Skip to content

Use dependency-review-action v4 #26

Use dependency-review-action v4

Use dependency-review-action v4 #26

Workflow file for this run

# Copyright 2023 Rob Spoor
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: SonarCloud
on:
workflow_dispatch:
push:
# only run for branches, not tags
branches: ['**']
pull_request:
schedule:
- cron: '0 6 23 4,10 *'
jobs:
scan:
runs-on: ubuntu-latest
concurrency: sonar-${{ github.head_ref || github.ref_name }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
cache: 'maven'
- name: SonarQube Scan
run: |
mvn clean \
-Dcheckstyle.skip=true \
-Dmaven.javadoc.skip=true \
-Dmoditect.failOnWarning=false \
org.jacoco:jacoco-maven-plugin:prepare-agent \
package \
verify -Dgpg.skip=true \
org.jacoco:jacoco-maven-plugin:report \
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \
-Dsonar.organization=robtimus-github \
--file pom.xml -B --no-transfer-progress -Duser.timezone="Europe/Amsterdam"
env:
SONAR_TOKEN: ${{ secrets.SonarCloudToken }}
SONAR_HOST_URL: https://sonarcloud.io
- name: SonarQube Quality Gate check
uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SonarCloudToken }}
SONAR_HOST_URL: https://sonarcloud.io
with:
scanMetadataReportFile: target/sonar/report-task.txt