Add sonar & defectdojo analysis

Signed-off-by: BAStos525 <jungle.vas@yandex.ru>
hyperledger-iroha · Oct 15, 2024 · 99d0b9c · 99d0b9c
1 parent bf6bac1
commit 99d0b9c
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 4 deletions.
diff --git a/.github/workflows/iroha2-pr.yml b/.github/workflows/iroha2-pr.yml
@@ -3,12 +3,12 @@ name: Iroha2-java pull requests workflow
 on:
   pull_request:
     branches: [ iroha2-dev, iroha2-main ]
+
 jobs:
   build:
     runs-on: ubuntu-latest
-
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
@@ -23,8 +23,23 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
           restore-keys: |
             ${{ runner.os }}-gradle-
-      - name: Build with Gradle
-        run: ./gradlew build --info
+      - name: Build with Gradle & Sonarqube analysis
+        run: ./gradlew build testCoverage sonar -Dsonar.token=${{ secrets.SONAR_TOKEN }} --info
+      - name: DefectDojo
+        if: always()
+        uses: C4tWithShell/defectdojo-action@1.0.4
+        with:
+          token: ${{ secrets.DEFECTOJO_TOKEN }}
+          defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
+          product_type: iroha2
+          engagement: ${{ github.ref_name }}
+          tools: "SonarQube API Import,Github Vulnerability Scan"
+          sonar_projectKey: hyperledger:iroha-java
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_repository: ${{ github.repository }}
+          product: ${{ github.repository }}
+          environment: Test
+          reports: '{"Github Vulnerability Scan": "github.json"}'
       - name: Upload build reports
         if: failure()
         uses: actions/upload-artifact@v3

diff --git a/build.gradle b/build.gradle
@@ -15,6 +15,8 @@ plugins {
     id 'org.jmailen.kotlinter' version "$kotlinLinterVer"
     id 'maven-publish'
     id 'com.github.johnrengelman.shadow' version '8.1.1'
+    id 'org.sonarqube' version "5.1.0.4882"
+    id 'jacoco'
 }
 
 allprojects {
@@ -30,6 +32,7 @@ subprojects {
     apply plugin: 'org.jetbrains.kotlin.jvm'
     apply plugin: 'org.jmailen.kotlinter'
     apply plugin: 'com.github.johnrengelman.shadow'
+    apply plugin: 'jacoco'
 
     publishing {
         publications {
@@ -105,3 +108,71 @@ task allShadowJars {
 check {
     dependsOn "installKotlinterPrePushHook"
 }
+
+jacoco {
+    toolVersion = "0.8.8"
+    reportsDirectory = file("$buildDir/reports/")
+}
+
+task testCoverage(type: JacocoReport) {
+    executionData fileTree(project.rootDir.absolutePath).include("**/build/jacoco/*.exec")
+
+    subprojects.each {
+        sourceSets it.sourceSets.main
+    }
+
+    reports {
+        xml.required = true
+        html.required = true
+    }
+}
+
+test {
+    useJUnitPlatform()
+    dependsOn testCoverage
+}
+
+sonar {
+    properties {
+      property "sonar.projectKey", "hyperledger:iroha-java"
+      property "sonar.host.url", "https://sonar.katana.soramitsu.co.jp"
+      property "sonar.projectName", "${project.group}:${rootProject.name}.${project.name}"
+      property "sonar.sources", "${project.projectDir}/src/main/java"
+      property "sonar.tests", "${project.projectDir}/src/test"
+      property "sonar.java.test.binaries", "${project.projectDir}/build/test-results/test/binary"
+      property "sonar.junit.reportPaths", "${project.projectDir}/build/test-results/test/"
+      property "sonar.coverage.jacoco.xmlReportPaths", "${project.projectDir}/build/reports/testCoverage/*.xml"
+    }
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":admin-client:processTestResources"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":block:compileTestKotlin"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":block:test"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":block:processTestResources"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":client:processTestResources"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":codegen:test"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":model:test"
+}
+
+tasks.named('testCoverage') {
+    dependsOn ":test-tools:processTestResources"
+}
diff --git a/gradle.properties b/gradle.properties
@@ -18,3 +18,4 @@ junitVersion=5.9.3
 # logging
 logbackVer=1.2.3
 org.gradle.jvmargs=-XX:MetaspaceSize=128M -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
+systemProp.sonar.host.url=https://sonar.katana.soramitsu.co.jp