diff --git a/.github/workflows/sonar-scan.yaml b/.github/workflows/sonar-scan.yaml new file mode 100644 index 00000000..78e02034 --- /dev/null +++ b/.github/workflows/sonar-scan.yaml @@ -0,0 +1,59 @@ +################################################################################ +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################ + +name: "Sonar Analysis" +on: + workflow_dispatch: + push: + branches: + - main + schedule: + - cron: "0 0 * * *" + +env: + JAVA_VERSION: 17 + +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'adopt' + cache: maven + + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn --batch-mode verify sonar:sonar -Dsonar.projectKey=eclipse-tractusx_sldt-digital-twin-registry -Dsonar.organization=eclipse-tractusx \ No newline at end of file