diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index c81a085..6b650b8 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -1,24 +1,37 @@
-name: SonarCloud
-
+name: SonarQube
on:
push:
- branches: [ main ]
+ branches:
+ - main
pull_request:
- branches: [ feature/* ]
-
+ types: [opened, synchronize, reopened]
jobs:
build:
+ name: Build and analyze
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
+ with:
+ java-version: 17
+ distribution: 'zulu' # Alternative distribution options are available.
+ - name: Cache SonarQube packages
+ uses: actions/cache@v4
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+ restore-keys: ${{ runner.os }}-sonar
+ - name: Cache Maven packages
+ uses: actions/cache@v4
with:
- java-version: '17'
- distribution: 'temurin'
- cache: maven
- - name: Analyze with SonarCloud
- run: mvn -B verify sonar:sonar -Dsonar.projectKey=dependency-track-maven-plugin -Dsonar.organization=pmckeown -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN
+ path: ~/.m2
+ key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+ restore-keys: ${{ runner.os }}-m2
+ - name: Build and analyze
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=pmckeown_dependency-track-maven-plugin
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index fa199a0..d466735 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,6 +66,8 @@
UTF-8
3.9.5
+ pmckeown
+ https://sonarcloud.io
@@ -427,8 +429,6 @@
- https://sonarcloud.io
- pmckeown
io.github.pmckeown:dependency-track-maven-plugin
${env.SONAR_TOKEN}