From b7286c4928bf2826277dc0d9d59ab237d8522a58 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 9 Sep 2024 21:17:46 +1000 Subject: [PATCH] add GHA pipeline for sonarqube test --- .../workflows/build-and-publish-develop.yaml | 64 +++++++++++++++++++ .../workflows/build-and-publish-release.yml | 64 +++++++++++++++++++ .github/workflows/sonarqube.yaml | 40 +++++++++++- 3 files changed, 165 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish-develop.yaml b/.github/workflows/build-and-publish-develop.yaml index 92d3ea9..713ce55 100644 --- a/.github/workflows/build-and-publish-develop.yaml +++ b/.github/workflows/build-and-publish-develop.yaml @@ -14,6 +14,70 @@ env: RELEASE_DEPLOYMENT_REPOSITORY_URL: ${{ secrets.RELEASE_DEPLOYMENT_REPOSITORY_URL }} jobs: + sonarqube-test: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + packages: write + name: Build Java Package and Publish + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - uses: actions/setup-java@v4.2.2 + if: ${{ hashFiles('**/pom.xml') }} + with: + java-version: 17 + distribution: zulu + cache: 'maven' + - name: Cache SonarQube packages + uses: actions/cache@v1 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v1 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: maven-settings-xml-action + uses: whelk-io/maven-settings-xml-action@v22 + with: + profiles: > + [{ + "id": "homelab", + "properties": { + "altSnapshotDeploymentRepository": "nexus-snapshot::${env.SNAPSHOT_DEPLOYMENT_REPOSITORY_URL}", + "altReleaseDeploymentRepository": "nexus-release::${env.RELEASE_DEPLOYMENT_REPOSITORY_URL}" + } + }] + repositories: > + [{ + "id": "maven-public", + "url": "${env.MAVEN_PUBLIC_REPOSITORY_URL}", + "snapshots": { + "enabled": "true" + } + }] + servers: > + [{ + "id": "nexus-snapshot", + "username": "${env.NEXUS_USERNAME}", + "password": "${env.NEXUS_PASSWORD}" + }, + { + "id": "nexus-release", + "username": "${env.NEXUS_USERNAME}", + "password": "${env.NEXUS_PASSWORD}" + }] + - name: Build and analyse + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=ec-microservice-commons -Dsonar.projectName='ec-microservice-commons' -P homelab build-java: runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/build-and-publish-release.yml b/.github/workflows/build-and-publish-release.yml index b318b02..cb732cc 100644 --- a/.github/workflows/build-and-publish-release.yml +++ b/.github/workflows/build-and-publish-release.yml @@ -14,6 +14,70 @@ env: RELEASE_DEPLOYMENT_REPOSITORY_URL: ${{ secrets.RELEASE_DEPLOYMENT_REPOSITORY_URL }} jobs: + sonarqube-test: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + packages: write + name: Build Java Package and Publish + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - uses: actions/setup-java@v4.2.2 + if: ${{ hashFiles('**/pom.xml') }} + with: + java-version: 17 + distribution: zulu + cache: 'maven' + - name: Cache SonarQube packages + uses: actions/cache@v1 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v1 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: maven-settings-xml-action + uses: whelk-io/maven-settings-xml-action@v22 + with: + profiles: > + [{ + "id": "homelab", + "properties": { + "altSnapshotDeploymentRepository": "nexus-snapshot::${env.SNAPSHOT_DEPLOYMENT_REPOSITORY_URL}", + "altReleaseDeploymentRepository": "nexus-release::${env.RELEASE_DEPLOYMENT_REPOSITORY_URL}" + } + }] + repositories: > + [{ + "id": "maven-public", + "url": "${env.MAVEN_PUBLIC_REPOSITORY_URL}", + "snapshots": { + "enabled": "true" + } + }] + servers: > + [{ + "id": "nexus-snapshot", + "username": "${env.NEXUS_USERNAME}", + "password": "${env.NEXUS_PASSWORD}" + }, + { + "id": "nexus-release", + "username": "${env.NEXUS_USERNAME}", + "password": "${env.NEXUS_PASSWORD}" + }] + - name: Build and analyse + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=ec-microservice-commons -Dsonar.projectName='ec-microservice-commons' -P homelab build-java: runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml index 7d5ab39..ac4e6b9 100644 --- a/.github/workflows/sonarqube.yaml +++ b/.github/workflows/sonarqube.yaml @@ -3,21 +3,25 @@ name: Build on: workflow_dispatch: push: + branches: + - '!main' + - '!develop' jobs: build: name: Build and analyze runs-on: ubuntu-latest - steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Set up JDK 17 - uses: actions/setup-java@v1 + - uses: actions/setup-java@v4.2.2 + if: ${{ hashFiles('**/pom.xml') }} with: java-version: 17 + distribution: zulu + cache: 'maven' - name: Cache SonarQube packages uses: actions/cache@v1 with: @@ -30,6 +34,36 @@ jobs: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 + - name: maven-settings-xml-action + uses: whelk-io/maven-settings-xml-action@v22 + with: + profiles: > + [{ + "id": "homelab", + "properties": { + "altSnapshotDeploymentRepository": "nexus-snapshot::${env.SNAPSHOT_DEPLOYMENT_REPOSITORY_URL}", + "altReleaseDeploymentRepository": "nexus-release::${env.RELEASE_DEPLOYMENT_REPOSITORY_URL}" + } + }] + repositories: > + [{ + "id": "maven-public", + "url": "${env.MAVEN_PUBLIC_REPOSITORY_URL}", + "snapshots": { + "enabled": "true" + } + }] + servers: > + [{ + "id": "nexus-snapshot", + "username": "${env.NEXUS_USERNAME}", + "password": "${env.NEXUS_PASSWORD}" + }, + { + "id": "nexus-release", + "username": "${env.NEXUS_USERNAME}", + "password": "${env.NEXUS_PASSWORD}" + }] - name: Build and analyze env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}