Skip to content
[ Start ] Build Project (Java/Maven)

Sonar scan in the build-pipeline #90

Sign in to view logs

Sonar scan in the build-pipeline

Sonar scan in the build-pipeline #90

Workflow file for this run

.github/workflows/maven_build.yml at 49bd491
name: '[ Start ] Build Project (Java/Maven)'
on:
workflow_dispatch:
inputs:
release_build:
description: 'toggles an release-build, by default false'
type: boolean
default: false
required: false
build_version:
description: 'The version to build and deploy'
type: string
required: true
default: '0-SNAPSHOT'
workflow_call:
inputs:
release_build:
description: 'toggles an release-build, by default false'
type: boolean
default: false
required: false
build_version:
description: 'The version to build and deploy'
type: string
required: false
default: '0-SNAPSHOT'
outputs:
build_artifact_id:
description: 'The id of the uploaded build artifacts.'
value: ${{ jobs.Build.outputs.build_artifacts_id}}
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
env:
BUILD_VERSION: ${{ inputs.build_version != '' && inputs.build_version || '0-SNAPSHOT' }}
jobs:
Build:
runs-on: ubuntu-latest
outputs:
build_artifacts_id: ${{ steps.BuildArtifactUpload.outputs.artifact-id }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup JDK
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
cache: 'maven'
cache-dependency-path: '**/pom.xml'
server-id: 'github'
gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}
gpg-passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }}
- name: Cache SonarQube packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Set version
if: ${{ inputs.release_build }}
run: ./mvnw versions:set -DnewVersion=${{ env.BUILD_VERSION }} -DgenerateBackupPoms=false
- name: Build project, run unit and integration tests
id: Build
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: ./mvnw -T1C --batch-mode clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=p3t_spring-cursorpaging
- name: Evaluate branch name where the scan results are added to in Sonarcloud
if: ${{inputs.actor != 'dependabot[bot]' }}
id: branch_to_scan
shell: bash
run: |
echo github.head_ref - pull request: ${{ github.head_ref }}
echo github.ref_name - push: ${{ github.ref_name }}
echo event: ${{ github.event_name }}
echo branch name to scan: ${{ github.head_ref || github.ref_name }}
echo name=${{ github.head_ref || github.ref_name }} >> $GITHUB_OUTPUT
- name: Javadoc and sign artifacts
if: ${{ inputs.release_build }}
run: ./mvnw -T1C --batch-mode package gpg:sign -Dgpg.signer=bc
env:
MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }}
MAVEN_GPG_KEY: ${{ secrets.GPG_SIGNING_KEY }}
GITHUB_DEPENDENCY_GRAPH_ENABLED: false
- name: (Info) Display structure of files
run: tree
- name: Upload build artifacts
id: BuildArtifactUpload
uses: actions/upload-artifact@v4
with:
name: build-artifacts-${{ inputs.build_version }}
path: |
./**/target/*${{ inputs.build_version }}*.jar
./**/target/*${{ inputs.build_version }}*.zip
./**/target/*${{ inputs.build_version }}*.asc
./**/target/reports/
retention-days: 10