Quarkus Verification

Name: Quarkus Verification
Author: affaan-m

affaan-m/everything-claude-code

Run the full Quarkus verify loop—build, static analysis, tests with JaCoCo thresholds, security scans, and native image checks—before a PR or deploy.

Overview

Quarkus Verification is an agent skill most often used in Ship (also Ship security, Operate iterate) that runs build, lint, test, coverage, security, and native-image checks for Quarkus projects before PR or deploy.

Install

npx skills add https://github.com/affaan-m/everything-claude-code --skill quarkus-verification

What is this skill?

Phased pipeline: build, static analysis, tests + coverage, security scans, native compilation
Maven and Gradle command recipes for verify, Checkstyle, PMD, SpotBugs, and SonarQube
JaCoCo coverage report with optional 80% threshold enforcement
Explicit stop-on-fail on compilation before continuing the loop
Activate after major refactors, dependency upgrades, or staging/production deploy prep
Coverage threshold example set at 80% via JaCoCo check
Multi-phase loop: Build, Static Analysis, Tests + Coverage, plus security and native compilation phases

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 1.1k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are about to open a Quarkus PR or deploy without confidence that compile, static analysis, tests, coverage, and native builds all pass together.

Who is it for?

Solo developers shipping Quarkus APIs or workers who want an ECC-style checklist the coding agent can execute in the terminal.

Skip if: Greenfield feature design or non-Quarkus Java/Spring projects that need a different verification playbook.

When should I use this skill?

Before opening a Quarkus pull request, after major refactoring or dependency upgrades, pre-deployment verification, or when validating coverage and native image compatibility.

What do I get? / Deliverables

You complete a documented verification pipeline with failing steps isolated early and coverage at or above your configured threshold before merge or release.

Passing verify/build and test reports
JaCoCo coverage report meeting threshold
Documented static analysis and native build status

Recommended Skills

Agent Browservercel-labs/open-agents

agent-browser is a Vercel Open Agents skill that wraps a CLI for programmatic browser control—ideal when solo builders n…404k installs·5.6k stars

Tddmattpocock/skills

TDD is an agent skill that coaches test-driven development using the red-green-refactor loop for solo and indie builders…214k installs·121k stars

Use My Browserxixu-me/skills

Use My Browser skill forces agents to classify tasks as static-capable or browser-required before choosing tools—staying…198k installs·61 stars

Test Driven Developmentobra/superpowers

Test-Driven Development is an agent skill from obra/superpowers that forces a test-first implementation ritual: write a …118k installs·221k stars

Verification Before Completionobra/superpowers

Verification Before Completion is an agent skill from the Superpowers lineage that blocks premature success claims durin…100k installs·221k stars

Webapp Testinganthropics/skills

webapp-testing is an agent skill for solo builders who need to prove that a local web application actually works—not jus…90.9k installs·148k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Ship is the canonical shelf because the skill is a pre-PR and pre-deploy gate, not day-two incident response. Testing subphase matches coverage enforcement, test execution, and native compilation validation as the core deliverable.

Also useful

ShipSecurity

Also useful

OperateIteration & experiments

Where it fits

Example use

ShipTesting & QA

Run mvn clean test and jacoco:check before opening a PR for a new REST resource.

Example use

ShipSecurity

Execute SpotBugs and security scan phases after upgrading Quarkus extensions.

Example use

OperateIteration & experiments

Repeat the full loop before promoting a staging build to production.

Example use

BuildBackend, data & payments

Validate native compilation locally after adding GraalVM-specific dependencies.

How it compares

Terminal-driven verification workflow for Quarkus, not a generic code-review rubric unrelated to Maven/Gradle builds.

Common Questions / FAQ

Who is quarkus-verification for?

Indie backend builders maintaining Quarkus services with Maven or Gradle who need a full verify loop before PRs or production pushes.

When should I use quarkus-verification?

Use it before opening a Quarkus pull request, after large refactors or dependency bumps, when validating staging or production deploy readiness, or when enforcing 80%+ test coverage and native image builds.

Is quarkus-verification safe to install?

Check the Security Audits panel on this page; the skill instructs local build and scan commands that need shell access—run only in trusted repos and review SONAR_TOKEN and similar secrets usage.

SKILL.md

READMESKILL.md - Quarkus Verification

# Quarkus Verification Loop

Run before PRs, after major changes, and pre-deploy.

## When to Activate

- Before opening a pull request for a Quarkus service
- After major refactoring or dependency upgrades
- Pre-deployment verification for staging or production
- Running full build → lint → test → security scan → native compilation pipeline
- Validating test coverage meets thresholds (80%+)
- Testing native image compatibility

## Phase 1: Build

```bash
# Maven
mvn clean verify -DskipTests

# Gradle
./gradlew clean assemble -x test
```

If build fails, stop and fix compilation errors.

## Phase 2: Static Analysis

### Checkstyle, PMD, SpotBugs (Maven)

```bash
mvn checkstyle:check pmd:check spotbugs:check
```

### SonarQube (if configured)

```bash
mvn sonar:sonar \
  -Dsonar.projectKey=my-quarkus-project \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=${SONAR_TOKEN}
```

### Common Issues to Address

- Unused imports or variables
- Complex methods (high cyclomatic complexity)
- Potential null pointer dereferences
- Security issues flagged by SpotBugs

## Phase 3: Tests + Coverage

```bash
# Run all tests
mvn clean test

# Generate coverage report
mvn jacoco:report

# Enforce coverage threshold (80%)
mvn jacoco:check

# Or with Gradle
./gradlew test jacocoTestReport jacocoTestCoverageVerification
```

### Test Categories

#### Unit Tests
Test service logic with mocked dependencies:

```java
@ExtendWith(MockitoExtension.class)
class UserServiceTest {
  @Mock UserRepository userRepository;
  @InjectMocks UserService userService;

  @Test
  void createUser_validInput_returnsUser() {
    var dto = new CreateUserDto("Alice", "alice@example.com");

    // Panache persist() is void — use doNothing + verify
    doNothing().when(userRepository).persist(any(User.class));

    User result = userService.create(dto);

    assertThat(result.name).isEqualTo("Alice");
    verify(userRepository).persist(any(User.class));
  }
}
```

#### Integration Tests
Test with real database (Testcontainers):

```java
@QuarkusTest
@QuarkusTestResource(PostgresTestResource.class)
class UserRepositoryIntegrationTest {

  @Inject
  UserRepository userRepository;

  @Test
  @Transactional
  void findByEmail_existingUser_returnsUser() {
    User user = new User();
    user.name = "Alice";
    user.email = "alice@example.com";
    userRepository.persist(user);

    Optional<User> found = userRepository.findByEmail("alice@example.com");

    assertThat(found).isPresent();
    assertThat(found.get().name).isEqualTo("Alice");
  }
}
```

#### API Tests
Test REST endpoints with REST Assured:

```java
@QuarkusTest
class UserResourceTest {

  @Test
  void createUser_validInput_returns201() {
    given()
        .contentType(ContentType.JSON)
        .body("""
            {"name": "Alice", "email": "alice@example.com"}
            """)
        .when().post("/api/users")
        .then()
        .statusCode(201)
        .body("name", equalTo("Alice"));
  }

  @Test
  void createUser_invalidEmail_returns400() {
    given()
        .contentType(ContentType.JSON)
        .body("""
            {"name": "Alice", "email": "invalid"}
            """)
        .when().post("/api/users")
        .then()
        .statusCode(400);
  }
}
```

### Coverage Report

Check `target/site/jacoco/index.html` for detailed coverage:
- Overall line coverage (target: 80%+)
- Branch coverage (target: 70%+)
- Identify uncovered critical paths

## Phase 4: Security Scanning

### Dependency Vulnerabilities (Maven)

```bash
mvn org.owasp:dependency-check-maven:check
```

Review `target/dependency-check-report.html` for CVEs.

### Quarkus Security Audit

```bash
# Check vulnerable extensions
mvn quarkus:audit

# List all extensions
mvn quarkus:list-extensions
```

### OW

What is this skill?

Phased pipeline: build, static analysis, tests + coverage, security scans, native compilation

Maven and Gradle command recipes for verify, Checkstyle, PMD, SpotBugs, and SonarQube

JaCoCo coverage report with optional 80% threshold enforcement

Explicit stop-on-fail on compilation before continuing the loop

Activate after major refactors, dependency upgrades, or staging/production deploy prep

Coverage threshold example set at 80% via JaCoCo check

Multi-phase loop: Build, Static Analysis, Tests + Coverage, plus security and native compilation phases

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 1.1k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

Also useful

OperateIteration & experiments

Where it fits

Example use

ShipTesting & QA

Run mvn clean test and jacoco:check before opening a PR for a new REST resource.

Example use

ShipSecurity

Execute SpotBugs and security scan phases after upgrading Quarkus extensions.

Example use

OperateIteration & experiments

Repeat the full loop before promoting a staging build to production.

Example use

BuildBackend, data & payments

Validate native compilation locally after adding GraalVM-specific dependencies.

SKILL.md

READMESKILL.md - Quarkus Verification

# Quarkus Verification Loop

Run before PRs, after major changes, and pre-deploy.

## When to Activate

- Before opening a pull request for a Quarkus service
- After major refactoring or dependency upgrades
- Pre-deployment verification for staging or production
- Running full build → lint → test → security scan → native compilation pipeline
- Validating test coverage meets thresholds (80%+)
- Testing native image compatibility

## Phase 1: Build

```bash
# Maven
mvn clean verify -DskipTests

# Gradle
./gradlew clean assemble -x test
```

If build fails, stop and fix compilation errors.

## Phase 2: Static Analysis

### Checkstyle, PMD, SpotBugs (Maven)

```bash
mvn checkstyle:check pmd:check spotbugs:check
```

### SonarQube (if configured)

```bash
mvn sonar:sonar \
  -Dsonar.projectKey=my-quarkus-project \
  -Dsonar.host.url=http://localhost:9000 \
  -Dsonar.login=${SONAR_TOKEN}
```

### Common Issues to Address

- Unused imports or variables
- Complex methods (high cyclomatic complexity)
- Potential null pointer dereferences
- Security issues flagged by SpotBugs

## Phase 3: Tests + Coverage

```bash
# Run all tests
mvn clean test

# Generate coverage report
mvn jacoco:report

# Enforce coverage threshold (80%)
mvn jacoco:check

# Or with Gradle
./gradlew test jacocoTestReport jacocoTestCoverageVerification
```

### Test Categories

#### Unit Tests
Test service logic with mocked dependencies:

```java
@ExtendWith(MockitoExtension.class)
class UserServiceTest {
  @Mock UserRepository userRepository;
  @InjectMocks UserService userService;

  @Test
  void createUser_validInput_returnsUser() {
    var dto = new CreateUserDto("Alice", "alice@example.com");

    // Panache persist() is void — use doNothing + verify
    doNothing().when(userRepository).persist(any(User.class));

    User result = userService.create(dto);

    assertThat(result.name).isEqualTo("Alice");
    verify(userRepository).persist(any(User.class));
  }
}
```

#### Integration Tests
Test with real database (Testcontainers):

```java
@QuarkusTest
@QuarkusTestResource(PostgresTestResource.class)
class UserRepositoryIntegrationTest {

  @Inject
  UserRepository userRepository;

  @Test
  @Transactional
  void findByEmail_existingUser_returnsUser() {
    User user = new User();
    user.name = "Alice";
    user.email = "alice@example.com";
    userRepository.persist(user);

    Optional<User> found = userRepository.findByEmail("alice@example.com");

    assertThat(found).isPresent();
    assertThat(found.get().name).isEqualTo("Alice");
  }
}
```

#### API Tests
Test REST endpoints with REST Assured:

```java
@QuarkusTest
class UserResourceTest {

  @Test
  void createUser_validInput_returns201() {
    given()
        .contentType(ContentType.JSON)
        .body("""
            {"name": "Alice", "email": "alice@example.com"}
            """)
        .when().post("/api/users")
        .then()
        .statusCode(201)
        .body("name", equalTo("Alice"));
  }

  @Test
  void createUser_invalidEmail_returns400() {
    given()
        .contentType(ContentType.JSON)
        .body("""
            {"name": "Alice", "email": "invalid"}
            """)
        .when().post("/api/users")
        .then()
        .statusCode(400);
  }
}
```

### Coverage Report

Check `target/site/jacoco/index.html` for detailed coverage:
- Overall line coverage (target: 80%+)
- Branch coverage (target: 70%+)
- Identify uncovered critical paths

## Phase 4: Security Scanning

### Dependency Vulnerabilities (Maven)

```bash
mvn org.owasp:dependency-check-maven:check
```

Review `target/dependency-check-report.html` for CVEs.

### Quarkus Security Audit

```bash
# Check vulnerable extensions
mvn quarkus:audit

# List all extensions
mvn quarkus:list-extensions
```

### OW

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is quarkus-verification for?

When should I use quarkus-verification?

Is quarkus-verification safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is quarkus-verification for?

When should I use quarkus-verification?

Is quarkus-verification safe to install?

SKILL.md