From 62a89233dbd9354fa6d23bae68c123f385dbb5f3 Mon Sep 17 00:00:00 2001
From: Oliver Weyhmueller <oliver@weyhmueller.de>
Date: Sun, 5 Jan 2025 17:08:27 +0100
Subject: [PATCH] ci: improve Sonarqube pipeline

---
 .gitea/workflows/release.yaml   |  2 +-
 .gitea/workflows/sonarqube.yaml | 52 ++++++++++++++++++++++++++++++---
 2 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index b9d68ad..6bfd2fc 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml
index 2d1c386..914be66 100644
--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@@ -16,8 +16,52 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: SonarQube Scan
-        uses: https://github.com/kitabisa/sonarqube-action@v1.2.1
+      - name: Set up Environment
+        run: |
+          apt update
+          apt install -y zip
+          mkdir -p /root/.jreleaser
+          touch /root/.jreleaser/config.properties
+
+      - name: Install syft
+        uses: https://github.com/anchore/sbom-action/download-syft@v0
+        id: install_syft
         with:
-          host: ${{ secrets.SONARQUBE_HOST }}
-          login: ${{ secrets.SONARQUBE_TOKEN }}
+          syft-version: v1.18.1
+
+      - name: Cache Java and Maven software
+        uses: https://github.com/actions/cache@v4
+        with:
+          path: ~/.sdkman
+          key: ${{ runner.os }}-sdkman
+          restore-keys: |
+            ${{ runner.os }}-sdkman
+        env:
+          ACTIONS_STEP_DEBUG: true
+
+      - name: Cache SonarQube packages
+        uses: https://github.com/actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: Cache local Maven repository
+        uses: https://github.com/actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven
+          restore-keys: |
+            ${{ runner.os }}-maven
+        env:
+          ACTIONS_STEP_DEBUG: true
+
+      - name: Install Java & Maven
+        uses: https://github.com/sdkman/sdkman-action@main
+        id: sdkman
+
+      - name: SonarQube Scan
+        env:
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+          SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }}
+        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar