chore: change to a secure base image #8529
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SonarCloud Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
types: [opened, synchronize, reopened] | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: temurin | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Install modules to local maven | |
run: | | |
mvn install -T 1C -DskipTests -ntp -B | |
cd showcase | |
mvn install -T 1C -DskipTests -ntp -B | |
- name: Parse showcase version | |
working-directory: showcase/gapic-showcase | |
run: echo "SHOWCASE_VERSION=$(mvn help:evaluate -Dexpression=gapic-showcase.version -q -DforceStdout)" >> "$GITHUB_ENV" | |
- name: Install showcase server | |
run: | | |
sudo mkdir -p /usr/src/showcase | |
sudo chown -R ${USER} /usr/src/ | |
curl --location https://github.com/googleapis/gapic-showcase/releases/download/v${{env.SHOWCASE_VERSION}}/gapic-showcase-${{env.SHOWCASE_VERSION}}-linux-amd64.tar.gz --output /usr/src/showcase/showcase-${{env.SHOWCASE_VERSION}}-linux-amd64.tar.gz | |
cd /usr/src/showcase/ | |
tar -xf showcase-* | |
./gapic-showcase run & | |
cd - | |
# Intentionally do not run the Env Var Tests (no -PenvVarTests) as setting the Env Var | |
# may alter the results for other tests that use Env Var in the logic. Adding a Sonar | |
# step for a few tests (env var tests) may be overkill and should be better covered | |
# when we can upgrade to JUnit 5 (https://github.com/googleapis/sdk-platform-java/issues/1611#issuecomment-1970079325) | |
- name: Build and analyze for full test coverage | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
mvn -B verify -Dcheckstyle.skip \ | |
-DenableFullTestCoverage \ | |
-Penable-integration-tests \ | |
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
-Dsonar.projectKey=googleapis_gapic-generator-java \ | |
-Dsonar.organization=googleapis \ | |
-Dsonar.host.url=https://sonarcloud.io | |
- name: Build and analyze Showcase Integration Tests Coverage | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
mvn -B clean verify -Dcheckstyle.skip \ | |
-DskipUnitTests \ | |
-Penable-integration-tests \ | |
-DenableShowcaseTestCoverage \ | |
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
-Dsonar.projectKey=googleapis_gapic-generator-java_integration_tests \ | |
-Dsonar.organization=googleapis \ | |
-Dsonar.host.url=https://sonarcloud.io \ | |
-Dsonar.projectName=java_showcase_integration_tests |