ci: improve Sonarqube pipeline

2025-01-05 17:08:27 +01:00 · 2025-01-05 17:08:27 +01:00 · 62a89233db
commit 62a89233db
parent 6f6cbd35c4
2 changed files with 49 additions and 5 deletions
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@ -16,8 +16,52 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      - name: SonarQube Scan
-        uses: https://github.com/kitabisa/sonarqube-action@v1.2.1
+      - name: Set up Environment
+        run: |
+          apt update
+          apt install -y zip
+          mkdir -p /root/.jreleaser
+          touch /root/.jreleaser/config.properties
+
+      - name: Install syft
+        uses: https://github.com/anchore/sbom-action/download-syft@v0
+        id: install_syft
        with:
-          host: ${{ secrets.SONARQUBE_HOST }}
-          login: ${{ secrets.SONARQUBE_TOKEN }}
+          syft-version: v1.18.1
+
+      - name: Cache Java and Maven software
+        uses: https://github.com/actions/cache@v4
+        with:
+          path: ~/.sdkman
+          key: ${{ runner.os }}-sdkman
+          restore-keys: |
+            ${{ runner.os }}-sdkman
+        env:
+          ACTIONS_STEP_DEBUG: true
+
+      - name: Cache SonarQube packages
+        uses: https://github.com/actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: Cache local Maven repository
+        uses: https://github.com/actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven
+          restore-keys: |
+            ${{ runner.os }}-maven
+        env:
+          ACTIONS_STEP_DEBUG: true
+
+      - name: Install Java & Maven
+        uses: https://github.com/sdkman/sdkman-action@main
+        id: sdkman
+
+      - name: SonarQube Scan
+        env:
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+          SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }}
+        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar