IDEMPIERE-4360 add sonarcloud.io (optimize) (#426)

* IDEMPIERE-4360 add sonarcloud.io

* IDEMPIERE-4360 add sonarcloud.io (update properties)

* IDEMPIERE-4360 add sonarcloud.io (optimize)

1. when use matrix for codeql-action then job of javascript run same job of java (mvn, sonar)
so don't use matrix do define separate job let javascript job faster a lot
2. reduce maven log and sonar log from info to warn
3. move project info from pom to yml let fork central place customize CI
This commit is contained in:
hieplq 2020-12-01 16:38:48 +07:00 committed by GitHub
parent 8cf16ba137
commit 87e55ae08f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 17 deletions

View File

@ -18,18 +18,12 @@ env:
java: 11 java: 11
jobs: jobs:
analyze: analyze_java:
name: Analyze name: Analyze java
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['java', 'javascript']
# Learn more...
# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
steps: steps:
@ -66,7 +60,7 @@ jobs:
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v1 uses: github/codeql-action/init@v1
with: with:
languages: ${{ matrix.language }} languages: java
# If you wish to specify custom queries, you can do so here or in a config file. # If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file. # By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file. # Prefix the list here with "+" to use these queries and those in the config file.
@ -88,13 +82,41 @@ jobs:
# make bootstrap # make bootstrap
# make release # make release
- name: Build and analyze - name: Build and sonar analyze
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: | run: |
export MAVEN_OPTS="-Xmx4G" export MAVEN_OPTS="-Xmx5G -Dorg.slf4j.simpleLogger.defaultLogLevel=warn"
mvn -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true -Dsonar.java.source=$java -Dsonar.java.target=$java verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar sonarProject="-Dsonar.projectKey=idempiere_idempiere -Dsonar.organization=idempiere"
sonar="-Dsonar.java.source=$java -Dsonar.java.target=$java -Dsonar.host.url=https://sonarcloud.io -Dsonar.log.level=WARN"
codeql="-Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true -Drat.skip=true"
mvn -B -V -e $codeql $sonar $sonarProject verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
analyze_javascript:
name: Analyze javascript
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
fetch-depth: 2
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: javascript
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1 uses: github/codeql-action/analyze@v1

View File

@ -11,11 +11,6 @@
<version>8.1.0-SNAPSHOT</version> <version>8.1.0-SNAPSHOT</version>
<relativePath>org.idempiere.parent/pom.xml</relativePath> <relativePath>org.idempiere.parent/pom.xml</relativePath>
</parent> </parent>
<properties>
<sonar.projectKey>idempiere_idempiere</sonar.projectKey>
<sonar.organization>idempiere</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
</properties>
<modules> <modules>
<module>org.adempiere.base</module> <module>org.adempiere.base</module>
<module>org.adempiere.base.callout</module> <module>org.adempiere.base.callout</module>