From d70bb0e29f03358fb0cd34ad604640cc23860c03 Mon Sep 17 00:00:00 2001 From: "Matteo Franci a.k.a. Fugerit" Date: Thu, 17 Oct 2024 11:59:24 +0200 Subject: [PATCH] Build and scan workflow --- .github/workflows/build_maven_package.yml | 75 +++++++++++++++++++++++ CHANGELOG.md | 14 +++++ pom.xml | 48 +++++++++++++++ 3 files changed, 137 insertions(+) create mode 100644 .github/workflows/build_maven_package.yml create mode 100644 CHANGELOG.md diff --git a/.github/workflows/build_maven_package.yml b/.github/workflows/build_maven_package.yml new file mode 100644 index 0000000..54e2ef4 --- /dev/null +++ b/.github/workflows/build_maven_package.yml @@ -0,0 +1,75 @@ +# CI with maven build and scan +# +# version 1.0.1 +# +# see : https://universe.fugerit.org/src/docs/conventions/workflows/build_maven_package.html + +name: CI maven build and scan + +on: + # Trigger analysis when pushing in master or pull requests, and when creating + # a pull request. + push: + branches: + - main + - develop + - branch-preview + pull_request: + types: + - opened + - synchronize + - reopened + +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@main + with: + # Shallow clones should be disabled for a better relevancy of analysis + fetch-depth: 0 + + - uses: graalvm/setup-graalvm@main + with: + java-version: '22-ea' + distribution: 'graalvm' + github-token: ${{ secrets.GITHUB_TOKEN }} + native-image-job-reports: 'true' + + - name: Cache Maven packages + uses: actions/cache@main + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Cache SonarCloud packages + uses: actions/cache@main + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - uses: actions/setup-node@main + with: + node-version: 20 + - name: Maven version + run: mvn -v + env: + # Needed to get some information about the pull request, if any + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + - name: Build and analyze + run: mvn -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage,full,metadata,sonarfugerit,buildreact -Dsonar.projectKey=fugerit-org_${{github.event.repository.name}} + env: + # Needed to get some information about the pull request, if any + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive + - name: Update dependency graph + # if DISABLE_MAVEN_DEPENDENCY_SUBMISSION is set to true, skip this step + if: ${{ vars.DISABLE_MAVEN_DEPENDENCY_SUBMISSION != 'true' }} + uses: advanced-security/maven-dependency-submission-action@main \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..c50ce23 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +### Added + +- build and scan workflow +- all default doc handlers +- all default source types (xml, json, yaml) diff --git a/pom.xml b/pom.xml index a0171c1..6b129fe 100644 --- a/pom.xml +++ b/pom.xml @@ -207,5 +207,53 @@ true + + + sonarfugerit + + + https://sonarcloud.io + fugerit-org + ${project.artifactId} + + + + + coverage + + + + org.apache.maven.plugins + maven-surefire-plugin + + false + + + + org.jacoco + jacoco-maven-plugin + + + prepare-agent + + prepare-agent + + + + report + + report + + + + XML + + + + + + + +