From 5c1e7fe86d3ccec6a39dae7b2f46ba40d732ada9 Mon Sep 17 00:00:00 2001 From: Thilo Schwarz Date: Mon, 24 Mar 2025 14:51:32 +0100 Subject: [PATCH] Add SonarCloud scan to CI workflow Introduce a new job in the GitHub Actions workflow to integrate SonarCloud analysis. This includes setting up JDK 17, caching Maven dependencies, and running the SonarCloud Maven plugin for code quality checks. --- .github/workflows/build-and-test.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 977bc68..8034957 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -32,3 +32,28 @@ jobs: API_KEY: ${{ secrets.API_KEY }} API_TOKEN: ${{ secrets.API_TOKEN }} run: mvn clean test + + sonarcloud-scan: + needs: mvn-test + name: Build and analyze with sonarcloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Set up JDK 17 + uses: actions/setup-java@v4.5.0 + with: + distribution: 'corretto' + java-version: '17' + - name: Cache maven repository + uses: actions/cache@v4.2.0 + with: + path: ~/.m2/repository + key: maven + restore-keys: maven + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=th-schwarz_DynDRest #-Dsonar.projectName=DynDRest