--- on: push: branches: - main pull_request: types: [opened, synchronize, reopened] name: SonarQube Scan jobs: sonarqube: name: SonarQube Trigger runs-on: ubuntu-latest steps: - name: Checking out uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Environment run: | apt update apt install -y zip mkdir -p /root/.jreleaser mkdir -p /root/.m2 touch /root/.jreleaser/config.properties - name: Install syft uses: https://github.com/anchore/sbom-action/download-syft@v0 id: install_syft with: syft-version: v1.18.1 - name: maven-settings-xml-action uses: https://github.com/whelk-io/maven-settings-xml-action@v22 with: repositories: > [ { "id": "maven-releases", "name": "Releases", "url": "https://nexus.w9r.dev/repository/maven-releases", "releases": { "enabled": "true", "updatePolicy": "always", "checksumPolicy": "warn" }, "snapshots": { "enabled": "false", "updatePolicy": "always", "checksumPolicy": "fail" } }, { "id": "maven-snapshots", "name": "Snapshots", "url": "https://nexus.w9r.dev/repository/maven-snapshots", "releases": { "enabled": "false", "updatePolicy": "always", "checksumPolicy": "warn" }, "snapshots": { "enabled": "true", "updatePolicy": "always", "checksumPolicy": "warn" } } ] servers: > [ { "id": "maven-group", "username": "${{ secrets.NEXUS_USERNAME }}", "password": "${{ secrets.NEXUS_PASSWORD }}" }, { "id": "maven-snapshots", "username": "${{ secrets.NEXUS_USERNAME }}", "password": "${{ secrets.NEXUS_PASSWORD }}" }, { "id": "maven-releases", "username": "${{ secrets.NEXUS_USERNAME }}", "password": "${{ secrets.NEXUS_PASSWORD }}" }, { "id": "vulnz", "username": "${{ secrets.VULNZ_USERNAME }}", "password": "${{ secrets.VULNZ_PASSWORD }}" } ] mirrors: > [ { "id": "maven-group", "name": "central", "mirrorOf": "*", "url": "https://nexus.w9r.dev/repository/maven-group/" } ] plugin_groups: > [ "org.sonarsource.scanner.maven" ] output_file: /root/.m2/settings.xml - name: Cache Java and Maven software uses: https://github.com/actions/cache@v4 with: path: ~/.sdkman key: ${{ runner.os }}-sdkman-${{ hashFiles('**/.sdkmanrc') }} restore-keys: | ${{ runner.os }}-sdkman- env: ACTIONS_STEP_DEBUG: true - name: Cache SonarQube packages uses: https://github.com/actions/cache@v4 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache local Maven repository uses: https://github.com/actions/cache@v4 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- env: ACTIONS_STEP_DEBUG: true - name: Install Java & Maven uses: https://github.com/sdkman/sdkman-action@main id: sdkman - name: SonarQube Scan env: SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} SONAR_HOST_URL: ${{ vars.SONARQUBE_HOST }} run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar