|
1 | 1 | name: Java CI/CD |
2 | 2 |
|
3 | 3 | on: |
| 4 | + # run every month on default branch to prevent inactive token removal: https://community.sonarsource.com/t/removing-inactive-tokens-after-60-days/142451 |
| 5 | + schedule: |
| 6 | + - cron: '0 0 1 * *' |
4 | 7 | push: |
5 | 8 | branches: |
6 | 9 | - master |
|
9 | 12 |
|
10 | 13 | jobs: |
11 | 14 | build: |
12 | | - |
| 15 | + name: Maven Build |
13 | 16 | runs-on: ubuntu-latest |
14 | 17 | steps: |
15 | 18 | - name: Git Clone |
16 | | - uses: actions/checkout@v4 |
| 19 | + uses: actions/checkout@v6 |
17 | 20 | - name: Set up JDK 21 |
18 | | - uses: actions/setup-java@v4 |
| 21 | + uses: actions/setup-java@v5 |
19 | 22 | with: |
20 | 23 | distribution: 'temurin' |
21 | 24 | java-version: 21 |
22 | 25 | # generate settings.xml with the correct values |
23 | 26 | server-id: sonatype-central-portal # Value of the distributionManagement/repository/id field of the pom.xml |
24 | | - server-username: MAVEN_USERNAME # env variable for username in deploy |
25 | | - server-password: MAVEN_PASSWORD # env variable for token in deploy |
| 27 | + server-username: MAVEN_CENTRAL_PORTAL_USERNAME # env variable for username in deploy |
| 28 | + server-password: MAVEN_CENTRAL_PORTAL_PASSWORD # env variable for token in deploy |
26 | 29 | - name: Adjust Git Config |
27 | 30 | run: | |
28 | 31 | git config --global user.email "action@github.com" |
29 | 32 | git config --global user.name "GitHub Action" |
30 | | - - name: Build and Analyse Reactor with Maven |
31 | | - if: github.ref != 'refs/heads/master' |
32 | | - run: ./mvnw -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:5.2.0.4988:sonar -Dsonar.projectKey=Netcentric_aem-classification -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Dsonar.scanner.skipJreProvisioning=true -Pcoverage-report |
33 | | - env: |
34 | | - # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ |
35 | | - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
36 | | - # Needed to get some information about the pull request, if any |
37 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
38 | | - - name: Build Site for Maven Plugin |
39 | | - if: github.ref != 'refs/heads/master' |
40 | | - run: ./mvnw -B clean site --file aem-classification-maven-plugin/pom.xml |
41 | | - - name: Build, Analyse and Deploy Reactor with Maven |
42 | | - if: github.ref == 'refs/heads/master' |
43 | | - run: ./mvnw -B clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:5.2.0.4988:sonar -Dsonar.projectKey=Netcentric_aem-classification -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Dsonar.scanner.skipJreProvisioning=true -Pcoverage-report |
44 | | - env: |
45 | | - MAVEN_USERNAME: ${{ secrets.SONATYPE_CENTRAL_TOKEN_USER }} |
46 | | - MAVEN_PASSWORD: ${{ secrets.SONATYPE_CENTRAL_TOKEN_PASSWORD }} |
47 | | - # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ |
48 | | - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
49 | | - # Needed to get some information about the pull request, if any |
50 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 33 | + # sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable |
| 34 | + - name: Set environment variables |
| 35 | + shell: bash |
| 36 | + run: | |
| 37 | + if [ "${{github.ref}}" = "refs/heads/master" ] && [ "${{github.event_name}}" = "push" ] && [ "${{github.repository_owner}}" = "Netcentric" ]; then |
| 38 | + echo 'Running on main branch of the canonical repo' |
| 39 | + echo "MVN_ADDITIONAL_OPTS=-DdeployAtEnd=true" >> $GITHUB_ENV |
| 40 | + echo "MVN_GOAL=deploy" >> $GITHUB_ENV |
| 41 | + echo "MAVEN_CENTRAL_PORTAL_USERNAME=${{ secrets.SONATYPE_CENTRAL_TOKEN_USER }}" >> $GITHUB_ENV |
| 42 | + echo "MAVEN_CENTRAL_PORTAL_PASSWORD=${{ secrets.SONATYPE_CENTRAL_TOKEN_PASSWORD }}" >> $GITHUB_ENV |
| 43 | + else |
| 44 | + echo 'Running outside main branch/canonical repo' |
| 45 | + echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV |
| 46 | + echo "MVN_GOAL=verify" >> $GITHUB_ENV |
| 47 | + fi |
| 48 | + - name: Build |
| 49 | + run: ./mvnw -B ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} -Pcoverage-report |
| 50 | + - name: Upload build result for subsequent SonarQube job |
| 51 | + # not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request |
| 52 | + if: github.repository == 'Netcentric/aem-classification' |
| 53 | + uses: actions/upload-artifact@v4 |
| 54 | + with: |
| 55 | + name: compiled-classes-and-coverage |
| 56 | + # compare with https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/languages/java/#java-analysis-and-bytecode |
| 57 | + path: | |
| 58 | + **/target/**/*.class |
| 59 | + **/target/site/jacoco*/*.xml |
51 | 60 | - name: Build Site for Maven Plugin |
52 | 61 | if: github.ref == 'refs/heads/master' |
53 | | - run: ./mvnw -B clean site --file aem-classification-maven-plugin/pom.xml |
| 62 | + run: ./mvnw -B site --file aem-classification-maven-plugin/pom.xml |
54 | 63 | - name: Upload Site for Maven Plugin |
55 | 64 | if: github.ref == 'refs/heads/master' |
56 | | - uses: actions/upload-pages-artifact@v3 |
| 65 | + uses: actions/upload-pages-artifact@v4 |
57 | 66 | with: |
58 | 67 | path: aem-classification-maven-plugin/target/site/ |
| 68 | + # execute analysis in a separate job for better visualization and usage of matrix builds |
| 69 | + # https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/#invoking-the-goal |
| 70 | + sonarqube: |
| 71 | + name: SonarQube Analysis |
| 72 | + runs-on: ubuntu-latest |
| 73 | + needs: build |
| 74 | + # not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request |
| 75 | + if: github.repository == 'Netcentric/aem-classification' |
| 76 | + steps: |
| 77 | + - uses: actions/checkout@v4 |
| 78 | + with: |
| 79 | + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis |
| 80 | + - name: Set up JDK 21 |
| 81 | + uses: actions/setup-java@v5 |
| 82 | + with: |
| 83 | + java-version: 21 |
| 84 | + distribution: temurin |
| 85 | + cache: maven |
| 86 | + - name: Download compiled classes |
| 87 | + uses: actions/download-artifact@v6 |
| 88 | + with: |
| 89 | + name: compiled-classes-and-coverage |
| 90 | + - name: Cache SonarQube packages |
| 91 | + uses: actions/cache@v4 |
| 92 | + with: |
| 93 | + path: ~/.sonar/cache |
| 94 | + key: ${{ runner.os }}-sonar |
| 95 | + restore-keys: ${{ runner.os }}-sonar |
| 96 | + - name: Analyze with SonarQube |
| 97 | + env: |
| 98 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any |
| 99 | + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
| 100 | + run: ./mvnw -B org.sonarsource.scanner.maven:sonar-maven-plugin:5.5.0.6356:sonar -Dsonar.projectKey=Netcentric_aem-classification -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Dsonar.scanner.skipJreProvisioning=true |
59 | 101 | deploy: |
| 102 | + name: Deploy to GH Pages |
60 | 103 | if: github.ref == 'refs/heads/master' |
61 | 104 | # Add a dependency to the build job |
62 | 105 | needs: build |
|
0 commit comments