Bg/app 493/convert qa01 report #5842
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is used to perform static code analysis on a gradle build | |
| name: "Sonar Scanner" | |
| on: | |
| workflow_call: | |
| secrets: | |
| PASSED_GITHUB_TOKEN: | |
| description: "Secret named GITHUB_TOKEN that references the github token for this repository." | |
| required: true | |
| SONAR_TOKEN: | |
| description: "Secret named SONAR_TOKEN that references the sonar token secret corresponding to the project in sonarcloud." | |
| required: true | |
| DATABASE_USER: | |
| description: "Secret named DATABASE_USER that references the test database container default username" | |
| required: true | |
| DATABASE_PASSWORD: | |
| description: "Secret named DATABASE_PASSWORD that references the test database container default password" | |
| required: true | |
| TOKEN_SECRET: | |
| description: "Secret named TOKEN_SECRET that references a default JWT token key" | |
| required: true | |
| PARAMETER_SECRET: | |
| description: "Secret named PARAMETER_SECRET that references a default key for encrypting search parameters" | |
| required: true | |
| pull_request: | |
| paths: | |
| - "apps/**" | |
| - "!apps/modernization-ui/**" | |
| - "!apps/report-execution/**" | |
| - "libs/**" | |
| - "build.gradle" | |
| - "settings.gradle" | |
| - "gradle/**" | |
| - ".github/workflows/sonar.yaml" | |
| env: | |
| deployment_env: dev | |
| passed_github_token: ${{secrets.PASSED_GITHUB_TOKEN}} | |
| sonar_token: ${{secrets.SONAR_TOKEN}} | |
| test_database_user: ${{secrets.DATABASE_USER}} | |
| test_database_password: ${{secrets.DATABASE_PASSWORD}} | |
| token_secret: ${{secrets.TOKEN_SECRET}} | |
| parameter_secret: ${{secrets.PARAMETER_SECRET}} | |
| jobs: | |
| pipeline: | |
| name: Build and analyze Java | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: "temurin" | |
| java-version: "21" | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: ${{ runner.os }}-gradle | |
| - name: Build and analyze | |
| working-directory: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ env.passed_github_token }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ env.sonar_token }} | |
| DATABASE_USER: ${{ env.test_database_user }} | |
| DATABASE_PASSWORD: ${{ env.test_database_password }} | |
| TOKEN_SECRET: ${{ env.token_secret }} | |
| PARAMETER_SECRET: ${{ env.parameter_secret }} | |
| run: ./gradlew clean build codeCoverageReport sonar | |
| - name: Publish Testing Reports | |
| if: always() | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: all-test-reports | |
| # The '**' tells GitHub to look in every sub-folder for reports | |
| path: "**/build/reports/**" |