SonarCloud: Initial Configuration

2025-07-16 12:45:48 +00:00 · 2025-06-20 17:11:18 +01:00 · 2025-06-20 17:11:18 +01:00 · 3a8c157e47
commit 3a8c157e47
parent cefaf55dd1
2 changed files with 70 additions and 0 deletions
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@ -0,0 +1,44 @@
+name: SonarCloud Analysis
+
+on:
+  push:
+    branches: [ main, master, develop, sonarqube ]
+  pull_request:
+    branches: [ main, master ]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud Analysis
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Shallow clones should be disabled for better analysis
+    
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+    
+    - name: Cache SonarCloud packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+    
+    - name: Cache Maven packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2
+        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+        restore-keys: ${{ runner.os }}-m2
+    
+    - name: Build and analyze with Maven
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=your-project-key
--- a/pom.xml
+++ b/pom.xml
@ -37,6 +37,27 @@
    <nohttp-checkstyle.version>0.0.11</nohttp-checkstyle.version>
    <spring-format.version>0.0.46</spring-format.version>

+    <!-- SonarCloud properties -->
+    <sonar.organization>mtech-software-solutions</sonar.organization>
+    <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+    <sonar.projectKey>mtech-software-solutions</sonar.projectKey>
+    <sonar.projectName>spring-petclinic</sonar.projectName>
+    
+    <!-- Coverage exclusions for SonarCloud -->
+    <sonar.coverage.exclusions>
+        **/config/**,
+        **/dto/**,
+        **/entity/**,
+        **/exception/**,
+        **/*Application.java,
+        **/target/**
+    </sonar.coverage.exclusions>
+    
+    <!-- Test exclusions -->
+    <sonar.cpd.exclusions>
+        **/test/**
+    </sonar.cpd.exclusions>
+
  </properties>

  <dependencies>
@ -265,6 +286,11 @@
          </execution>
        </executions>
      </plugin>
+      <plugin>
+        <groupId>org.sonarsource.scanner.maven</groupId>
+        <artifactId>sonar-maven-plugin</artifactId>
+        <version>3.10.0.2594</version>
+      </plugin>

      <!-- Spring Boot Actuator displays build-related information if a git.properties file is
      present at the classpath -->