From d5fbbda354f04113e2173c8e195a66b7080b45e9 Mon Sep 17 00:00:00 2001 From: MarcGiffing Date: Sun, 4 Dec 2022 22:03:44 +0100 Subject: [PATCH 1/7] Create sonarcloud.yml --- .github/workflows/sonarcloud.yml | 68 ++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 00000000..f15583d4 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,68 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarCloud analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# Free for open source project. + +# 1. Login to SonarCloud.io using your GitHub account + +# 2. Import your project on SonarCloud +# * Add your GitHub organization first, then add your repository as a new project. +# * Please note that many languages are eligible for automatic analysis, +# which means that the analysis will start automatically without the need to set up GitHub Actions. +# * This behavior can be changed in Administration > Analysis Method. +# +# 3. Follow the SonarCloud in-product tutorial +# * a. Copy/paste the Project Key and the Organization Key into the args parameter below +# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) +# +# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN +# (On SonarCloud, click on your avatar on top-right > My account > Security +# or go directly to https://sonarcloud.io/account/security/) + +# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) + +name: SonarCloud analysis + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Analyze with SonarCloud + + # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 + uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the sonarcloud scanner + args: + # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) + # mandatory + -Dsonar.projectKey= + -Dsonar.organization= + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # When you need the analysis to take place in a directory other than the one from which it was launched + #-Dsonar.projectBaseDir= # optional, default is . + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false From 59c28f2ccdf601b47fc13d99e4e39cc9fc35e356 Mon Sep 17 00:00:00 2001 From: Marc Giffing Date: Thu, 11 Jan 2024 20:19:23 +0100 Subject: [PATCH 2/7] try to fix the pipeline --- .github/workflows/sonarcloud.yml | 68 -------------------------------- 1 file changed, 68 deletions(-) delete mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml deleted file mode 100644 index f15583d4..00000000 --- a/.github/workflows/sonarcloud.yml +++ /dev/null @@ -1,68 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow helps you trigger a SonarCloud analysis of your code and populates -# GitHub Code Scanning alerts with the vulnerabilities found. -# Free for open source project. - -# 1. Login to SonarCloud.io using your GitHub account - -# 2. Import your project on SonarCloud -# * Add your GitHub organization first, then add your repository as a new project. -# * Please note that many languages are eligible for automatic analysis, -# which means that the analysis will start automatically without the need to set up GitHub Actions. -# * This behavior can be changed in Administration > Analysis Method. -# -# 3. Follow the SonarCloud in-product tutorial -# * a. Copy/paste the Project Key and the Organization Key into the args parameter below -# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) -# -# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN -# (On SonarCloud, click on your avatar on top-right > My account > Security -# or go directly to https://sonarcloud.io/account/security/) - -# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) -# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) - -name: SonarCloud analysis - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - workflow_dispatch: - -permissions: - pull-requests: read # allows SonarCloud to decorate PRs with analysis results - -jobs: - Analysis: - runs-on: ubuntu-latest - - steps: - - name: Analyze with SonarCloud - - # You can pin the exact commit or the version. - # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 - uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) - with: - # Additional arguments for the sonarcloud scanner - args: - # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) - # mandatory - -Dsonar.projectKey= - -Dsonar.organization= - # Comma-separated paths to directories containing main source files. - #-Dsonar.sources= # optional, default is project base directory - # When you need the analysis to take place in a directory other than the one from which it was launched - #-Dsonar.projectBaseDir= # optional, default is . - # Comma-separated paths to directories containing test source files. - #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ - # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. - #-Dsonar.verbose= # optional, default is false From 282370b0e1df96f50e1198f5afc0c5bf4446e255 Mon Sep 17 00:00:00 2001 From: MarcGiffing Date: Thu, 11 Jan 2024 20:25:57 +0100 Subject: [PATCH 3/7] Create maven.yml --- .github/workflows/maven.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/maven.yml diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml new file mode 100644 index 00000000..afe4fe30 --- /dev/null +++ b/.github/workflows/maven.yml @@ -0,0 +1,35 @@ +# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Java CI with Maven + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + cache: maven + - name: Build with Maven + run: mvn -B package --file pom.xml + + # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive + - name: Update dependency graph + uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 From ec413fff41bc6495c6e48810e937df0d6ea879c4 Mon Sep 17 00:00:00 2001 From: Marc Giffing Date: Thu, 11 Jan 2024 20:26:35 +0100 Subject: [PATCH 4/7] try to fix the pipeline --- .github/workflows/lift.yml | 118 ------------------------------------- 1 file changed, 118 deletions(-) delete mode 100644 .github/workflows/lift.yml diff --git a/.github/workflows/lift.yml b/.github/workflows/lift.yml deleted file mode 100644 index 38d3a3cb..00000000 --- a/.github/workflows/lift.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: Lift - -on: [pull_request, workflow_dispatch] - -jobs: - analyze_src: - name: Source Branch Analysis - runs-on: ubuntu-latest - container: - image: musedev/analyst - credentials: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - # - name: Setup build environment - # env: - # nexus_token: ${{ secrets.MY_NEXUS_TOKEN }} - # run: | - # ... put shell script to create .m2/settings.xml - # .... put shell script to install build dependencies if needed - - name: Produce src artifact - run: | - if [[ -z "$GITHUB_BASE_REF" ]] ; then - echo "This is not a pull request." - echo "Look for any result in the 'Destination Branch Analysis' job" - else - export SRC_SHA=$(cat $GITHUB_EVENT_PATH | jq -r -j .pull_request.head.sha) - export DST_SHA=$(cat $GITHUB_EVENT_PATH | jq -r -j .pull_request.base.sha) - analyst -t "$GITHUB_WORKSPACE" -C $SRC_SHA > lift-src-results.json - cat lift-src-results.json | jq . | sed 's/\\n/\n/g' - echo -n "$SRC_SHA" > lift-commit - echo -n "Source commit: " ; cat lift-commit ; echo "" - echo "SRC_SHA -> DST_SHA: $SRC_SHA -> $DST_SHA" - git -C $GITHUB_WORKSPACE diff ${DST_SHA}..${SRC_SHA} > lift.git.diff - fi - - name: Upload src artifact - uses: actions/upload-artifact@v2 - with: - name: lift_src_results - path: lift* - - analyze_dst: - name: Destination Branch Analysis - runs-on: ubuntu-latest - container: - image: musedev/analyst - credentials: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - # - name: Setup build environment - # env: - # nexus_token: ${{ secrets.MY_NEXUS_TOKEN }} - # run: | - # ... put shell script to create .m2/settings.xml - # .... put shell script to install build dependencies if needed - - name: Produce dst artifact - run: | - if [ -z "$GITHUB_BASE_REF" ] ; then - export DST_SHA="$GITHUB_SHA" - else - export DST_SHA=$(cat $GITHUB_EVENT_PATH | jq -r -j .pull_request.base.sha) - fi - analyst -t "$GITHUB_WORKSPACE" -C $DST_SHA > lift-dst-results.json - cat lift-dst-results.json | jq . | sed 's/\\n/\n/g' - - name: Upload dst artifact - uses: actions/upload-artifact@v2 - with: - name: lift_dst_results - path: lift-dst-results.json - - unify_results: - name: Distill Result - needs: [analyze_src, analyze_dst] - runs-on: ubuntu-latest - container: - image: musedev/github-comment-composer - credentials: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - steps: - - name: Get Dst - uses: actions/download-artifact@v2 - with: - name: lift_dst_results - - name: Get Src - uses: actions/download-artifact@v2 - with: - name: lift_src_results - - name: Combine - run: | - github-comment-composer lift.git.diff lift-src-results.json lift-dst-results.json > github-comments.json - - name: Post comments - uses: actions/github-script@v4 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const { promises: fs } = require('fs') - const commit = await fs.readFile('lift-commit', 'utf8') - console.log('Commit for comment: ' + commit) - const comments = await fs.readFile('github-comments.json', 'utf8') - console.log('Comments string (raw): ' + comments) - for(const comment of JSON.parse(comments)) { - console.log('Comment: ' + comment) - github.pulls.createReviewComment({ - ...comment, - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number, - commit_id: commit, - }); - } From cac445adb33dd12360b4e98076aa956eacaf13c5 Mon Sep 17 00:00:00 2001 From: Marc Giffing Date: Thu, 11 Jan 2024 20:39:28 +0100 Subject: [PATCH 5/7] try to fix the pipeline --- wicket-spring-boot-starter-example/pom.xml | 37 +--------------------- 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/wicket-spring-boot-starter-example/pom.xml b/wicket-spring-boot-starter-example/pom.xml index df0d704a..d256b500 100644 --- a/wicket-spring-boot-starter-example/pom.xml +++ b/wicket-spring-boot-starter-example/pom.xml @@ -85,7 +85,7 @@ de.agilecoders.wicket jquery-selectors - 2.0.9 + 2.0.11 org.liquibase @@ -113,7 +113,6 @@ org.hibernate hibernate-jpamodelgen - 5.0.5.Final provided @@ -179,40 +178,6 @@ org.springframework.boot spring-boot-maven-plugin - - maven-compiler-plugin - - 1.8 - 1.8 - -proc:none - - - - org.bsc.maven - maven-processor-plugin - ${maven-processor-plugin.version} - - - process - - process - - generate-sources - - - org.hibernate.jpamodelgen.JPAMetaModelEntityProcessor - - - - - - - org.hibernate - hibernate-jpamodelgen - 5.0.5.Final - - - From 576ee478907a6c209987ebf5b65839ee233b2067 Mon Sep 17 00:00:00 2001 From: MarcGiffing Date: Thu, 11 Jan 2024 20:41:44 +0100 Subject: [PATCH 6/7] Update maven.yml --- .github/workflows/maven.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index afe4fe30..f7367e0d 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -21,10 +21,10 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set up JDK 17 + - name: Set up JDK 11 uses: actions/setup-java@v3 with: - java-version: '17' + java-version: '11' distribution: 'temurin' cache: maven - name: Build with Maven From 10d47912079b243a927670dad49cfd0c6217ec01 Mon Sep 17 00:00:00 2001 From: MarcGiffing Date: Thu, 11 Jan 2024 20:54:33 +0100 Subject: [PATCH 7/7] Update maven.yml --- .github/workflows/maven.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index f7367e0d..55b6b20d 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -31,5 +31,5 @@ jobs: run: mvn -B package --file pom.xml # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive - - name: Update dependency graph - uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 + #- name: Update dependency graph + # uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6