验证覆盖率达到80%以上

or

or

./gradlew test jacocoTestReport

Report:
- Total tests, passed/failed
- Coverage % (lines/branches)
./gradlew test jacocoTestReport

报告内容:
- 测试总数、通过/失败数量
- 覆盖率百分比(行/分支)

Phase 4: Security Scan

阶段4:安全扫描

bash
undefined
bash
undefined

Dependency CVEs

依赖项CVE检查

mvn org.owasp:dependency-check-maven:check
mvn org.owasp:dependency-check-maven:check

or

or

./gradlew dependencyCheckAnalyze
./gradlew dependencyCheckAnalyze

Secrets (git)

敏感信息扫描(git)

git secrets --scan # if configured
undefined
git secrets --scan # 若已配置
undefined

Phase 5: Lint/Format (optional gate)

阶段5:代码规范检查/格式化(可选关卡)

bash
mvn spotless:apply   # if using Spotless plugin
./gradlew spotlessApply
bash
mvn spotless:apply   # 若使用Spotless插件
./gradlew spotlessApply

Phase 6: Diff Review

阶段6:差异审查

bash
git diff --stat
git diff
Checklist:
  • No debugging logs left (
    System.out
    , 
    log.debug
    without guards)
  • Meaningful errors and HTTP statuses
  • Transactions and validation present where needed
  • Config changes documented
bash
git diff --stat
git diff
检查清单:
  • 无遗留的调试日志(如
    System.out
    、未加防护的
    log.debug
  • 错误信息和HTTP状态码有意义
  • 必要处已添加事务和验证逻辑
  • 配置变更已记录文档

Output Template

输出模板

VERIFICATION REPORT
===================
Build:     [PASS/FAIL]
Static:    [PASS/FAIL] (spotbugs/pmd/checkstyle)
Tests:     [PASS/FAIL] (X/Y passed, Z% coverage)
Security:  [PASS/FAIL] (CVE findings: N)
Diff:      [X files changed]

Overall:   [READY / NOT READY]

Issues to Fix:
1. ...
2. ...
VERIFICATION REPORT
===================
Build:     [PASS/FAIL]
Static:    [PASS/FAIL] (spotbugs/pmd/checkstyle)
Tests:     [PASS/FAIL] (X/Y passed, Z% coverage)
Security:  [PASS/FAIL] (CVE findings: N)
Diff:      [X files changed]

Overall:   [READY / NOT READY]

Issues to Fix:
1. ...
2. ...

Continuous Mode

持续模式

  • Re-run phases on significant changes or every 30–60 minutes in long sessions
  • Keep a short loop: 
    mvn -T 4 test
    + spotbugs for quick feedback
Remember: Fast feedback beats late surprises. Keep the gate strict—treat warnings as defects in production systems.
  • 在重大变更后或长会话中每30-60分钟重新运行各阶段
  • 保留快速循环:
    mvn -T 4 test
    + spotbugs 以获取快速反馈
注意:快速反馈优于后期意外。严格把关——在生产系统中,将警告视为缺陷处理。