Skip to content

Docs: Sonarqube documentation #190

Docs: Sonarqube documentation

Docs: Sonarqube documentation #190

Workflow file for this run

name: Java CI with Maven
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up Maven settings.xml
run: |
mkdir -p ~/.m2
echo "<settings>
<servers>
<server>
<id>github-webank</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Run Unit and Integration Tests
run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true -Ddependency-check.skip=true
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
architecture: x64
distribution: 'temurin'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up Maven settings.xml
run: |
mkdir -p ~/.m2
echo "<settings>
<servers>
<server>
<id>github-webank</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Build with webank Online banking
run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true -Ddependency-check.skip=true
pmdCheck:
needs: build
name: Run code analyser PMD
runs-on: ubuntu-latest
steps:
- name: Clone webank online banking repository
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
architecture: x64
distribution: 'temurin'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: build project before check
run: mvn -ntp -DskipTests -DskipITs -Dmaven.javadoc.skip=true clean install -Ddependency-check.skip=true
- name: Check pmd
run: mvn -ntp pmd:check -Ddependency-check.skip=true
# security-scan:
# name: Owasp security scan
# runs-on: ubuntu-latest
# needs: build # Ensures that the security scan runs only if the build job succeeds
#
# steps:
# # Step 1: Checkout code
# - name: Checkout code
# uses: actions/checkout@v4
#
# # Step 2: Set up Java
# - name: Set up Java 17
# uses: actions/setup-java@v4
# with:
# java-version: '17'
# distribution: 'temurin'
#
# # Step 3: Run OWASP Dependency-Check
# - name: Run OWASP Dependency-Check
# uses: dependency-check/Dependency-Check_Action@main
# env:
# # actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image
# JAVA_HOME: /opt/jdk
# with:
# project: 'webank-onlinebanking'
# path: '.'
# format: 'HTML'
# out: 'reports'
# args: >
# --failOnCVSS 5
# # Step 4: Upload the Dependency-Check report as an artifact
# - name: Upload Dependency Check report
# uses: actions/upload-artifact@v3
# with:
# name: Dependency-Check Report
# path: ${{ github.workspace }}/reports
Sonarqube:
name: Sonarqube
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'zulu' # Alternative distribution options are available.
- name: Cache SonarQube packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set up Maven settings.xml
run: |
mkdir -p ~/.m2
echo "<settings>
<servers>
<server>
<id>github-webank</id>
<username>${{ github.actor }}</username>
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
</server>
</servers>
</settings>" > ~/.m2/settings.xml
- name: Build and analyze
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=webank-online-banking -Dsonar.projectName='webank-online-banking' -Ddependency-check.skip=true