[issue - 1894] - Run sonar during install (#1918)

* Run sonar during install * Add exclusions * Remove exclusions * Remove activation * Update CI for PR and Push * Activate profile * debug environment * debug environment * debug environment * Add SCA to active profiles * Remove profile from CI * Activate SCA by default * Use mvn install * Update PR source branch
2025-12-02 02:26:00 +00:00 · 2021-12-30 17:31:25 +01:00 · 2021-12-30 17:31:25 +01:00 · 256c25934b
commit 256c25934b
parent 485e661430
3 changed files with 83 additions and 26 deletions
--- a/.github/workflows/maven-build.yml
+++ b/.github/workflows/maven-build.yml
@ -49,5 +49,15 @@ jobs:
        with:
          java-version: 11

+      - name: Build PR with Maven
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          mvn -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
+              -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \
+              -Dsonar.pullrequest.branch=${{ github.head_ref }} \
+              -Dsonar.pullrequest.base=origin/main \
+              -Dsonar.pullrequest.provider=github clean install
+
      - name: Build with Maven
-        run: mvn clean package
+        if: ${{ github.event_name == 'push' }}
+        run: mvn -Dsonar.login=${{ secrets.SONAR_TOKEN }} clean install
--- a/catalog-rest-service/pom.xml
+++ b/catalog-rest-service/pom.xml
@ -15,6 +15,10 @@
    <dropwizard.swagger.version>2.0.12-1</dropwizard.swagger.version>
    <testng.version>7.4.0</testng.version>
    <selenium.version>4.0.0</selenium.version>
+
+    <sonar.junit.reportPaths>${project.basedir}/target/surefire-reports</sonar.junit.reportPaths>
+    <sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+    <sonar.tests>${project.basedir}/src/test/java</sonar.tests>
  </properties>

  <dependencies>
--- a/pom.xml
+++ b/pom.xml
@ -79,8 +79,18 @@
    <log4j.version>2.17.0</log4j.version>
    <org.junit.jupiter.version>5.8.1</org.junit.jupiter.version>
    <dropwizard-health.version>1.7.1</dropwizard-health.version>
+
+    <!--   sonar   -Dsonar.login=XXX  -->
+    <sonar.projectKey>open-metadata_OpenMetadata</sonar.projectKey>
+    <sonar.moduleKey>${project.artifactId}</sonar.moduleKey>
    <sonar.organization>open-metadata</sonar.organization>
    <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+    <sonar.working.directory>target/sonar</sonar.working.directory>
+    <maven.sonar-plugin.version>3.7.0.1746</maven.sonar-plugin.version>
+    <sonar.language>java</sonar.language>
+    <sonar.skip>false</sonar.skip>
+    <sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
+
  </properties>
  <dependencyManagement>
    <dependencies>
@ -426,14 +436,61 @@
  </repositories>

  <profiles>
+
+    <profile>	<!-- run SCA -->
+      <id>static-code-analysis</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <build>
+        <plugins>
+
+          <plugin>
+            <groupId>org.jacoco</groupId>
+            <artifactId>jacoco-maven-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>prepare-agent</id>
+                <goals>
+                  <goal>prepare-agent</goal>
+                </goals>
+              </execution>
+              <execution>
+                <id>report</id>
+                <phase>verify</phase>
+                <goals>
+                  <goal>report</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+
+          <plugin>
+            <groupId>org.sonarsource.scanner.maven</groupId>
+            <artifactId>sonar-maven-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>sonar-verify-execution</id>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sonar</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+
  </profiles>
+
  <reporting>
    <plugins>
-        <plugin>
-            <groupId>org.apache.maven.plugins</groupId>
-            <artifactId>maven-jxr-plugin</artifactId>
-            <version>3.1.1</version>
-        </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jxr-plugin</artifactId>
+        <version>3.1.1</version>
+      </plugin>
    </plugins>
 </reporting>
  <build>
@ -542,6 +599,11 @@
          <artifactId>jacoco-maven-plugin</artifactId>
          <version>${jacoco-plugin.version}</version>
        </plugin>
+        <plugin>
+          <groupId>org.sonarsource.scanner.maven</groupId>
+          <artifactId>sonar-maven-plugin</artifactId>
+          <version>${maven.sonar-plugin.version}</version>
+        </plugin>
      </plugins>
    </pluginManagement>

@ -554,25 +616,6 @@
          <tagNameFormat>v@{project.version}</tagNameFormat>
        </configuration>
      </plugin>
-      <plugin>
-        <groupId>org.jacoco</groupId>
-        <artifactId>jacoco-maven-plugin</artifactId>
-        <executions>
-          <execution>
-            <id>default-prepare-agent</id>
-            <goals>
-              <goal>prepare-agent</goal>
-            </goals>
-          </execution>
-          <execution>
-            <id>report</id>
-            <phase>test</phase>
-            <goals>
-              <goal>report</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>versions-maven-plugin</artifactId>
@ -598,4 +641,4 @@
      </plugin>
    </plugins>
  </build>
-</project>
+</project>