Enhance GitHub Actions incl. sonarcloud

.github/workflows/maven-publish.yml

@@ -17,13 +17,19 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-    - name: Cache Maven packages
+    - name: Use Cache for Maven packages
       uses: actions/cache@v2
       with:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-m2
-
+
+    - name: Import GPG keys
+      run: 'echo -e "$GPG_FILE" | gpg2 --import --no-tty --batch --yes'
+      shell: bash
+      env:
+        GPG_FILE: ${{secrets.GPG_FILE}}
+
     - name: Set up Java for Apache Maven Central
       uses: actions/setup-java@v1
       with:
@@ -33,18 +39,12 @@ jobs:
         server-password: OSSRH_PASSWORD  # env variable for token in deploy
         gpg-passphrase: GPG_PASSPHRASE  # env variable for GPG private key passphrase
 
-    - name: Import GPG keys
-      run: 'echo -e "$GPG_FILE" | gpg2 --import --no-tty --batch --yes'
-      shell: bash
-      env:
-        GPG_FILE: ${{secrets.GPG_FILE}}
-
-    - name: Build with Maven
+    - name: Build and Verify with Maven
       run: mvn --batch-mode --update-snapshots clean compile verify
 
     - name: Publish to Apache Maven Central
       # run: mvn deploy --batch-mode --update-snapshots -P sign,!build-extras -Dmaven.test.skip=true
-      run: mvn deploy --batch-mode --update-snapshots -P sign,!build-extras -Dmaven.test.skip=true
+      run: mvn deploy --batch-mode --update-snapshots -P sign,!build-extras,deploy-ossrh -Dmaven.test.skip=true
       env:
         OSSRH_USERNAME: ${{ secrets.OSSRH_JIRA_USERNAME }}
         OSSRH_PASSWORD: ${{ secrets.OSSRH_JIRA_PASSWORD }}
@@ -56,11 +56,12 @@ jobs:
         java-version: 11
 
     - name: Publish to GitHub Packages
-      run: mvn deploy --batch-mode --update-snapshots -P sign,!build-extras,!deploy-ossrh -Dmaven.test.skip=true -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/csowada/ebus
+    #  -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/csowada/ebus
+      run: mvn deploy --batch-mode --update-snapshots -P !sign,!build-extras,!deploy-ossrh,deploy-github -Dmaven.test.skip=true
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Create Release
+    - name: Create GitGub Release
       id: create_release
       uses: actions/create-release@v1
       env:

.github/workflows/maven.yml

@@ -7,7 +7,7 @@ on:
   push:
     branches: [ master ]
   pull_request:
-    branches: [ master ]
+    types: [opened, synchronize, reopened]
 
 jobs:
 
@@ -17,21 +17,33 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
 
     - name: Cache Maven packages
       uses: actions/cache@v2
       with:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-m2
-
+
+    - name: Cache SonarCloud packages
+      uses: actions/cache@v2
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+
     - name: Set up Java
       uses: actions/setup-java@v1
       with:
         java-version: 11
 
-    - name: Build witrh Maven
-      run: mvn --batch-mode --update-snapshots clean compile verify
+    - name: Build and analyze
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
 
     - run: mkdir staging && cp target/*.jar staging
 

pom.xml

@@ -19,6 +19,9 @@
 		<maven.compiler.release>8</maven.compiler.release>
 		<license.year>2020</license.year>
 		<!-- <bundle.version>1.1.0.${maven.build.timestamp}</bundle.version> -->
+		<sonar.projectKey>csowada_ebus</sonar.projectKey>
+		<sonar.organization>csowada</sonar.organization>
+		<sonar.host.url>https://sonarcloud.io</sonar.host.url>
 	</properties>
 
 	<organization>
@@ -35,7 +38,7 @@
 
 	<developers>
 		<developer>
-			<email>git@cs-dev.de</email>
+			<email>opensource@cs-dev.de</email>
 			<name>Christian Sowada</name>
 			<url>https://github.com/csowada</url>
 			<id>csowada</id>
@@ -267,6 +270,22 @@
 				</repository>
 			</distributionManagement>
 		</profile>
+
+		<profile>
+			<id>deploy-github</id>
+			<activation>
+				<activeByDefault>false</activeByDefault>
+			</activation>
+
+			<distributionManagement>
+				<repository>
+				<id>github</id>
+				<name>GitHub Packages</name>
+				<url>https://maven.pkg.github.com/csowada/ebus</url>
+				</repository>
+			</distributionManagement>
+		</profile>
+
 	</profiles>
 
 	<dependencies>
@@ -345,4 +364,4 @@
 
 	</dependencies>
 
-</project>
+</project>

sonar-project.properties

@@ -0,0 +1,6 @@
+sonar.organization=csowada
+sonar.projectKey=csowada_ebus
+
+# relative paths to source directories. More details and properties are described
+# in https://sonarcloud.io/documentation/project-administration/narrowing-the-focus/ 
+sonar.sources=.