sonar-bw/.github/workflows/ci.yml at main · TIBCOSoftware/sonar-bw · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: CI Pipeline

on:
  push:
    branches:
      - 'main'
      - 'develop'
      - 'release/**'
  pull_request:
    branches:
      - 'main'
      - 'develop'
      - 'release/**'

jobs:
  build:
    runs-on: ubuntu-latest
    services:
      docker:
        image: docker:19.03.12
        options: --privileged
    env:
      MAVEN_CLI_OPTS: "-s ci_settings.xml"
      MAVEN_OPTS: "-Dmaven.repo.local=.m2/repository"
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      GH_PAT: ${{ secrets.GH_PAT }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker
        uses: docker/setup-buildx-action@v3

      - name: Cache Maven local repository
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven

      - name: Set up JDK 11
        uses: actions/setup-java@v4
        with:
          distribution: 'adopt'
          java-version: '11'

      - name: Build with Maven
        run: mvn $MAVEN_CLI_OPTS clean initialize package
        env:
          MAVEN_OPTS: ${{ secrets.MAVEN_OPTS }}

      - name: Upload build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: sonar-bw
          path: ./target


  test:
    runs-on: ubuntu-latest
    needs: build
    env:
      MAVEN_CLI_OPTS: "-s ci_settings.xml"
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Cache Maven local repository
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven

      - name: Set up JDK 11
        uses: actions/setup-java@v4
        with:
          distribution: 'adopt'
          java-version: '11'

      - name: Run tests with JaCoCo
        run: mvn $MAVEN_CLI_OPTS clean org.jacoco:jacoco-maven-plugin:prepare-agent test jacoco:report

      - name: Upload test coverage
        uses: actions/upload-artifact@v4
        with:
          name: jacoco-report
          path: target/site/jacoco/jacoco.xml

  deploy:
    runs-on: ubuntu-latest
    needs: test
    env:
      MAVEN_CLI_OPTS: "-s ci_settings.xml"
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      GH_PAT: ${{ secrets.GH_PAT }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Cache Maven local repository
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven

      - name: Set up JDK 11
        uses: actions/setup-java@v4
        with:
          distribution: 'adopt'
          java-version: '11'

      - name: Extract Maven project version
        run: echo ::set-output name=version::$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
        id: project

      - name: Determine Version
        id: version
        run: |
          if [ "${GITHUB_REF_NAME}" == "main" ]; then
            echo "Keeping version as is"
          else
            mvn $MAVEN_CLI_OPTS versions:set -DgenerateBackupPoms=false -DnewVersion=${{ steps.project.outputs.version }}-SNAPSHOT
          fi
      - name: Vulnerability Check
        id: check
        run: |
          if [[ "${GITHUB_REF_NAME}" == "main" ]] || [[ "${GITHUB_REF_NAME}" =~ "release/" ]]; then
            mvn $MAVEN_CLI_OPTS org.owasp:dependency-check-maven:10.0.3:check
          fi
        env:
          MAVEN_OPTS: ${{ secrets.MAVEN_OPTS }}

      - name: Deploy with maven with Maven
        run: |
          if [[ "${GITHUB_REF_NAME}" == "main" ]] || [[ "${GITHUB_REF_NAME}" =~ "release/" ]]; then
            mvn $MAVEN_CLI_OPTS deploy
          fi
        env:
          MAVEN_OPTS: ${{ secrets.MAVEN_OPTS }}


  visualize:
    runs-on: ubuntu-latest
    needs: deploy
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Download JaCoCo report
        uses: actions/download-artifact@v4
        with:
          name: jacoco-report
          path: target/site/jacoco/

      - name: Convert JaCoCo to Cobertura
        run: |
          docker run --rm \
            -v ${{ github.workspace }}:/workspace \
            registry.gitlab.com/haynes/jacoco2cobertura:1.0.9 \
            python /opt/cover2cover.py /workspace/target/site/jacoco/jacoco.xml /workspace/src/main/java/ > ${{ github.workspace }}/target/site/cobertura.xml

      - name: Upload coverage report
        uses: actions/upload-artifact@v4
        with:
          name: cobertura-report
          path: ${{ github.workspace }}/target/site/cobertura.xml