Skip to content

Bump org.sonarqube from 6.3.1.5724 to 7.0.0.6105 (#651) #339

Bump org.sonarqube from 6.3.1.5724 to 7.0.0.6105 (#651)

Bump org.sonarqube from 6.3.1.5724 to 7.0.0.6105 (#651) #339

Workflow file for this run

name: Build
on:
push:
branches:
- 'master'
pull_request:
branches:
- 'master'
- 'hotfix/v*.*.*'
schedule:
- cron: '0 5 * * 1'
jobs:
build:
name: Build
runs-on: ubuntu-latest
outputs:
current_version: ${{ steps.metadata.outputs.current_version }}
steps:
- name: Checkout project
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: Lint
run: ./gradlew spotlessCheck
- name: Build
run: ./gradlew build --info
- name: Publish test report
if: always()
uses: mikepenz/action-junit-report@v5
with:
report_paths: '**/build/test-results/test/TEST-*.xml'
- name: Sonar
if: github.event.pull_request.head.repo.fork == false
run: ./gradlew jacocoTestReport sonar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Grype source code
id: grype_source_code
uses: anchore/scan-action@v7
with:
path: .
fail-build: true
severity-cutoff: high
only-fixed: true
- name: Upload Grype source code report
if: always() && steps.grype_source_code.outputs.sarif != ''
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ steps.grype_source_code.outputs.sarif }}
category: source-code
- name: Metadata
id: metadata
run: echo current_version=$(echo $(./gradlew properties --no-daemon --console=plain -q | grep "^version:" | awk '{printf $2}')) >> $GITHUB_OUTPUT
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ns4kafka
path: build/libs/ns4kafka-${{ steps.metadata.outputs.current_version }}.jar
build-docker:
name: Build Docker ${{ matrix.platform }}
runs-on: ubuntu-latest
needs: build
strategy:
matrix:
platform: [ 'linux/amd64', 'linux/arm64' ]
steps:
- name: Checkout project
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Download artifact
uses: actions/download-artifact@v5
with:
name: ns4kafka
path: build/libs
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Metadata
id: metadata
run: |
platform_slug=$(echo ${{ matrix.platform }} | sed 's/\//-/g')
echo platform_slug=$platform_slug >> $GITHUB_OUTPUT
echo image_name=michelin/ns4kafka:${{ needs.build.outputs.current_version }}-$(echo ${{ matrix.platform }} | sed 's/\//-/g') >> $GITHUB_OUTPUT
- name: Docker build
uses: docker/build-push-action@v6
with:
context: .
file: .docker/Dockerfile
platforms: ${{ matrix.platform }}
push: false
load: true
tags: ${{ steps.metadata.outputs.image_name }}
env:
DOCKER_BUILD_SUMMARY: false
- name: Grype Docker image
id: grype_docker_image
uses: anchore/scan-action@v7
with:
image: ${{ steps.metadata.outputs.image_name }}
fail-build: true
severity-cutoff: high
only-fixed: true
- name: Upload Grype Docker image report
if: always() && steps.grype_docker_image.outputs.sarif != ''
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ steps.grype_docker_image.outputs.sarif }}
category: docker-image-${{ steps.metadata.outputs.platform_slug }}
push-docker:
name: Push Docker
runs-on: ubuntu-latest
needs: [ build, build-docker ]
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout project
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Download artifact
uses: actions/download-artifact@v5
with:
name: ns4kafka
path: build/libs
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker login
uses: docker/login-action@v3
with:
username: ${{ secrets.MICHELIN_DOCKER_HUB_USERNAME }}
password: ${{ secrets.MICHELIN_DOCKER_HUB_PASSWD }}
- name: Docker push
uses: docker/build-push-action@v6
with:
context: .
file: .docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: michelin/ns4kafka:${{ needs.build.outputs.current_version }}
env:
DOCKER_BUILD_SUMMARY: false