Skip to content

Commit

Permalink
ci: add sonar configuration for code coverage and RP, branch analysis
Browse files Browse the repository at this point in the history
  • Loading branch information
ariwk committed Oct 23, 2024
1 parent fba6a88 commit cbb870d
Show file tree
Hide file tree
Showing 7 changed files with 76 additions and 42 deletions.
1 change: 0 additions & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
# These owners will be the default owners for everything in the repo.
# Unless a later match takes precedence, global owners will be requested for review when someone opens a pull request.
.pre-commit-config.yaml app/renovate-approve
* @SchweizerischeBundesbahnen/SBB-CLEW-POLARION-ADMINS @SchweizerischeBundesbahnen/SBB-CLEW-POLARION-MAINTAINERS
76 changes: 43 additions & 33 deletions .github/workflows/maven-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ name: maven-build
on:
push:
branches: ['**/**']
pull_request:
branches: [main]
types: [opened, synchronize, reopened, ready_for_review]
jobs:
build:
runs-on: ubuntu-latest
Expand All @@ -13,25 +16,34 @@ jobs:
COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN }}
COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }}
GITHUB_TOKEN: ${{ github.token }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
MARKDOWN2HTML_MAVEN_PLUGIN_FAIL_ON_ERROR: true
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
- name: Set up JDK and Maven
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
- name: 📄 Checkout the repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
with:
fetch-depth: 0
- name: 🧱 Set up JDK and Maven
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
with:
distribution: adopt
java-version: 17
gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }}
- name: Prepare Cache
- name: 📝 Get the project version
id: project_version
run: echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
- name: 📝 Store cache key
id: cache_key
run: echo "cache_key=${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}" >> $GITHUB_OUTPUT
- name: 💾 Prepare cache using cache key
id: prepare-cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
with:
path: |
/home/runner/.m2
/home/runner/work
key: ${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }}
- name: Generate settings.xml
key: ${{ steps.cache_key.outputs.cache_key }}
- name: 🔘 Generate settings.xml for Maven
uses: whelk-io/maven-settings-xml-action@9dc09b23833fa9aa7f27b63db287951856f3433d # v22
with:
repositories: >
Expand Down Expand Up @@ -78,21 +90,19 @@ jobs:
}
}
]
- name: Print settings.xml
- name: 🔘 Print settings.xml
run: cat /home/runner/.m2/settings.xml
- name: Build with Maven
run: mvn --batch-mode clean package
- name: Store project version
id: project_version
run: echo "project_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT
- name: Store cache key
id: cache_key
run: echo "cache_key=${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }}" >> $GITHUB_OUTPUT
- name: 📦 Build with Maven for Pushes
if: github.event_name == 'push'
run: mvn --batch-mode clean package # sonar:sonar -Dsonar.branch.name=${{ github.head_ref }}
- name: 📦 Build with Maven for PRs
if: github.event_name == 'pull_request'
run: mvn --batch-mode clean package # sonar:sonar -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.pullrequest.branch=${{ github.head_ref }} -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
outputs:
project_version: ${{ steps.project_version.outputs.project_version }}
cache_key: ${{ steps.cache_key.outputs.cache_key }}

# deploy to Maven Central
# Deploy release to Maven Central
deploy-maven-central:
needs: build
runs-on: ubuntu-latest
Expand All @@ -104,24 +114,24 @@ jobs:
COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_TOKEN }}
COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }}
steps:
- name: Set up JDK and Maven
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
- name: 🧱 Set up JDK and Maven
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
with:
distribution: adopt
java-version: 17
gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }}
- name: Restore Cache
- name: 💾 Restore cache using cache key
id: restore-cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
with:
path: |
/home/runner/.m2
/home/runner/work
key: ${{ needs.build.outputs.cache_key }}
- name: Publish to Maven Central
- name: 📦 Deploy artifacts to Maven Central
run: mvn --batch-mode -Dmaven.test.skip=true deploy -P gpg-sign -P nexus-staging

# deploy to GitHub Packages
# Deploy release to GitHub Packages
deploy-github-packages:
needs: build
runs-on: ubuntu-latest
Expand All @@ -134,21 +144,21 @@ jobs:
S3_SBB_POLARION_MAVEN_REPO_RW_SECRET_ACCESS_KEY: ${{ secrets.S3_SBB_POLARION_MAVEN_REPO_RW_SECRET_ACCESS_KEY }}
GITHUB_TOKEN: ${{ github.token }}
steps:
- name: Set up JDK and Maven
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
- name: 🧱 Set up JDK and Maven
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
with:
distribution: adopt
java-version: 17
- name: Cache
id: cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
- name: 💾 Restore cache using cache key
id: restore-cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4
with:
path: |
/home/runner/.m2
/home/runner/work
key: ${{ needs.build.outputs.cache_key }}
- name: Publish to GitHub Packages
- name: 📦 Deploy artifacts to GitHub Packages
run: mvn --batch-mode -Dmaven.test.skip=true -Dmaven.javadoc.skip=true -Dmaven.source.skip=true deploy -P deploy-github-packages
- name: Upload assets
run: cd ${{github.workspace}} && gh release upload v${{ needs.build.outputs.project_version }} target/*-${{ needs.build.outputs.project_version }}.jar
shell: bash
- name: 📦 Upload assets to GitHub Release
run: |-
gh release upload v${{ needs.build.outputs.project_version }} target/*-${{ needs.build.outputs.project_version }}.jar
6 changes: 3 additions & 3 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@ jobs:
name: Check commit messages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
fetch-depth: 0
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
with:
cache: pip # caching pip dependencies
python-version: 3.x
- run: pip install commitizen
- name: Check commit messages
run: cz check --rev-range origin/${GITHUB_BASE_REF}..
2 changes: 1 addition & 1 deletion .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
steps:
- name: release-please
id: release
uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4
uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4
with:
release-type: maven
target-branch: main
17 changes: 16 additions & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,31 @@ repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-merge-conflict
- id: trailing-whitespace
- id: check-xml
- id: check-json
- id: check-yaml
- id: no-commit-to-branch
- id: mixed-line-ending
- id: end-of-file-fixer
- id: pretty-format-json
args: [ --autofix, --no-ensure-ascii, '--top-keys=openapi,info,servers,paths,components' ]
args: [--autofix, --no-ensure-ascii, '--top-keys=openapi,info,servers,paths,components']
files: docs/openapi.json
- repo: local
hooks:
- id: sensitive-data-leak-urls
name: Sensitive data leak - URLs
entry: (?<!polarion-opensource@)(?<!www\.)sbb\.ch
language: pygrep
types: [text]
- id: sensitive-data-leak-ue-numbers
name: Sensitive data leak - UE numbers
entry: \b([uUeE]{1,2})\d{5,6}\b
language: pygrep
types: [text]
- repo: https://github.com/zricethezav/gitleaks
rev: v8.21.1
hooks:
Expand Down
5 changes: 2 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,11 @@ Before you submit your Pull Request (PR) consider the following guidelines:
is necessary because release notes are automatically generated from these messages.

```shell
git commit -a -S
git commit -a --gpg-sign
```
Note: The optional commit `-a` command line option will automatically "add" and "rm" edited files.

Note: The command line option `-S` generates a signed commit, which is required to make a contribution (See [Developer Certificate of Origin](./LICENSES/DCO.txt))
Note: The command line option `-S/--gpg-sign` generates a signed commit, which is required to make a contribution (See [Developer Certificate of Origin](./LICENSES/DCO.txt))

* Push your branch to GitHub:

Expand All @@ -104,4 +104,3 @@ To ensure consistency throughout the source code, keep these rules in mind as yo
* All features or bug fixes **must be tested** by one or more specs (unit-tests).
* All API methods **must be documented**.
* Also see [CODING_STANDARDS.md](./CODING_STANDARDS.md)

11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=bugs)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=coverage)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)
[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=SchweizerischeBundesbahnen_ch.sbb.polarion.extension.api-extender)

# API extension for Polarion ALM

This Polarion extension provides additional functionality which is not implemented in standard Polarion API for some reason.
Expand Down

0 comments on commit cbb870d

Please sign in to comment.