diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
index 6b0c4d72..882f3f98 100644
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@@ -12,46 +12,52 @@ on:
- reopened
jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'temurin'
+ cache: maven
+ - run: mvn -v
+ - run: mvn -B package
+ - uses: actions/upload-artifact@v2
+ with:
+ path: target/*.jar
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- - name: Run Snyk to check for vulnerabilities
- uses: snyk/actions/maven@master
- continue-on-error: true # To make sure we continue to the upload step, even when vulnerabilities are detected.
+ - uses: snyk/actions/maven-3-jdk-11@master
+ continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
- args: snyk test --sarif-file-output=snyk.sarif
- - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ args: --sarif-file-output=snyk.sarif
+ - uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: snyk.sarif
- category: Snyk
- # According to Sonar documentation[1] active branches are detected automatically when running with a GitHub Action.
- # Though to make configuration work running locally with act[2] as well, extracting the name explicitly is necessary.
- #
- # [1] https://docs.sonarqube.org/latest/branches/overview/#header-2
- # [2] https://github.com/nektos/act
analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- - name: Set up JDK 11
- uses: actions/setup-java@v1
+ - uses: actions/setup-java@v2
with:
- java-version: 11
- - name: Extract branch name
- shell: bash
- run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
- id: extract_branch
- - name: Build and analyze
+ java-version: '11'
+ distribution: 'temurin'
+ cache: maven
+ - uses: actions/cache@v1
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+ restore-keys: ${{ runner.os }}-sonar
+ - run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+ # Needed to get some information about the pull request, if any
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- run: ./mvnw -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.branch.name=${{ steps.extract_branch.outputs.branch }}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index cd361c28..8c1a2ce1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,6 +14,13 @@
io.quarkus.platform
2.6.3.Final
3.0.0-M5
+ https://sonarcloud.io
+
+ tubbynl
+ littil-backend
@@ -115,6 +122,21 @@
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+ 0.8.5
+
+
+ org.sonarsource.scanner.maven
+ sonar-maven-plugin
+
+ 3.9.1.2184
+
+
+
@@ -151,5 +173,30 @@
native
+
+ coverage
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+
+
+ prepare-agent
+
+ prepare-agent
+
+
+
+ report
+
+ report
+
+
+
+
+
+
+