sonar qubecicd

.github/workflows/cicd.yml

@@ -13,13 +13,32 @@ jobs:
     name: Quality Scan
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
-      - uses: sonarsource/sonarqube-scan-action@master
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 17
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+      - name: Cache SonarQube packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
         env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        run: ./gradlew build sonar --info
+
       # If you wish to fail your job when the Quality Gate is red, uncomment the
       # following lines. This would typically be used to fail a deployment.
       - uses: sonarsource/sonarqube-quality-gate-action@master
@@ -33,20 +52,20 @@ jobs:
     needs: quality-check
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Setup SHA
         run: echo "GITHUB_SHA=${GITHUB_SHA}" >> $GITHUB_ENV
 
-      - name: Build the Docker image
-        run: docker build . --file Dockerfile --tag ghcr.io/aorjoa-training/devops-go-example:${{ env.GITHUB_SHA }}
-
       - name: Integration test inside Docker-compose cleanup
         run: docker-compose -f docker-compose.test.yml down
 
       - name: Integration test inside Docker-compose
-        run: docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit --exit-code-from it_tests
+        run: docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit --exit-code-from it_test
 
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile.multi --tag ghcr.io/aorjoa/devops-java-example:${{ env.GITHUB_SHA }}
+
       - name: Login ghcr.io
         uses: docker/login-action@v1.8.0
         with:
@@ -60,7 +79,7 @@ jobs:
         with:
           context: .
           tags: |
-            ghcr.io/aorjoa-training/devops-go-example:${{ env.GITHUB_SHA }}
+            ghcr.io/aorjoa/devops-java-example:${{ env.GITHUB_SHA }}
           # build on feature branches, push only on main branch
           push: ${{ github.ref == 'refs/heads/main' }}
 
@@ -69,27 +88,27 @@ jobs:
   # ==============
   # CD task
   # ==============
-  gitops-versioning:
-    runs-on: ubuntu-latest
-    needs: build-and-push-docker-image
-    steps:
-      - name: checkout
-        uses: actions/checkout@v2
-        with:
-          repository: aorjoa-training/devops-argocd
-          persist-credentials: false
-          fetch-depth: 0
-      - name: change image tag
-        run: |
-          git --version
-          git config user.name "aorjoa"
-          git config user.email "root@aorjoa.link"
-          sed -i -E "s/ghcr.io\/aorjoa-training\/devops-go-example.*$/ghcr.io\/aorjoa-training\/devops-go-example:${GITHUB_SHA}/" kube-gitops/deployment.yml
-          git add kube-gitops/deployment.yml
-          git commit -m "🤖 change docker image version to ${GITHUB_SHA}"
-      - name: push changes
-        uses: ad-m/github-push-action@master
-        with:
-          github_token: ${{ secrets.PAT }}
-          repository: aorjoa-training/devops-argocd
-          branch: main
+  # gitops-versioning:
+  #   runs-on: ubuntu-latest
+  #   needs: build-and-push-docker-image
+  #   steps:
+  #     - name: checkout
+  #       uses: actions/checkout@v4
+  #       with:
+  #         repository: aorjoa/devops-argocd
+  #         persist-credentials: false
+  #         fetch-depth: 0
+  #     - name: change image tag
+  #       run: |
+  #         git --version
+  #         git config user.name "aorjoa"
+  #         git config user.email "root@aorjoa.link"
+  #         sed -i -E "s/ghcr.io\/aorjoa-training\/devops-go-example.*$/ghcr.io\/aorjoa-training\/devops-go-example:${GITHUB_SHA}/" kube-gitops/deployment.yml
+  #         git add kube-gitops/deployment.yml
+  #         git commit -m "🤖 change docker image version to ${GITHUB_SHA}"
+  #     - name: push changes
+  #       uses: ad-m/github-push-action@master
+  #       with:
+  #         github_token: ${{ secrets.PAT }}
+  #         repository: aorjoa-training/devops-argocd
+  #         branch: main

build.gradle

@@ -3,6 +3,13 @@ plugins {
 	id 'org.springframework.boot' version '3.1.5'
 	id 'io.spring.dependency-management' version '1.1.3'
 	id 'com.google.cloud.tools.jib' version '3.4.0'
+	id 'org.sonarqube' version '4.4.1.3373'
+}
+
+sonar {
+  properties {
+    property "sonar.projectKey", "petstore"
+  }
 }
 
 group = 'com.example'

src/main/resources/application.properties

@@ -5,4 +5,4 @@ spring.datasource.driver-class-name=org.postgresql.Driver
 spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.show-sql=true
 ## Hibernate ddl auto (create, create-drop, validate, update)
-spring.jpa.hibernate.ddl-auto=update
+spring.jpa.hibernate.ddl-auto=update