Docs: Sonarqube documentation #190
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Java CI with Maven | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Set up Maven settings.xml | |
run: | | |
mkdir -p ~/.m2 | |
echo "<settings> | |
<servers> | |
<server> | |
<id>github-webank</id> | |
<username>${{ github.actor }}</username> | |
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password> | |
</server> | |
</servers> | |
</settings>" > ~/.m2/settings.xml | |
- name: Run Unit and Integration Tests | |
run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true -Ddependency-check.skip=true | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
architecture: x64 | |
distribution: 'temurin' | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Set up Maven settings.xml | |
run: | | |
mkdir -p ~/.m2 | |
echo "<settings> | |
<servers> | |
<server> | |
<id>github-webank</id> | |
<username>${{ github.actor }}</username> | |
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password> | |
</server> | |
</servers> | |
</settings>" > ~/.m2/settings.xml | |
- name: Build with webank Online banking | |
run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true -Ddependency-check.skip=true | |
pmdCheck: | |
needs: build | |
name: Run code analyser PMD | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone webank online banking repository | |
uses: actions/checkout@v4 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
architecture: x64 | |
distribution: 'temurin' | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: build project before check | |
run: mvn -ntp -DskipTests -DskipITs -Dmaven.javadoc.skip=true clean install -Ddependency-check.skip=true | |
- name: Check pmd | |
run: mvn -ntp pmd:check -Ddependency-check.skip=true | |
# security-scan: | |
# name: Owasp security scan | |
# runs-on: ubuntu-latest | |
# needs: build # Ensures that the security scan runs only if the build job succeeds | |
# | |
# steps: | |
# # Step 1: Checkout code | |
# - name: Checkout code | |
# uses: actions/checkout@v4 | |
# | |
# # Step 2: Set up Java | |
# - name: Set up Java 17 | |
# uses: actions/setup-java@v4 | |
# with: | |
# java-version: '17' | |
# distribution: 'temurin' | |
# | |
# # Step 3: Run OWASP Dependency-Check | |
# - name: Run OWASP Dependency-Check | |
# uses: dependency-check/Dependency-Check_Action@main | |
# env: | |
# # actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image | |
# JAVA_HOME: /opt/jdk | |
# with: | |
# project: 'webank-onlinebanking' | |
# path: '.' | |
# format: 'HTML' | |
# out: 'reports' | |
# args: > | |
# --failOnCVSS 5 | |
# # Step 4: Upload the Dependency-Check report as an artifact | |
# - name: Upload Dependency Check report | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: Dependency-Check Report | |
# path: ${{ github.workspace }}/reports | |
Sonarqube: | |
name: Sonarqube | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: 'zulu' # Alternative distribution options are available. | |
- name: Cache SonarQube packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Set up Maven settings.xml | |
run: | | |
mkdir -p ~/.m2 | |
echo "<settings> | |
<servers> | |
<server> | |
<id>github-webank</id> | |
<username>${{ github.actor }}</username> | |
<password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password> | |
</server> | |
</servers> | |
</settings>" > ~/.m2/settings.xml | |
- name: Build and analyze | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=webank-online-banking -Dsonar.projectName='webank-online-banking' -Ddependency-check.skip=true |