|
1 | | -# This workflow uses actions that are not certified by GitHub. |
2 | | -# They are provided by a third-party and are governed by |
3 | | -# separate terms of service, privacy policy, and support |
4 | | -# documentation. |
5 | | - |
6 | | -# This workflow helps you trigger a SonarCloud analysis of your code and populates |
7 | | -# GitHub Code Scanning alerts with the vulnerabilities found. |
8 | | -# Free for open source project. |
9 | | - |
10 | | -# 1. Login to SonarCloud.io using your GitHub account |
11 | | - |
12 | | -# 2. Import your project on SonarCloud |
13 | | -# * Add your GitHub organization first, then add your repository as a new project. |
14 | | -# * Please note that many languages are eligible for automatic analysis, |
15 | | -# which means that the analysis will start automatically without the need to set up GitHub Actions. |
16 | | -# * This behavior can be changed in Administration > Analysis Method. |
17 | | -# |
18 | | -# 3. Follow the SonarCloud in-product tutorial |
19 | | -# * a. Copy/paste the Project Key and the Organization Key into the args parameter below |
20 | | -# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) |
21 | | -# |
22 | | -# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN |
23 | | -# (On SonarCloud, click on your avatar on top-right > My account > Security |
24 | | -# or go directly to https://sonarcloud.io/account/security/) |
25 | | - |
26 | | -# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) |
27 | | -# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) |
28 | | - |
29 | | -name: SonarCloud Analysis |
30 | | - |
| 1 | +name: SonarQube |
31 | 2 | on: |
32 | 3 | push: |
33 | | - branches: [ "main" ] |
| 4 | + branches: |
| 5 | + - main |
34 | 6 | pull_request: |
35 | | - branches: [ "main" ] |
36 | | - workflow_dispatch: |
37 | | - |
38 | | -permissions: |
39 | | - pull-requests: read # allows SonarCloud to decorate PRs with analysis results |
40 | | - |
| 7 | + types: [opened, synchronize, reopened] |
41 | 8 | jobs: |
42 | | - analysis: |
43 | | - if: ${{ false }} # disable for now |
| 9 | + build: |
| 10 | + name: Build and analyze |
44 | 11 | runs-on: ubuntu-latest |
45 | | - |
46 | 12 | steps: |
47 | | - - name: Analyze with SonarCloud |
48 | | - |
49 | | - # You can pin the exact commit or the version. |
50 | | - uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 |
51 | | - env: |
52 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information |
53 | | - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) |
| 13 | + - uses: actions/checkout@v4 |
| 14 | + with: |
| 15 | + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis |
| 16 | + - name: Set up JDK 17 |
| 17 | + uses: actions/setup-java@v4 |
| 18 | + with: |
| 19 | + java-version: 17 |
| 20 | + distribution: 'temurin' # Alternative distribution options are available |
| 21 | + - name: Cache SonarQube packages |
| 22 | + uses: actions/cache@v4 |
54 | 23 | with: |
55 | | - # Additional arguments for the sonarcloud scanner |
56 | | - args: |
57 | | - -Dsonar.projectKey=lreimer_secure-devex22 |
58 | | - -Dsonar.organization=lreimer |
59 | | - # Comma-separated paths to directories containing main source files. |
60 | | - #-Dsonar.sources= # optional, default is project base directory |
61 | | - # When you need the analysis to take place in a directory other than the one from which it was launched |
62 | | - #-Dsonar.projectBaseDir= # optional, default is . |
63 | | - # Comma-separated paths to directories containing test source files. |
64 | | - #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ |
65 | | - # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. |
66 | | - #-Dsonar.verbose= # optional, default is false |
| 24 | + path: ~/.sonar/cache |
| 25 | + key: ${{ runner.os }}-sonar |
| 26 | + restore-keys: ${{ runner.os }}-sonar |
| 27 | + - name: Cache Gradle packages |
| 28 | + uses: actions/cache@v4 |
| 29 | + with: |
| 30 | + path: ~/.gradle/caches |
| 31 | + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} |
| 32 | + restore-keys: ${{ runner.os }}-gradle |
| 33 | + - name: Build and analyze |
| 34 | + env: |
| 35 | + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
| 36 | + run: ./gradlew build sonar --info |
0 commit comments