Skip to content

Added GH_TOKEN to Maven workflow #31

Added GH_TOKEN to Maven workflow

Added GH_TOKEN to Maven workflow #31

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow helps you trigger a SonarCloud analysis of your code and populates
# GitHub Code Scanning alerts with the vulnerabilities found.
# Free for open source project.
# 1. Login to SonarCloud.io using your GitHub account
# 2. Import your project on SonarCloud
# * Add your GitHub organization first, then add your repository as a new project.
# * Please note that many languages are eligible for automatic analysis,
# which means that the analysis will start automatically without the need to set up GitHub Actions.
# * This behavior can be changed in Administration > Analysis Method.
#
# 3. Follow the SonarCloud in-product tutorial
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
#
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
# (On SonarCloud, click on your avatar on top-right > My account > Security
# or go directly to https://sonarcloud.io/account/security/)
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
name: SonarCloud analysis
on:
push:
branches: [ "develop" ]
pull_request:
branches: [ "develop" ]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
jobs:
Analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history for all branches and tags
- name: Set up Java
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin' # You can choose the distribution (e.g., 'temurin', 'zulu', 'adopt', etc.)
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven
- name: Install jq
run: sudo apt-get install -y jq
- name: Build and analyze with SonarCloud
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn clean verify sonar:sonar -Dsonar.projectKey=olsido_github-workflow-demo -Dsonar.organization=olsido -Dsonar.host.url=https://sonarcloud.io -Dsonar.token=${{ secrets.SONAR_TOKEN }}
- name: Wait for SonarCloud analysis to be processed
run: sleep 60
- name: Check SonarCloud Quality Gate status
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
for i in {1..10}; do
status=$(curl -s -u $SONAR_TOKEN: "https://sonarcloud.io/api/qualitygates/project_status?projectKey=olsido_github-workflow-demo" | jq -r '.projectStatus.status')
if [ "$status" == "OK" ]; then
echo "Quality gate passed: $status"
exit 0
elif [ "$status" == "ERROR" ]; then
echo "Quality gate failed: $status"
exit 1
else
echo "Quality gate status: $status. Retrying in 30 seconds..."
sleep 30
fi
done
echo "Quality gate check failed: Timed out"
exit 1