From 72d7ec162faad5b9da7f52c3ad6c10d3aba932ff Mon Sep 17 00:00:00 2001 From: asteriskzie Date: Sun, 26 May 2024 10:01:47 +0700 Subject: [PATCH] Fix SonarCloud: ikutin tutorial 1 --- .github/workflows/ci.yml | 66 ++++++++++++------------- .github/workflows/sonarcloud.yml | 83 ++++++++++++++++++++++++++++++++ build.gradle.kts | 11 +---- gradle/gradle.properties | 5 -- 4 files changed, 115 insertions(+), 50 deletions(-) create mode 100644 .github/workflows/sonarcloud.yml delete mode 100644 gradle/gradle.properties diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ed74c4..4003188 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,41 +14,41 @@ on: workflow_dispatch: jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: Checkout Repository - uses: actions/checkout@v4 + # build: + # name: Build + # runs-on: ubuntu-latest + # steps: + # - name: Checkout Repository + # uses: actions/checkout@v4 - - name: Set up JDK 21 - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: "21" - cache: "gradle" + # - name: Set up JDK 21 + # uses: actions/setup-java@v4 + # with: + # distribution: "temurin" + # java-version: "21" + # cache: "gradle" - - name: Cache Gradle dependencies - uses: actions/cache@v4 - with: - path: ~/.gradle/caches - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- + # - name: Cache Gradle dependencies + # uses: actions/cache@v4 + # with: + # path: ~/.gradle/caches + # key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + # restore-keys: | + # ${{ runner.os }}-gradle- - - name: Make gradlew executable - run: chmod +x ./gradlew + # - name: Make gradlew executable + # run: chmod +x ./gradlew - - name: Build with Gradle - run: | - ./gradlew assemble - # (Optional) Add steps for running tests and generating reports + # - name: Build with Gradle + # run: | + # ./gradlew assemble + # # (Optional) Add steps for running tests and generating reports - - name: Upload Artifact - uses: actions/upload-artifact@v4 - with: - name: java-app - path: build/libs/*.jar + # - name: Upload Artifact + # uses: actions/upload-artifact@v4 + # with: + # name: java-app + # path: build/libs/*.jar test: name: Test @@ -93,8 +93,4 @@ jobs: ./gradlew jacocoTestReport env: PRODUCTION: test - # (Optional) Add steps for generating coverage report and other post-test tasks - - name: SonarCloud Scan - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: ./gradlew sonarqube -Dsonar.login=$SONAR_TOKEN \ No newline at end of file + # (Optional) Add steps for generating coverage report and other post-test tasks \ No newline at end of file diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000..3d0e049 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,83 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarCloud analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# Free for open source project. + +# 1. Login to SonarCloud.io using your GitHub account + +# 2. Import your project on SonarCloud +# * Add your GitHub organization first, then add your repository as a new project. +# * Please note that many languages are eligible for automatic analysis, +# which means that the analysis will start automatically without the need to set up GitHub Actions. +# * This behavior can be changed in Administration > Analysis Method. +# +# 3. Follow the SonarCloud in-product tutorial +# * a. Copy/paste the Project Key and the Organization Key into the args parameter below +# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) +# +# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN +# (On SonarCloud, click on your avatar on top-right > My account > Security +# or go directly to https://sonarcloud.io/account/security/) + +# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) + +name: SonarCloud analysis + +on: + push: + branches: + - main + - dev + - staging + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Check out the Git repository + uses: actions/checkout@v4 + + - name: Set up Java toolchain + uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: "21" + cache: "gradle" + + - name: Build + run: ./gradlew build + + - name: Analyze with SonarCloud + # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the sonarcloud scanner + args: + # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) + # mandatory + -Dsonar.projectKey=ADPRO-C11_snackscription-review + -Dsonar.organization=adpro-c11 + -Dsonar.java.binaries=. + -Dsonar.sources=src/main/java + -Dsonar.tests=src/test/java + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # When you need the analysis to take place in a directory other than the one from which it was launched + #-Dsonar.projectBaseDir= # optional, default is . + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false \ No newline at end of file diff --git a/build.gradle.kts b/build.gradle.kts index f1016f9..329c4e3 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,7 +3,6 @@ plugins { jacoco id("org.springframework.boot") version "3.2.5" id("io.spring.dependency-management") version "1.1.4" - id("org.sonarqube") version "5.0.0.4638" } group = "snackscription" @@ -37,14 +36,6 @@ dependencies { testImplementation("org.springframework.boot:spring-boot-starter-test") } -sonar { - properties { - property("sonar.projectKey","ADPRO-C11_snackscription-review") - property("sonar.organization", "adpro-c11") - property("sonar.host.url", "https://sonarcloud.io") - } -} - tasks.register("unitTest") { description = "Runs unit tests." group = "verification" @@ -83,6 +74,6 @@ tasks.jacocoTestReport { reports { xml.required.set(true) csv.required.set(true) - html.outputLocation.set(layout.buildDirectory.dir("jacocoHtml")) + // html.outputLocation.set(layout.buildDirectory.dir("jacocoHtml")) } } \ No newline at end of file diff --git a/gradle/gradle.properties b/gradle/gradle.properties deleted file mode 100644 index 2b4c21a..0000000 --- a/gradle/gradle.properties +++ /dev/null @@ -1,5 +0,0 @@ -systemProp.sonar.host.url=https://sonarcloud.io - -# Token generated from an account with 'Execute analysis' permission. -# It can also be set with the environment variable SONAR_TOKEN. -systemProp.sonar.token=${SONAR_TOKEN} \ No newline at end of file