IDEMPIERE-4360 add sonarcloud.io (#421)

This commit is contained in:
hieplq 2020-11-30 09:37:49 +07:00 committed by GitHub
parent 0eb4986513
commit 5f30b001e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 10 deletions

View File

@ -42,14 +42,25 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# fetch all commit so sornar can know who change a line, it's resolved Warning: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
fetch-depth: 0
if: github.event_name != 'pull_request'
# If this run was triggered by a pull request event, then checkout
# the head of the pull request instead of the merge commit.
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
- name: Checkout repository
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }} # check out PR head
# fetch all commit so sornar can know who change a line, it's resolved Warning: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
fetch-depth: 0
if: github.event_name == 'pull_request'
- name: Cache material
uses: actions/cache@v2
with:
path: |
~/.sonar/cache
~/.m2
key: ${{ runner.os }}-master
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
@ -63,9 +74,9 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
#- name: Autobuild
# uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@ -77,5 +88,13 @@ jobs:
# make bootstrap
# make release
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
export MAVEN_OPTS="-Xmx4G"
mvn -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dsonar.java.source=$java -Dsonar.java.target=$java verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1