diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..861eb7ed1 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,22 @@ +on: + # Trigger analysis when pushing in master or pull requests, and when creating + # a pull request. + push: + branches: + - main + pull_request_target: + types: [opened, synchronize, reopened] +name: Main Workflow +jobs: + sonarcloud: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + - name: SonarCloud Scan + uses: sonarsource/sonarcloud-github-action@v3.0.0 # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/sonarscan.yml b/.github/workflows/sonarscan.yml deleted file mode 100644 index 245372114..000000000 --- a/.github/workflows/sonarscan.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: SonarCloud - -env: - NPMRC: ${{ secrets.NPMRC }} -on: - pull_request_target: - types: [opened, synchronize, reopened] - -jobs: - build: - name: Build and analyze - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'adopt' - - name: Add .npmrc file - run: echo -e $NPMRC > ~/.npmrc - - name: Cache SonarCloud packages - uses: actions/cache@v4 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Cache Maven packages - uses: actions/cache@v4 - with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 - - name: Build and analyze - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - export MAVEN_OPTS="-Xmx4096m" - export NODE_OPTIONS="--max-old-space-size=4096" - mvn clean --settings /home/runner/work/nr-bcws-wfprev/nr-bcws-wfprev/server/wfprev-api/mvn_settings/settings.xml -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=bcgov_nr-bcws-wfprev -Drepo.login=${{ secrets.IDIR_AS_EMAIL }} -Drepo.password=${{ secrets.IDIR_PASSWORD }} -X -DskipTests diff --git a/sonar-project.properties b/sonar-project.properties index c8decb992..54a4da8aa 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,6 +1,7 @@ sonar.organization=bcgov-sonarcloud sonar.projectKey=bcgov_nr-bcws-wfprev sonar.host.url=https://sonarcloud.io +sonar.sources=. # relative paths to source directories. More details and properties are described # in https://sonarcloud.io/documentation/project-administration/narrowing-the-focus/