From dd13c0f1ee2dca46dba06b05cdc1916803e27045 Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Fri, 2 Feb 2024 21:03:24 +0100 Subject: [PATCH 1/3] Use a more generic way bc will add Sonar Signed-off-by: Sven Strittmatter --- .github/workflows/{test.yml => build.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{test.yml => build.yml} (100%) diff --git a/.github/workflows/test.yml b/.github/workflows/build.yml similarity index 100% rename from .github/workflows/test.yml rename to .github/workflows/build.yml From 1ab94e9b841ce0ff04c15ad1bb8ac6fdc9f2f74b Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Fri, 2 Feb 2024 21:09:04 +0100 Subject: [PATCH 2/3] Integrate Sonar analysis in build Signed-off-by: Sven Strittmatter --- .github/workflows/build.yml | 37 ++++++++++++++++++++++++++++--------- pom.xml | 2 ++ 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index aedf66a7..d7a749b7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,22 +5,41 @@ # This workflow will test a Java project with Maven # See https://github.com/jonashackt/github-actions-release-maven -name: Java Tests -on: [pull_request, push, workflow_dispatch] - +name: Java Build +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] jobs: - test: + build: + name: Build and analyze runs-on: ubuntu-22.04 steps: - - name: Checkout repository uses: actions/checkout@v4 - + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up JDK 17 uses: actions/setup-java@v4 with: java-version: 17 distribution: temurin - - - name: Build with Maven - run: mvn -U -B verify # -U: force updates for dependencies, -B: no user input + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=secureCodeBox_defectdojo-client-java diff --git a/pom.xml b/pom.xml index 998b18a3..a26219d1 100644 --- a/pom.xml +++ b/pom.xml @@ -69,6 +69,8 @@ UTF-8 17 17 + iosecurecodebox + https://sonarcloud.io ${project.build.directory}/jacoco.exec From 61d0a46c3c99ffeaa689d570b55e16d4f6ff895c Mon Sep 17 00:00:00 2001 From: Sven Strittmatter Date: Fri, 2 Feb 2024 21:15:50 +0100 Subject: [PATCH 3/3] Try another combination of config Signed-off-by: Sven Strittmatter --- .github/workflows/build.yml | 2 +- pom.xml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d7a749b7..46065bc8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,4 +42,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=secureCodeBox_defectdojo-client-java + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar diff --git a/pom.xml b/pom.xml index a26219d1..8b615d92 100644 --- a/pom.xml +++ b/pom.xml @@ -70,6 +70,7 @@ 17 17 iosecurecodebox + secureCodeBox_defectdojo-client-java https://sonarcloud.io ${project.build.directory}/jacoco.exec