| name | springboot-verification |
| description | Use before opening PRs, after major refactoring, or pre-deployment for Spring Boot verification. Do NOT use for writing tests (use springboot-tdd), security implementation (use springboot-security), or general patterns (use springboot-patterns). |
| paths | **/*.java, **/build.gradle*, **/pom.xml |
Spring Boot Verification Loop
PR, ๋ฐฐํฌ ์ ๊ฒ์ฆ ํ์ดํ๋ผ์ธ. ๋น๋ โ ์ ์ ๋ถ์ โ ํ
์คํธ+์ปค๋ฒ๋ฆฌ์ง โ ๋ณด์์ค์บ โ diff ๋ฆฌ๋ทฐ.
When to Activate
- PR ์ด๊ธฐ ์
- ๋๊ท๋ชจ ๋ฆฌํฉํ ๋ง / ์์กด์ฑ ์
๊ทธ๋ ์ด๋ ํ
- Staging/Production ๋ฐฐํฌ ์
- ์ ์ฒด ๊ฒ์ฆ ํ์ดํ๋ผ์ธ ์คํ
CRITICAL Rules
- Phase ์์ ์์ โ ์ ๋จ๊ณ ์คํจ ์ ์ฆ์ ์ค๋จ ํ ์์
- ์ปค๋ฒ๋ฆฌ์ง 80% ๋ฏธ๋ง = FAIL โ ์์ธ ์์
- OWASP Critical/High CVE = FAIL โ ๋ฐฐํฌ ์ฐจ๋จ
- System.out.println = FAIL โ Logger ์ฌ์ฉ ํ์
Phase 1: Build
mvn -T 4 clean verify -DskipTests
./gradlew clean assemble -x test
๋น๋ ์คํจ ์ ์ค๋จ. ์ปดํ์ผ ์๋ฌ, ๋ฆฌ์์ค ๋๋ฝ ๋จผ์ ํด๊ฒฐ.
Phase 2: Static Analysis
Maven
mvn spotbugs:check
mvn pmd:check
mvn checkstyle:check
mvn -T 4 spotbugs:check pmd:check checkstyle:check
Gradle
./gradlew checkstyleMain pmdMain spotbugsMain
Common Issues to Check
grep -rn "System\.out\.print" src/main/ --include="*.java"
grep -rn "e\.getMessage()" src/main/ --include="*.java" | grep -i "response\|body\|return"
grep -rn "TODO\|FIXME\|HACK\|XXX" src/main/ --include="*.java"
grep -rn "import .*\.\*;" src/main/ --include="*.java"
Phase 3: Tests + Coverage
mvn -T 4 test
mvn jacoco:report
./gradlew test jacocoTestReport
Coverage Verification
mvn jacoco:check
cat target/site/jacoco/jacoco.csv | head -5
Test Failure Analysis
์คํจํ ํ
์คํธ๊ฐ ์์ผ๋ฉด:
- ์คํจ ๋ฉ์์ง์ stack trace ํ์ธ
- ์ต๊ทผ ๋ณ๊ฒฝ ์ฌํญ๊ณผ ๊ด๋ จ์ฑ ํ์
- Flaky test ์ฌ๋ถ ํ์ธ (์ฌ์คํ์ผ๋ก ํ๋ณ)
- ์์ ํ Phase 3 ์ฌ์คํ
Phase 4: Security Scan
Dependency CVE Scan
mvn org.owasp:dependency-check-maven:check
./gradlew dependencyCheckAnalyze
Source Code Secrets Scan
grep -rn 'password\s*=\s*"' src/ --include="*.java" --include="*.yml" --include="*.properties"
grep -rn 'sk-\|api_key\|secret\s*=' src/ --include="*.java" --include="*.yml"
git secrets --scan
Security Anti-Patterns
grep -rn 'allowedOrigins.*"\*"' src/main/ --include="*.java"
grep -rn 'csrf.*disable' src/main/ --include="*.java"
grep -rn '@Autowired' src/main/ --include="*.java" | grep -v "constructor\|param"
Phase 5: Format (Optional)
mvn spotless:check
mvn spotless:apply
./gradlew spotlessCheck
./gradlew spotlessApply
Phase 6: Diff Review
git diff --stat
git diff
Diff Checklist
Verification Report Template
VERIFICATION REPORT
===================
Build: [PASS/FAIL]
Static: [PASS/FAIL] (spotbugs/pmd/checkstyle findings: N)
Tests: [PASS/FAIL] (X/Y passed, Z% line coverage)
Security: [PASS/FAIL] (CVE critical: N, high: N)
Format: [PASS/SKIP]
Diff: [X files changed, +Y/-Z lines]
Overall: [READY / NOT READY]
Issues to Fix:
1. ...
2. ...
Quick Verification (Development)
ํ ํ์ดํ๋ผ์ธ์ด ๋ฌด๊ฑฐ์ธ ๋, ๋น ๋ฅธ ํผ๋๋ฐฑ ๋ฃจํ:
mvn -T 4 test
mvn -T 4 test spotbugs:check
./gradlew test spotbugsMain
๋๊ท๋ชจ ๋ณ๊ฒฝ์ด๋ PR ์ ์๋ ๋ฐ๋์ ์ ์ฒด ํ์ดํ๋ผ์ธ ์คํ.
Cross-References
| Topic | Skill |
|---|
| Test ์์ฑ ๋ฐฉ๋ฒ (MockMvc, Mockito) | springboot-tdd |
| Security ๊ตฌํ | springboot-security |
| JPA ํ
์คํธ (DataJpaTest, Testcontainers) | jpa-patterns |
| Core Spring Boot ํจํด | springboot-patterns |
| ๋ณํฉ ์ ๋ค์ถ ์ฝ๋ ๋ฆฌ๋ทฐ (correctness/security/perf) | code-review |
References