SONARJAVA-5860 Fix coverage #184
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - branch-* | |
| - dogfood-* | |
| pull_request: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "30 1 * * *" # Run daily at 1:30 AM UTC | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: github-ubuntu-latest-m # Public repo uses custom GitHub-hosted runner | |
| name: Build | |
| permissions: | |
| id-token: write # Required for Vault OIDC authentication | |
| contents: write # Required for repository access and tagging | |
| outputs: | |
| build-number: ${{ steps.build-maven.outputs.BUILD_NUMBER }} | |
| deployed: ${{ steps.build-maven.outputs.deployed }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/ci-github-actions/cache@v1 | |
| with: | |
| path: ~/.m2/repository | |
| key: sonar-java-${{ runner.os }} | |
| - uses: SonarSource/ci-github-actions/build-maven@v1 | |
| id: build-maven | |
| with: | |
| deploy-pull-request: true | |
| sonar-platform: none # Prevent analysis | |
| # Override artifactory roles for public repo using private access | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| maven-args: > | |
| --define maven.test.skip=true | |
| --define sonar.skip=true | |
| --projects !java-checks-test-sources/aws,!java-checks-test-sources/default,!java-checks-test-sources/java-17,!java-checks-test-sources/spring-3.2,!java-checks-test-sources/spring-web-4.0 | |
| ruling-qa: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| runner: | |
| - github-ubuntu-latest-m | |
| - github-windows-latest-m | |
| profile: | |
| - without-sonarqube-project | |
| - only-sonarqube-project | |
| name: Ruling QA | |
| needs: | |
| - build | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| submodules: recursive | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - name: Select Java 17 | |
| run: mise use java@17 | |
| - name: Configure Maven | |
| uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| artifactory-reader-role: private-reader | |
| - name: Getting Vault Secrets | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Run ruling tests | |
| shell: bash # Set explicitly so Bash is used on Windows runners too. | |
| env: | |
| MAVEN_OPTS: "-Xmx3g" | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| cd its/ruling | |
| mvn package --batch-mode "-Pit-ruling,${{ matrix.profile }}" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true | |
| plugin-qa: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| sq_version: | |
| - LATEST_RELEASE | |
| - DEV | |
| name: Plugin QA | |
| needs: | |
| - build | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-m | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| submodules: recursive | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - name: Select Java 17 | |
| run: mise use java@17 | |
| - name: Configure Maven | |
| uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| artifactory-reader-role: private-reader | |
| - name: Getting Vault Secrets | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0 | |
| with: | |
| secrets: | | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Plugin QA | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| run: | | |
| cd its/plugin | |
| mvn package --batch-mode -Pit-plugin -Dsonar.runtimeVersion=${{ matrix.sq_version }} -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=classes -DuseUnlimitedThreads=true | |
| sanity: | |
| name: Sanity Test | |
| needs: | |
| - build | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-m | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/vault-action-wrapper@v3 | |
| id: secrets | |
| with: | |
| secrets: | | |
| development/kv/data/next url | SONAR_HOST_URL; | |
| development/kv/data/next token | SONAR_TOKEN; | |
| - name: Compile Test Sources | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| working-directory: java-checks-test-sources | |
| run: | | |
| mvn clean compile --batch-mode | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| deploy: false | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| - name: Sanity Test | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| run: | | |
| mvn verify --batch-mode -f sonar-java-plugin/pom.xml -Psanity -Dtest=SanityTest | |
| test-analyze: | |
| name: Test Analyze | |
| needs: | |
| - build | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-m | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/vault-action-wrapper@v3 | |
| id: secrets | |
| with: | |
| secrets: | | |
| development/kv/data/next url | SONAR_HOST_URL; | |
| development/kv/data/next token | SONAR_TOKEN; | |
| - name: Test Analyze | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| uses: SonarSource/ci-github-actions/build-maven@v1 | |
| with: | |
| deploy: false | |
| artifactory-reader-role: private-reader # Override default public-reader | |
| artifactory-deployer-role: qa-deployer # Override default public-deployer | |
| - name: Build Java Custom Rules Example | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| working-directory: docs/java-custom-rules-example | |
| run: | | |
| mvn clean package -f pom_SQ_10_6_LATEST.xml --batch-mode | |
| - name: Check License Compliance | |
| run: | | |
| # See https://xtranet.sonarsource.com/display/DEV/Open+Source+Licenses | |
| mvn org.codehaus.mojo:license-maven-plugin:aggregate-add-third-party \ | |
| --batch-mode \ | |
| "-Dlicense.missingFile=${PWD}/missing-dep-licenses.properties" \ | |
| -DuseMissingFile \ | |
| "-Dlicense.overrideUrl=file://${PWD}/override-dep-licenses.properties" | |
| autoscan: | |
| name: Autoscan Tests | |
| needs: | |
| - build | |
| if: ${{ needs.build.outputs.deployed }} | |
| runs-on: github-ubuntu-latest-m | |
| permissions: | |
| id-token: write | |
| contents: write | |
| env: | |
| BUILD_NUMBER: ${{ needs.build.outputs.build-number }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| # For now, the autoscan job need to execute two mvn commands: | |
| # * The build of java-checks-test-sources module which requires Java 24. | |
| # * The tests using Orchestrator and SonarQube that, for now, fail to work using Java 24 | |
| - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0 | |
| with: | |
| version: 2025.7.12 | |
| - uses: SonarSource/vault-action-wrapper@v3 | |
| id: secrets | |
| with: | |
| secrets: | | |
| development/kv/data/next url | SONAR_HOST_URL; | |
| development/kv/data/next token | SONAR_TOKEN; | |
| development/github/token/licenses-ro token | GITHUB_TOKEN; | |
| - name: Compile Test Sources | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| working-directory: java-checks-test-sources | |
| run: | | |
| mvn clean compile test-compile --batch-mode | |
| - name: Select Java 17 | |
| run: mise use java@17 | |
| - uses: SonarSource/ci-github-actions/config-maven@v1 | |
| with: | |
| deploy: false | |
| artifactory-reader-role: private-reader | |
| artifactory-deployer-role: qa-deployer | |
| - name: Run autoscan tests | |
| env: | |
| SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} | |
| working-directory: its/autoscan | |
| run: > | |
| mvn clean package --batch-mode --errors --show-version | |
| --activate-profiles it-autoscan | |
| -Dsonar.runtimeVersion=LATEST_RELEASE | |
| -Dmaven.test.redirectTestOutputToFile=false | |
| -Dparallel=methods | |
| -DuseUnlimitedThreads=true |