IDEMPIERE-4360 add sonarcloud.io (#421)

2020-11-30 09:37:49 +07:00 · 2020-11-30 09:37:49 +07:00 · 5f30b001e0
parent 0eb4986513
commit 5f30b001e0
1 changed files with 29 additions and 10 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -42,14 +42,25 @@ jobs:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
+        # fetch all commit so sornar can know who change a line, it's resolved Warning:  Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
+        fetch-depth: 0
+      if: github.event_name != 'pull_request'

-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.pull_request.head.sha }} # check out PR head
+        # fetch all commit so sornar can know who change a line, it's resolved Warning:  Shallow clone detected, no blame information will be provided. You can convert to non-shallow with 'git fetch --unshallow'.
+        fetch-depth: 0
+      if: github.event_name == 'pull_request'
+
+    - name: Cache material
+      uses: actions/cache@v2
+      with:
+        path: |
+          ~/.sonar/cache
+          ~/.m2
+        key: ${{ runner.os }}-master

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
@ -63,9 +74,9 @@ jobs:

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
+    #- name: Autobuild
+    #  uses: github/codeql-action/autobuild@v1
+    
    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl

@ -77,5 +88,13 @@ jobs:
    #   make bootstrap
    #   make release

+    - name: Build and analyze
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: |
+        export MAVEN_OPTS="-Xmx4G"
+        mvn -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dsonar.java.source=$java -Dsonar.java.target=$java verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+
    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1