Merge pull request #337 from bmunguli/ci/Add-sonarcloud-ci-analysis

chore: add ci analysis for sonar

.github/workflows/sonar-scan.yaml

@@ -0,0 +1,56 @@
+################################################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+################################################################################
+
+name: "Sonar Analysis"
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+          cache: maven
+
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name:  Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn --batch-mode verify sonar:sonar -Dsonar.projectKey=eclipse-tractusx_sldt-digital-twin-registry -Dsonar.organization=eclipse-tractusx

pom.xml

@@ -101,9 +101,21 @@
 		<!-- test libs -->
 		<assertj.version>3.24.2</assertj.version>
 		<junit.version>5.9.3</junit.version>
+		<jacoco.version>0.8.11</jacoco.version>
 
+		<!-- sonar plugin -->
+		<sonar-maven-plugin.version>3.10.0.2594</sonar-maven-plugin.version>
+
 		<!-- build -->
 		<maven.compiler.version>3.8.1</maven.compiler.version>
+
+		<!-- Sonar related properties -->
+		<sonar.organization>eclipse-tractusx</sonar.organization>
+		<sonar.host.url>https://sonarcloud.io</sonar.host.url>
+		<sonar.projectKey>eclipse-tractusx_sldt-digital-twin-registry</sonar.projectKey>
+		<sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
+		<sonar.projectName>sldt-digital-twin-registry</sonar.projectName>
+		<sonar.java.source>17</sonar.java.source>
 	</properties>
 
 	<modules>
@@ -426,6 +438,27 @@
 				</plugin>
 			</plugins>
 		</pluginManagement>
+		<plugins>
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+				<version>${jacoco.version}</version>
+				<executions>
+						<execution>
+								<goals>
+										<goal>prepare-agent</goal>
+								</goals>
+						</execution>
+						<execution>
+								<id>report</id>
+								<phase>test</phase>
+								<goals>
+										<goal>report</goal>
+								</goals>
+						</execution>
+				</executions>
+		</plugin>
+		</plugins>
 	</build>
 
 	<repositories>