Skip to content
CI maven build and sonar cloud scan

Setup container check with snyk #324

Sign in to view logs

Setup container check with snyk

Setup container check with snyk #324

Workflow file for this run

.github/workflows/build_maven_package.yml at 07b2b22
# CI with maven build and scan
name: CI maven build and sonar cloud scan
on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
push:
branches:
- main
- branch-sonarcloud
pull_request:
types:
- opened
- synchronize
- reopened
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
# Shallow clones should be disabled for a better relevancy of analysis
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'corretto'
cache: 'maven'
- name: Cache Maven packages
uses: actions/cache@v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Cache SonarCloud packages
uses: actions/cache@v1
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Maven version
run: mvn -v
env:
# Needed to get some information about the pull request, if any
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# SonarCloud access token should be generated from https://sonarcloud.io/account/security/
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Build and analyze
run: mvn -B clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage,full,metadata,sonarfugerit -Dsonar.projectKey=fugerit-org_${{github.event.repository.name}}
env:
# Needed to get some information about the pull request, if any
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# SonarCloud access token should be generated from https://sonarcloud.io/account/security/
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}