Skip to content

Commit

Permalink
set sonar organization and project key
Browse files Browse the repository at this point in the history
  • Loading branch information
paul-gilber committed Nov 1, 2023
1 parent 485e5c0 commit 7ede97f
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 23 deletions.
11 changes: 1 addition & 10 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,15 +66,6 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout

# Cache NPM dependencies
- name: Install and Cache NPM dependencies
id: cache
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
with:
path: |
~/.npm
key: npm-${{ hashFiles('package.json','**/package-lock.json') }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 # https://github.com/marketplace/actions/docker-setup-build

Expand Down Expand Up @@ -170,7 +161,7 @@ jobs:
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
with:
path: ${{ env.TRIVY_CACHE_DIR }}
key: trivy-${{ hashFiles('**/pom.xml', '**/Containerfile*') }} # Trivy scan results are influenced by npm dependencies and Containerfile runtime image
key: trivy-${{ hashFiles('**/package-lock.json', '**/Containerfile*') }} # Trivy scan results are influenced by npm dependencies and Containerfile runtime image

- name: Scan Image with Aqua Security Trivy
uses: aquasecurity/trivy-action@0.13.0 # https://github.com/marketplace/actions/aqua-security-trivy
Expand Down
18 changes: 5 additions & 13 deletions .github/workflows/code-scan-sonarcloud.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,6 @@ jobs:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0

# Setup Java
- uses: actions/setup-java@v3 # https://github.com/actions/setup-java
with:
distribution: microsoft # Microsoft was selected to match Visual Studio Code Dev Container Java distribuition, see .devcontainer/devcontainer.json. Supported distributions: https://github.com/actions/setup-java#supported-distributions
java-version: '17' # Java version must match `project.properties['java.version']` in pom.xml

- name: Cache NPM dependencies
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
with:
path: |
~/.npm
key: npm-${{ hashFiles('**/pom.xml') }}

- name: Cache SonarCloud dependencies
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
with:
Expand All @@ -75,6 +62,11 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
with:
projectBaseDir: src
args: >
-Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \
-Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }}
# In case you need to override default settings
# - name: Analyze with SonarCloud
Expand Down

0 comments on commit 7ede97f

Please sign in to comment.