Add Sonar and Grype

loicgreffier · loicgreffier · commit ae48f4be2c73 · 2025-06-21T00:02:06.000+02:00
# Conflicts:
#	pom.xml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -53,6 +53,29 @@ jobs:
         with:
           report_paths: '**/target/surefire-reports/TEST-*.xml'
 
+      - name: Grype source code
+        id: grype_source_code
+        uses: anchore/scan-action@v6
+        with:
+          path: .
+          fail-build: true
+          severity-cutoff: high
+          only-fixed: true
+
+      - name: Upload Grype source code report
+        if: always() && steps.grype_source_code.outputs.sarif != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.grype_source_code.outputs.sarif }}
+          category: 'source-code'
+
+      - name: Sonar
+        if: github.event.pull_request.head.repo.fork == false
+        run: mvn verify sonar:sonar
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
       - name: Docker
         if: github.ref == 'refs/heads/main'
         run: mvn -B -DskipTests package jib:build -Djib.to.auth.username=$DOCKER_USER -Djib.to.auth.password=$DOCKER_TOKEN
diff --git a/pom.xml b/pom.xml
@@ -23,6 +23,9 @@
         <palantir.version>2.58.0</palantir.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <slf4j-api.version>2.0.17</slf4j-api.version>
+        <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+        <sonar.organization>michelin</sonar.organization>
+        <sonar.projectKey>michelin_kafka-streams-processing-error-handling</sonar.projectKey>
         <spotless-maven-plugin.version>2.44.5</spotless-maven-plugin.version>
     </properties>
 
@@ -117,6 +120,20 @@
                             <endWithNewline />
                         </sortPom>
                     </pom>
+                    <yaml>
+                        <includes>
+                            <include>src/main/resources/*.yml</include>
+                            <include>src/test/resources/*.yml</include>
+                        </includes>
+                        <jackson>
+                            <features>
+                                <ORDER_MAP_ENTRIES_BY_KEYS>true</ORDER_MAP_ENTRIES_BY_KEYS>
+                            </features>
+                            <yamlFeatures>
+                                <WRITE_DOC_START_MARKER>false</WRITE_DOC_START_MARKER>
+                            </yamlFeatures>
+                        </jackson>
+                    </yaml>
                 </configuration>
                 <executions>
                     <execution>
