Update .gitea/workflows/sonar-scan.yaml
This commit is contained in:
@@ -1,43 +1,115 @@
|
|||||||
name: Build
|
name: SonarQube Analysis
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
pull_request:
|
pull_request:
|
||||||
|
types: [opened, synchronize, reopened]
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-${{ github.ref }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: read
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
sonarqube:
|
||||||
name: Build and analyze
|
name: Build, Test & Analyse
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
# ------------------------------------------------------------------ #
|
||||||
|
# 1. Full checkout — shallow clones degrade SonarQube blame/new-code #
|
||||||
|
# ------------------------------------------------------------------ #
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- uses: actions/setup-java@v4
|
# ------------------------------------------------------------------ #
|
||||||
|
# 2. Java 17 — matches spring-petclinic's java.version property #
|
||||||
|
# ------------------------------------------------------------------ #
|
||||||
|
- name: Set up JDK 17
|
||||||
|
uses: actions/setup-java@v4
|
||||||
with:
|
with:
|
||||||
distribution: temurin
|
java-version: '17'
|
||||||
java-version: 17
|
distribution: 'temurin'
|
||||||
cache: maven
|
|
||||||
|
|
||||||
- name: Make Maven wrapper executable
|
# ------------------------------------------------------------------ #
|
||||||
run: chmod +x mvnw
|
# 3. Cache Maven local repository and the SonarQube analysis cache #
|
||||||
|
# ------------------------------------------------------------------ #
|
||||||
|
- name: Cache Maven packages
|
||||||
|
uses: actions/cache@v4
|
||||||
|
with:
|
||||||
|
path: ~/.m2/repository
|
||||||
|
key: maven-${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
|
||||||
|
restore-keys: maven-${{ runner.os }}-
|
||||||
|
|
||||||
- name: Build and analyze
|
- name: Cache SonarQube analysis data
|
||||||
run: ./mvnw -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=demo-platform
|
uses: actions/cache@v4
|
||||||
|
with:
|
||||||
|
path: ~/.sonar/cache
|
||||||
|
key: sonar-${{ runner.os }}
|
||||||
|
restore-keys: sonar-${{ runner.os }}
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------ #
|
||||||
|
# 4. Build, run tests, collect JaCoCo coverage, then push to Sonar. #
|
||||||
|
# #
|
||||||
|
# Why one command? #
|
||||||
|
# - `verify` compiles, runs unit + integration tests, and lets #
|
||||||
|
# JaCoCo write target/site/jacoco/jacoco.xml #
|
||||||
|
# - `sonar:sonar` reads the compiled bytecode, test results, and #
|
||||||
|
# coverage report that `verify` just produced #
|
||||||
|
# #
|
||||||
|
# The H2 in-memory database is active by default so no external DB #
|
||||||
|
# service is needed for the standard test suite. #
|
||||||
|
# #
|
||||||
|
# Required secrets (Settings → Secrets): #
|
||||||
|
# SONAR_TOKEN – SonarQube user / project token #
|
||||||
|
# #
|
||||||
|
# Required variables (Settings → Variables): #
|
||||||
|
# SONAR_HOST_URL – e.g. http://sonarqube.example.com:9000 #
|
||||||
|
# SONAR_PROJECT_KEY – e.g. spring-petclinic #
|
||||||
|
# ------------------------------------------------------------------ #
|
||||||
|
- name: Build, test and analyse with SonarQube
|
||||||
env:
|
env:
|
||||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||||
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
|
||||||
|
run: |
|
||||||
|
./mvnw -B verify sonar:sonar \
|
||||||
|
-Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \
|
||||||
|
-Dsonar.projectName="Spring PetClinic" \
|
||||||
|
-Dsonar.host.url="${SONAR_HOST_URL}" \
|
||||||
|
-Dsonar.token="${SONAR_TOKEN}" \
|
||||||
|
-Dsonar.java.source=17 \
|
||||||
|
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
|
||||||
|
|
||||||
- uses: sonarsource/sonarqube-quality-gate-action@v1
|
# ------------------------------------------------------------------ #
|
||||||
timeout-minutes: 5
|
# 5. Quality Gate — poll until the result is ready, fail if red #
|
||||||
|
# ------------------------------------------------------------------ #
|
||||||
|
- name: Quality Gate check
|
||||||
env:
|
env:
|
||||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||||
|
SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}
|
||||||
|
run: |
|
||||||
|
echo "Waiting for SonarQube to process the analysis..."
|
||||||
|
STATUS=""
|
||||||
|
for i in $(seq 1 24); do # up to ~2 minutes
|
||||||
|
RESPONSE=$(curl -sf \
|
||||||
|
-u "${SONAR_TOKEN}:" \
|
||||||
|
"${SONAR_HOST_URL}/api/qualitygates/project_status?projectKey=${{ vars.SONAR_PROJECT_KEY }}" \
|
||||||
|
|| true)
|
||||||
|
STATUS=$(echo "$RESPONSE" | python3 -c \
|
||||||
|
"import sys,json; print(json.load(sys.stdin)['projectStatus']['status'])" \
|
||||||
|
2>/dev/null || echo "NONE")
|
||||||
|
if [ "$STATUS" = "OK" ] || [ "$STATUS" = "ERROR" ] || [ "$STATUS" = "WARN" ]; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
echo " Status: ${STATUS:-pending} — retrying in 5 s..."
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Quality Gate status: $STATUS"
|
||||||
|
if [ "$STATUS" = "ERROR" ]; then
|
||||||
|
echo "❌ Quality Gate FAILED — check ${{ vars.SONAR_HOST_URL }}/dashboard?id=${{ vars.SONAR_PROJECT_KEY }}"
|
||||||
|
exit 1
|
||||||
|
elif [ "$STATUS" = "OK" ]; then
|
||||||
|
echo "✅ Quality Gate PASSED"
|
||||||
|
else
|
||||||
|
echo "⚠️ Quality Gate status: $STATUS"
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user