DiscordSign up
SKILLS.SH

quarkus-verification

Verification loop for Quarkus projects: build, static analysis, tests with coverage, security scans, native compilation, and diff review before release or PR.

INSTALLATION
npx skills add https://github.com/affaan-m/everything-claude-code --skill quarkus-verification
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Quarkus Verification Loop

Run before PRs, after major changes, and pre-deploy.

When to Activate

  • Before opening a pull request for a Quarkus service
  • After major refactoring or dependency upgrades
  • Pre-deployment verification for staging or production
  • Running full build → lint → test → security scan → native compilation pipeline
  • Validating test coverage meets thresholds (80%+)
  • Testing native image compatibility

Phase 1: Build

# Maven

mvn clean verify -DskipTests

Gradle

./gradlew clean assemble -x test

If build fails, stop and fix compilation errors.

## Phase 2: Static Analysis

### Checkstyle, PMD, SpotBugs (Maven)

mvn checkstyle:check pmd:check spotbugs:check


### SonarQube (if configured)

mvn sonar:sonar \

-Dsonar.projectKey=my-quarkus-project \

-Dsonar.host.url=http://localhost:9000 \

-Dsonar.login=${SONAR_TOKEN}


### Common Issues to Address

- Unused imports or variables

- Complex methods (high cyclomatic complexity)

- Potential null pointer dereferences

- Security issues flagged by SpotBugs

## Phase 3: Tests + Coverage

Run all tests

mvn clean test

Generate coverage report

mvn jacoco:report

Enforce coverage threshold (80%)

mvn jacoco:check

Or with Gradle

./gradlew test jacocoTestReport jacocoTestCoverageVerification


### Test Categories

#### Unit Tests

Test service logic with mocked dependencies:

@ExtendWith(MockitoExtension.class)

class UserServiceTest {

@Mock UserRepository userRepository;

@InjectMocks UserService userService;

@Test

void createUser_validInput_returnsUser() {

var dto = new CreateUserDto("Alice", "alice@example.com");

// Panache persist() is void — use doNothing + verify

doNothing().when(userRepository).persist(any(User.class));

User result = userService.create(dto);

assertThat(result.name).isEqualTo("Alice");

verify(userRepository).persist(any(User.class));

}

}


#### Integration Tests

Test with real database (Testcontainers):

@QuarkusTest

@QuarkusTestResource(PostgresTestResource.class)

class UserRepositoryIntegrationTest {

@Inject

UserRepository userRepository;

@Test

@Transactional

void findByEmail_existingUser_returnsUser() {

User user = new User();

user.name = "Alice";

user.email = "alice@example.com";

userRepository.persist(user);

Optional<User> found = userRepository.findByEmail("alice@example.com");

assertThat(found).isPresent();

assertThat(found.get().name).isEqualTo("Alice");

}

}


#### API Tests

Test REST endpoints with REST Assured:

@QuarkusTest

class UserResourceTest {

@Test

void createUser_validInput_returns201() {

given()

.contentType(ContentType.JSON)

.body("""

{"name": "Alice", "email": "alice@example.com"}

""")

.when().post("/api/users")

.then()

.statusCode(201)

.body("name", equalTo("Alice"));

}

@Test

void createUser_invalidEmail_returns400() {

given()

.contentType(ContentType.JSON)

.body("""

{"name": "Alice", "email": "invalid"}

""")

.when().post("/api/users")

.then()

.statusCode(400);

}

}


### Coverage Report

Check `target/site/jacoco/index.html` for detailed coverage:

- Overall line coverage (target: 80%+)

- Branch coverage (target: 70%+)

- Identify uncovered critical paths

## Phase 4: Security Scanning

### Dependency Vulnerabilities (Maven)

mvn org.owasp:dependency-check-maven:check


Review `target/dependency-check-report.html` for CVEs.

### Quarkus Security Audit

Check vulnerable extensions

mvn quarkus:audit

List all extensions

mvn quarkus:list-extensions


### OWASP ZAP (API Security Testing)

docker run -t owasp/zap2docker-stable zap-api-scan.py \

-t http://localhost:8080/q/openapi \

-f openapi


### Common Security Checks

-  All secrets in environment variables (not in code)

-  Input validation on all endpoints

-  Authentication/authorization configured

-  CORS properly configured

-  Security headers set

-  Passwords hashed with BCrypt

-  SQL injection protection (parameterized queries)

-  Rate limiting on public endpoints

## Phase 5: Native Compilation

Test GraalVM native image compatibility:

Build native executable

mvn package -Dnative

Or with container

mvn package -Dnative -Dquarkus.native.container-build=true

Test native executable

./target/*-runner

Run basic smoke tests

curl http://localhost:8080/q/health/live

curl http://localhost:8080/q/health/ready


### Native Image Troubleshooting

Common issues:

- **Reflection**: Add reflection config for dynamic classes

- **Resources**: Include resources with `quarkus.native.resources.includes`

- **JNI**: Register JNI classes if using native libraries

Example reflection config:

@RegisterForReflection(targets = {MyDynamicClass.class})

public class ReflectionConfiguration {}


## Phase 6: Performance Testing

### Load Testing with K6

// load-test.js

import http from 'k6/http';

import { check } from 'k6';

export const options = {

stages: [

{ duration: '30s', target: 50 },

{ duration: '1m', target: 100 },

{ duration: '30s', target: 0 },

],

};

export default function () {

const res = http.get('http://localhost:8080/api/markets');

check(res, {

'status is 200': (r) => r.status === 200,

'response time < 200ms': (r) => r.timings.duration < 200,

});

}


Run:

k6 run load-test.js


### Metrics to Monitor

- Response time (p50, p95, p99)

- Throughput (requests/sec)

- Error rate

- Memory usage

- CPU usage

## Phase 7: Health Checks

Liveness

curl http://localhost:8080/q/health/live

Readiness

curl http://localhost:8080/q/health/ready

All health checks

curl http://localhost:8080/q/health

Metrics (if enabled)

curl http://localhost:8080/q/metrics


Expected responses:

{

"status": "UP",

"checks": [

{

"name": "Database connection",

"status": "UP"

}

]

}


## Phase 8: Container Image Build

Build container image

mvn package -Dquarkus.container-image.build=true

Or with specific registry

mvn package \

-Dquarkus.container-image.build=true \

-Dquarkus.container-image.registry=docker.io \

-Dquarkus.container-image.group=myorg \

-Dquarkus.container-image.tag=1.0.0

Test container

docker run -p 8080:8080 myorg/my-quarkus-app:1.0.0


### Container Security Scan

Trivy

trivy image myorg/my-quarkus-app:1.0.0

Grype

grype myorg/my-quarkus-app:1.0.0


## Phase 9: Configuration Validation

Check all configuration properties

mvn quarkus:info

List all config sources

curl http://localhost:8080/q/dev/io.quarkus.quarkus-vertx-http/config


### Environment-Specific Checks

-  Database URLs configured per environment

-  Secrets externalized (Vault, env vars)

-  Logging levels appropriate

-  CORS origins set correctly

-  Rate limiting configured

-  Monitoring/tracing enabled

## Phase 10: Documentation Review

-  OpenAPI/Swagger docs up to date (`/q/swagger-ui`)

-  README has setup instructions

-  API changes documented

-  Migration guide for breaking changes

-  Configuration properties documented

Generate OpenAPI spec:

curl http://localhost:8080/q/openapi -o openapi.json


## Verification Checklist

### Code Quality

-  Build passes without warnings

-  Static analysis clean (no high/medium issues)

-  Code follows team conventions

-  No commented-out code or TODOs in PR

### Testing

-  All tests pass

-  Code coverage ≥ 80%

-  Integration tests with real database

-  Security tests pass

-  Performance within acceptable limits

### Security

-  No dependency vulnerabilities

-  Authentication/authorization tested

-  Input validation complete

-  Secrets not in source code

-  Security headers configured

### Deployment

-  Native compilation successful

-  Container image builds

-  Health checks respond correctly

-  Configuration valid for target environment

### Native Image

-  Native executable builds

-  Native tests pass

-  Startup time < 100ms

-  Memory footprint acceptable

## Automated Verification Script

#!/bin/bash

set -e

echo "=== Phase 1: Build ==="

mvn clean verify -DskipTests

echo "=== Phase 2: Static Analysis ==="

mvn checkstyle:check pmd:check spotbugs:check

echo "=== Phase 3: Tests + Coverage ==="

mvn test jacoco:report jacoco:check

echo "=== Phase 4: Security Scan ==="

mvn org.owasp:dependency-check-maven:check

echo "=== Phase 5: Native Compilation ==="

mvn package -Dnative -Dquarkus.native.container-build=true

echo "=== All Phases Complete ==="

echo "Review reports:"

echo " - Coverage: target/site/jacoco/index.html"

echo " - Security: target/dependency-check-report.html"

echo " - Native: target/*-runner"


## CI/CD Integration

### GitHub Actions Example

name: Verification

on: [push, pull_request]

jobs:

verify:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v3

- name: Set up JDK 21

uses: actions/setup-java@v3

with:

java-version: '21'

distribution: 'temurin'

- name: Cache Maven packages

uses: actions/cache@v3

with:

path: ~/.m2

key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}

- name: Build

run: mvn clean verify -DskipTests

- name: Test with Coverage

run: mvn test jacoco:report jacoco:check

- name: Security Scan

run: mvn org.owasp:dependency-check-maven:check

- name: Upload Coverage

uses: codecov/codecov-action@v3

with:

files: target/site/jacoco/jacoco.xml

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card