Set up Sonarcloud analysys github CI build job

groldan · Dec 27, 2023 · 29621be · 29621be
1 parent 355d236
commit 29621be
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 1 deletion.
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,57 @@
+# Builds and pushes docker images on main and tags
+
+name: SonarCloud QA
+on:
+  push:
+    branches:
+      - branch-sonarcloud
+    paths:
+      - ".github/workflows/sonarcloud.yml"
+      - "src/**"
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    name: Build and Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    # Only analyze with Sonar on non-fork repos:
+    # https://github.community/t/how-to-detect-a-pull-request-from-a-fork/18363/4
+    # if: github.event.pull_request.head.repo.fork != true
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 500  # Shallow clones should be disabled for a better relevancy of analysis
+        submodules: recursive
+        show-progress: 'false'
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: '17'
+        cache: 'maven'
+    - name: Cache SonarCloud packages
+      uses: actions/cache@v3
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+
+    - name: Analyze with Sonar
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: |
+        mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+        -f src/pom.xml \
+        -Prelease \
+        -Dcoverage \
+        -Dsonar.host.url=https://sonarcloud.io \
+        -Dsonar.projectKey=groldan_geoserver \
+        -Dsonar.organization=groldan \
+        -Dmaven.javadoc.skip=true \
+        -ntp \
+        -T1C
+
diff --git a/README.md b/README.md
@@ -3,6 +3,21 @@
 [![Gitter](https://badges.gitter.im/geoserver/geoserver.svg)](https://gitter.im/geoserver/geoserver?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![DOI](https://zenodo.org/badge/2751199.svg)](https://zenodo.org/badge/latestdoi/2751199)
 
+[![SonarCloud](https://sonarcloud.io/images/project_badges/sonarcloud-white.svg)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+
+[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=bugs)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=coverage)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=groldan_geoserver&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=groldan_geoserver)
+
+
 [GeoServer](https://geoserver.org) is an open source software server written in Java that 
 allows users to share and edit geospatial data. Designed for interoperability, it publishes data from 
 any major spatial data source using open standards.

diff --git a/src/pom.xml b/src/pom.xml
@@ -147,7 +147,7 @@
     <mysql.jdbc.version>8.0.28</mysql.jdbc.version>
     <solrj.version>7.2.1</solrj.version>
     <mockito.version>3.12.4</mockito.version>
-    <jacoco.version>0.8.6</jacoco.version>
+    <jacoco.version>0.8.11</jacoco.version>
     <hazelcast.version>5.3.6</hazelcast.version>
     <xalan.version>2.7.3</xalan.version>
     <argLine>-Xmx${test.maxHeapSize} -enableassertions ${jvm.opts} -Djava.awt.headless=${java.awt.headless} -Dsun.java2d.d3d=${sun.java2d.d3d} -DremoteOwsTests=${remoteOwsTests} -DquietTests=${quietTests} -Dorg.geotools.image.test.enabled=${image.tests} -Dorg.geotools.image.test.interactive=${interactive.image} -Duser.timezone=${user.timezone} -Dwindows.leniency=${windows.leniency} -XX:+TieredCompilation -XX:TieredStopAtLevel=1</argLine>
@@ -163,6 +163,7 @@
     <checkstyle.skip>false</checkstyle.skip>
     <qa>false</qa>
     <lint>deprecation,unchecked</lint>
+    <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
   </properties>
 
   <dependencyManagement>
@@ -2409,6 +2410,11 @@
     <!-- code coverage -->
     <profile>
       <id>jacoco</id>
+      <activation>
+        <property>
+          <name>coverage</name>
+        </property>
+      </activation>
       <build>
         <plugins>
           <plugin>