diff --git a/.gitea/workflows/release.yaml b/.forgejo/workflows/release.yaml similarity index 68% rename from .gitea/workflows/release.yaml rename to .forgejo/workflows/release.yaml index 6bfd2fc..d5016b9 100644 --- a/.gitea/workflows/release.yaml +++ b/.forgejo/workflows/release.yaml @@ -25,6 +25,80 @@ jobs: mkdir -p /root/.jreleaser touch /root/.jreleaser/config.properties + - name: maven-settings-xml-action + uses: https://github.com/whelk-io/maven-settings-xml-action@v22 + with: + repositories: > + [ + { + "id": "maven-releases", + "name": "Releases", + "url": "https://nexus.w9r.dev/repository/maven-releasesl", + "releases": { + "enabled": "true", + "updatePolicy": "always", + "checksumPolicy": "warn" + }, + "snapshots": { + "enabled": "false", + "updatePolicy": "always", + "checksumPolicy": "fail" + } + }, + { + "id": "maven-snapshots", + "name": "Snapshots", + "url": "https://nexus.w9r.dev/repository/maven-snapshots", + "releases": { + "enabled": "false", + "updatePolicy": "always", + "checksumPolicy": "warn" + }, + "snapshots": { + "enabled": "true", + "updatePolicy": "always", + "checksumPolicy": "warn" + } + } + ] + servers: > + [ + { + "id": "maven-group", + "username": "${{ secrets.NEXUS_USERNAME }}", + "password": "${{ secrets.NEXUS_PASSWORD }}", + }, + { + "id": "maven-snapshots", + "username": "${{ secrets.NEXUS_USERNAME }}", + "password": "${{ secrets.NEXUS_PASSWORD }}", + }, + { + "id": "maven-releases", + "username": "${{ secrets.NEXUS_USERNAME }}", + "password": "${{ secrets.NEXUS_PASSWORD }}", + }, + { + "id": "vulnz", + "username": "${{ secrets.VULNZ_USERNAME }}", + "password": "${{ secrets.VULNZ_PASSWORD }}", + }, + ] + mirrors: > + [ + { + "id": "maven-group", + "name": ""central", + "mirrorOf": "*", + "url": "https://nexus.w9r.dev/repository/maven-group/" + } + ] + plugin_groups: > + [ + "org.sonarsource.scanner.maven" + ] + output_file: .m2/settings.xml + - name: Determine next version uses: https://github.com/obfu5c8/action-svu@v1 id: generate_next_version diff --git a/.forgejo/workflows/sonarqube.yaml b/.forgejo/workflows/sonarqube.yaml new file mode 100644 index 0000000..863b065 --- /dev/null +++ b/.forgejo/workflows/sonarqube.yaml @@ -0,0 +1,141 @@ +--- +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + +name: SonarQube Scan +jobs: + sonarqube: + name: SonarQube Trigger + runs-on: ubuntu-latest + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Environment + run: | + apt update + apt install -y zip + mkdir -p /root/.jreleaser + touch /root/.jreleaser/config.properties + + - name: Install syft + uses: https://github.com/anchore/sbom-action/download-syft@v0 + id: install_syft + with: + syft-version: v1.18.1 + + - name: maven-settings-xml-action + uses: https://github.com/whelk-io/maven-settings-xml-action@v22 + with: + repositories: > + [ + { + "id": "maven-releases", + "name": "Releases", + "url": "https://nexus.w9r.dev/repository/maven-releasesl", + "releases": { + "enabled": "true", + "updatePolicy": "always", + "checksumPolicy": "warn" + }, + "snapshots": { + "enabled": "false", + "updatePolicy": "always", + "checksumPolicy": "fail" + } + }, + { + "id": "maven-snapshots", + "name": "Snapshots", + "url": "https://nexus.w9r.dev/repository/maven-snapshots", + "releases": { + "enabled": "false", + "updatePolicy": "always", + "checksumPolicy": "warn" + }, + "snapshots": { + "enabled": "true", + "updatePolicy": "always", + "checksumPolicy": "warn" + } + } + ] + servers: > + [ + { + "id": "maven-group", + "username": "${{ secrets.NEXUS_USERNAME }}", + "password": "${{ secrets.NEXUS_PASSWORD }}", + }, + { + "id": "maven-snapshots", + "username": "${{ secrets.NEXUS_USERNAME }}", + "password": "${{ secrets.NEXUS_PASSWORD }}", + }, + { + "id": "maven-releases", + "username": "${{ secrets.NEXUS_USERNAME }}", + "password": "${{ secrets.NEXUS_PASSWORD }}", + }, + { + "id": "vulnz", + "username": "${{ secrets.VULNZ_USERNAME }}", + "password": "${{ secrets.VULNZ_PASSWORD }}", + }, + ] + mirrors: > + [ + { + "id": "maven-group", + "name": ""central", + "mirrorOf": "*", + "url": "https://nexus.w9r.dev/repository/maven-group/" + } + ] + plugin_groups: > + [ + "org.sonarsource.scanner.maven" + ] + output_file: .m2/settings.xml + + - name: Cache Java and Maven software + uses: https://github.com/actions/cache@v4 + with: + path: ~/.sdkman + key: ${{ runner.os }}-sdkman + restore-keys: | + ${{ runner.os }}-sdkman + env: + ACTIONS_STEP_DEBUG: true + + - name: Cache SonarQube packages + uses: https://github.com/actions/cache@v4 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache local Maven repository + uses: https://github.com/actions/cache@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven + restore-keys: | + ${{ runner.os }}-maven + env: + ACTIONS_STEP_DEBUG: true + + - name: Install Java & Maven + uses: https://github.com/sdkman/sdkman-action@main + id: sdkman + + - name: SonarQube Scan + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml deleted file mode 100644 index 914be66..0000000 --- a/.gitea/workflows/sonarqube.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -on: - push: - branches: - - main - pull_request: - types: [opened, synchronize, reopened] - -name: SonarQube Scan -jobs: - sonarqube: - name: SonarQube Trigger - runs-on: ubuntu-latest - steps: - - name: Checking out - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up Environment - run: | - apt update - apt install -y zip - mkdir -p /root/.jreleaser - touch /root/.jreleaser/config.properties - - - name: Install syft - uses: https://github.com/anchore/sbom-action/download-syft@v0 - id: install_syft - with: - syft-version: v1.18.1 - - - name: Cache Java and Maven software - uses: https://github.com/actions/cache@v4 - with: - path: ~/.sdkman - key: ${{ runner.os }}-sdkman - restore-keys: | - ${{ runner.os }}-sdkman - env: - ACTIONS_STEP_DEBUG: true - - - name: Cache SonarQube packages - uses: https://github.com/actions/cache@v4 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Cache local Maven repository - uses: https://github.com/actions/cache@v4 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven - restore-keys: | - ${{ runner.os }}-maven - env: - ACTIONS_STEP_DEBUG: true - - - name: Install Java & Maven - uses: https://github.com/sdkman/sdkman-action@main - id: sdkman - - - name: SonarQube Scan - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }} - run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar