-
Notifications
You must be signed in to change notification settings - Fork 3
Add SonarQube code quality analysis workflow #226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,36 @@ | ||||||||||||||||||||||||||||||
| name: SonarQube | ||||||||||||||||||||||||||||||
| on: | ||||||||||||||||||||||||||||||
| push: | ||||||||||||||||||||||||||||||
| branches: | ||||||||||||||||||||||||||||||
| - main | ||||||||||||||||||||||||||||||
| pull_request: | ||||||||||||||||||||||||||||||
| types: [opened, synchronize, reopened] | ||||||||||||||||||||||||||||||
| jobs: | ||||||||||||||||||||||||||||||
| build: | ||||||||||||||||||||||||||||||
| name: Build and analyze | ||||||||||||||||||||||||||||||
| runs-on: ubuntu-latest | ||||||||||||||||||||||||||||||
| steps: | ||||||||||||||||||||||||||||||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||||||||||||||||||||||||||||||
| with: | ||||||||||||||||||||||||||||||
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | ||||||||||||||||||||||||||||||
| - name: Set up JDK 21 | ||||||||||||||||||||||||||||||
| uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 | ||||||||||||||||||||||||||||||
| with: | ||||||||||||||||||||||||||||||
| java-version: 21 | ||||||||||||||||||||||||||||||
| distribution: 'zulu' | ||||||||||||||||||||||||||||||
|
Comment on lines
+17
to
+24
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Inconsistent action version pinning: This workflow uses full commit SHAs for some actions while other workflows in the repo use semantic versioning (
Examples from other workflows:
|
||||||||||||||||||||||||||||||
| - name: Cache SonarQube packages | ||||||||||||||||||||||||||||||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | ||||||||||||||||||||||||||||||
| with: | ||||||||||||||||||||||||||||||
| path: ~/.sonar/cache | ||||||||||||||||||||||||||||||
| key: ${{ runner.os }}-sonar | ||||||||||||||||||||||||||||||
| restore-keys: ${{ runner.os }}-sonar | ||||||||||||||||||||||||||||||
| - name: Cache Maven packages | ||||||||||||||||||||||||||||||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | ||||||||||||||||||||||||||||||
| with: | ||||||||||||||||||||||||||||||
| path: ~/.m2 | ||||||||||||||||||||||||||||||
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | ||||||||||||||||||||||||||||||
| restore-keys: ${{ runner.os }}-m2 | ||||||||||||||||||||||||||||||
| - name: Build and analyze | ||||||||||||||||||||||||||||||
| env: | ||||||||||||||||||||||||||||||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||||||||||||||||||||||||||||||
| run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=bernardladenthin_java-llama.cpp | ||||||||||||||||||||||||||||||
|
Comment on lines
+37
to
+40
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Missing error handling: The workflow runs
Suggested change
Alternatively, document in the PR body or README that this workflow requires the |
||||||||||||||||||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing SPDX headers. Other workflows in this repo include SPDX copyright and license headers (e.g.,
codeql.yml,reuse.yml). Add: