midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-4360 add sonarcloud.io (#421)

This commit is contained in:
hieplq 2020-11-30 09:37:49 +07:00 committed by GitHub
parent 0eb4986513
commit 5f30b001e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
.github/workflows/codeql-analysis.yml vendored
View File

@ -42,14 +42,25 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
# We must fetch at least the immediate parents so that if this is # fetch all commit so sornar can know who change a line, it's resolved Warning: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
# a pull request then we can checkout the head. fetch-depth: 0
fetch-depth: 2 if: github.event_name != 'pull_request'
# If this run was triggered by a pull request event, then checkout - name: Checkout repository
# the head of the pull request instead of the merge commit. uses: actions/checkout@v2
- run: git checkout HEAD^2 with:
if: ${{ github.event_name == 'pull_request' }} ref: ${{ github.event.pull_request.head.sha }} # check out PR head
# fetch all commit so sornar can know who change a line, it's resolved Warning: Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
fetch-depth: 0
if: github.event_name == 'pull_request'
- name: Cache material
uses: actions/cache@v2
with:
path: |
~/.sonar/cache
~/.m2
key: ${{ runner.os }}-master
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL
@ -63,8 +74,8 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below) # If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild #- name: Autobuild
uses: github/codeql-action/autobuild@v1 # uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell. # Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl # 📚 https://git.io/JvXDl
@ -77,5 +88,13 @@ jobs:
# make bootstrap # make bootstrap
# make release # make release
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
export MAVEN_OPTS="-Xmx4G"
mvn -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dsonar.java.source=$java -Dsonar.java.target=$java verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1 uses: github/codeql-action/analyze@v1