From 217b808b578bc5e50f12ddb2d76c47078d5ac471 Mon Sep 17 00:00:00 2001 From: Jonas Cirotzki Date: Thu, 26 Jan 2023 11:39:15 +0100 Subject: [PATCH] [#7542] introduce sonarcloud --- .github/workflows/ci.yml | 17 +++++++++++++++-- sormas-base/pom.xml | 5 ++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5afb53e6a38..5d1087a846c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,10 +60,23 @@ jobs: key: ${{ runner.os }}-java-${{ env.JAVA }}-m2-${{ hashFiles('**/pom.xml', '**/*.pom') }} restore-keys: ${{ runner.os }}-java-${{ env.JAVA }}-m2 - - name: Run mvn verify + - name: Cache SonarCloud packages + # Check if PR results from the repository: if yes, it is safe to cache dependencies. + # This is to keep us safe from cache poisoning through 3rd party PRs. + if: ${{ fromJSON(env.PRIVILEGED_RUN) }} + uses: actions/cache@v2 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Run mvn verify and sonar analysis # FIXME(@JonasCir) see https://github.com/hzi-braunschweig/SORMAS-Project/issues/3730#issuecomment-745165678 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} working-directory: ./sormas-base - run: mvn verify -B -ntp + run: mvn -B -ntp verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=SORMAS-Project - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 diff --git a/sormas-base/pom.xml b/sormas-base/pom.xml index a55f74dcc14..8e01e4b608d 100644 --- a/sormas-base/pom.xml +++ b/sormas-base/pom.xml @@ -41,8 +41,11 @@ 2.2 2.6.0 - + + sormas + https://sonarcloud.io +