ci: add maven settings.xml
This commit is contained in:
parent
f598927653
commit
af2b07510a
GPG key ID:
5286794099F934A3
3 changed files with 215 additions and 67 deletions
|
|
@ -25,6 +25,80 @@ jobs:
|
|||
mkdir -p /root/.jreleaser
|
||||
touch /root/.jreleaser/config.properties
|
||||
|
||||
- name: maven-settings-xml-action
|
||||
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
|
||||
with:
|
||||
repositories: >
|
||||
[
|
||||
{
|
||||
"id": "maven-releases",
|
||||
"name": "Releases",
|
||||
"url": "https://nexus.w9r.dev/repository/maven-releases",
|
||||
"releases": {
|
||||
"enabled": "true",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "warn"
|
||||
},
|
||||
"snapshots": {
|
||||
"enabled": "false",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "fail"
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "maven-snapshots",
|
||||
"name": "Snapshots",
|
||||
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
|
||||
"releases": {
|
||||
"enabled": "false",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "warn"
|
||||
},
|
||||
"snapshots": {
|
||||
"enabled": "true",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "warn"
|
||||
}
|
||||
}
|
||||
]
|
||||
servers: >
|
||||
[
|
||||
{
|
||||
"id": "maven-group",
|
||||
"username": "${{ secrets.NEXUS_USERNAME }}",
|
||||
"password": "${{ secrets.NEXUS_PASSWORD }}"
|
||||
},
|
||||
{
|
||||
"id": "maven-snapshots",
|
||||
"username": "${{ secrets.NEXUS_USERNAME }}",
|
||||
"password": "${{ secrets.NEXUS_PASSWORD }}"
|
||||
},
|
||||
{
|
||||
"id": "maven-releases",
|
||||
"username": "${{ secrets.NEXUS_USERNAME }}",
|
||||
"password": "${{ secrets.NEXUS_PASSWORD }}"
|
||||
},
|
||||
{
|
||||
"id": "vulnz",
|
||||
"username": "${{ secrets.VULNZ_USERNAME }}",
|
||||
"password": "${{ secrets.VULNZ_PASSWORD }}"
|
||||
}
|
||||
]
|
||||
mirrors: >
|
||||
[
|
||||
{
|
||||
"id": "maven-group",
|
||||
"name": "central",
|
||||
"mirrorOf": "*",
|
||||
"url": "https://nexus.w9r.dev/repository/maven-group/"
|
||||
}
|
||||
]
|
||||
plugin_groups: >
|
||||
[
|
||||
"org.sonarsource.scanner.maven"
|
||||
]
|
||||
output_file: .m2/settings.xml
|
||||
|
||||
- name: Determine next version
|
||||
uses: https://github.com/obfu5c8/action-svu@v1
|
||||
id: generate_next_version
|
||||
141
.forgejo/workflows/sonarqube.yaml
Normal file
141
.forgejo/workflows/sonarqube.yaml
Normal file
|
|
@ -0,0 +1,141 @@
|
|||
---
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
name: SonarQube Scan
|
||||
jobs:
|
||||
sonarqube:
|
||||
name: SonarQube Trigger
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checking out
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Set up Environment
|
||||
run: |
|
||||
apt update
|
||||
apt install -y zip
|
||||
mkdir -p /root/.jreleaser
|
||||
touch /root/.jreleaser/config.properties
|
||||
|
||||
- name: Install syft
|
||||
uses: https://github.com/anchore/sbom-action/download-syft@v0
|
||||
id: install_syft
|
||||
with:
|
||||
syft-version: v1.18.1
|
||||
|
||||
- name: maven-settings-xml-action
|
||||
uses: https://github.com/whelk-io/maven-settings-xml-action@v22
|
||||
with:
|
||||
repositories: >
|
||||
[
|
||||
{
|
||||
"id": "maven-releases",
|
||||
"name": "Releases",
|
||||
"url": "https://nexus.w9r.dev/repository/maven-releases",
|
||||
"releases": {
|
||||
"enabled": "true",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "warn"
|
||||
},
|
||||
"snapshots": {
|
||||
"enabled": "false",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "fail"
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "maven-snapshots",
|
||||
"name": "Snapshots",
|
||||
"url": "https://nexus.w9r.dev/repository/maven-snapshots",
|
||||
"releases": {
|
||||
"enabled": "false",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "warn"
|
||||
},
|
||||
"snapshots": {
|
||||
"enabled": "true",
|
||||
"updatePolicy": "always",
|
||||
"checksumPolicy": "warn"
|
||||
}
|
||||
}
|
||||
]
|
||||
servers: >
|
||||
[
|
||||
{
|
||||
"id": "maven-group",
|
||||
"username": "${{ secrets.NEXUS_USERNAME }}",
|
||||
"password": "${{ secrets.NEXUS_PASSWORD }}"
|
||||
},
|
||||
{
|
||||
"id": "maven-snapshots",
|
||||
"username": "${{ secrets.NEXUS_USERNAME }}",
|
||||
"password": "${{ secrets.NEXUS_PASSWORD }}"
|
||||
},
|
||||
{
|
||||
"id": "maven-releases",
|
||||
"username": "${{ secrets.NEXUS_USERNAME }}",
|
||||
"password": "${{ secrets.NEXUS_PASSWORD }}"
|
||||
},
|
||||
{
|
||||
"id": "vulnz",
|
||||
"username": "${{ secrets.VULNZ_USERNAME }}",
|
||||
"password": "${{ secrets.VULNZ_PASSWORD }}"
|
||||
}
|
||||
]
|
||||
mirrors: >
|
||||
[
|
||||
{
|
||||
"id": "maven-group",
|
||||
"name": "central",
|
||||
"mirrorOf": "*",
|
||||
"url": "https://nexus.w9r.dev/repository/maven-group/"
|
||||
}
|
||||
]
|
||||
plugin_groups: >
|
||||
[
|
||||
"org.sonarsource.scanner.maven"
|
||||
]
|
||||
output_file: ~/.m2/settings.xml
|
||||
|
||||
- name: Cache Java and Maven software
|
||||
uses: https://github.com/actions/cache@v4
|
||||
with:
|
||||
path: ~/.sdkman
|
||||
key: ${{ runner.os }}-sdkman
|
||||
restore-keys: |
|
||||
${{ runner.os }}-sdkman
|
||||
env:
|
||||
ACTIONS_STEP_DEBUG: true
|
||||
|
||||
- name: Cache SonarQube packages
|
||||
uses: https://github.com/actions/cache@v4
|
||||
with:
|
||||
path: ~/.sonar/cache
|
||||
key: ${{ runner.os }}-sonar
|
||||
restore-keys: ${{ runner.os }}-sonar
|
||||
|
||||
- name: Cache local Maven repository
|
||||
uses: https://github.com/actions/cache@v4
|
||||
with:
|
||||
path: ~/.m2/repository
|
||||
key: ${{ runner.os }}-maven
|
||||
restore-keys: |
|
||||
${{ runner.os }}-maven
|
||||
env:
|
||||
ACTIONS_STEP_DEBUG: true
|
||||
|
||||
- name: Install Java & Maven
|
||||
uses: https://github.com/sdkman/sdkman-action@main
|
||||
id: sdkman
|
||||
|
||||
- name: SonarQube Scan
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
||||
SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }}
|
||||
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
---
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
name: SonarQube Scan
|
||||
jobs:
|
||||
sonarqube:
|
||||
name: SonarQube Trigger
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checking out
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Set up Environment
|
||||
run: |
|
||||
apt update
|
||||
apt install -y zip
|
||||
mkdir -p /root/.jreleaser
|
||||
touch /root/.jreleaser/config.properties
|
||||
|
||||
- name: Install syft
|
||||
uses: https://github.com/anchore/sbom-action/download-syft@v0
|
||||
id: install_syft
|
||||
with:
|
||||
syft-version: v1.18.1
|
||||
|
||||
- name: Cache Java and Maven software
|
||||
uses: https://github.com/actions/cache@v4
|
||||
with:
|
||||
path: ~/.sdkman
|
||||
key: ${{ runner.os }}-sdkman
|
||||
restore-keys: |
|
||||
${{ runner.os }}-sdkman
|
||||
env:
|
||||
ACTIONS_STEP_DEBUG: true
|
||||
|
||||
- name: Cache SonarQube packages
|
||||
uses: https://github.com/actions/cache@v4
|
||||
with:
|
||||
path: ~/.sonar/cache
|
||||
key: ${{ runner.os }}-sonar
|
||||
restore-keys: ${{ runner.os }}-sonar
|
||||
|
||||
- name: Cache local Maven repository
|
||||
uses: https://github.com/actions/cache@v4
|
||||
with:
|
||||
path: ~/.m2/repository
|
||||
key: ${{ runner.os }}-maven
|
||||
restore-keys: |
|
||||
${{ runner.os }}-maven
|
||||
env:
|
||||
ACTIONS_STEP_DEBUG: true
|
||||
|
||||
- name: Install Java & Maven
|
||||
uses: https://github.com/sdkman/sdkman-action@main
|
||||
id: sdkman
|
||||
|
||||
- name: SonarQube Scan
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
||||
SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }}
|
||||
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
|
||||
Loading…
Add table
Reference in a new issue