- ALM used (GitHub)
- CI system used (Azure DevOps)
- Languages of the repository - Java 11
- Steps to reproduce
build.yaml file
name: Build
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Cache SonarCloud packages
uses: actions/cache@v1
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent verify sonar:sonar
Console output while running the build
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- jacoco-maven-plugin:0.8.5:report (report) @ test-spring-boot ---
[INFO] Loading execution data file /home/runner/work/test-spring-boot/test-spring-boot/target/jacoco.exec
[INFO] Analyzed bundle 'test-spring-boot' with 9 classes
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ test-spring-boot ---
[INFO] Building jar: /home/runner/work/test-spring-boot/test-spring-boot/target/test-spring-boot-0.0.1-SNAPSHOT.jar
[INFO]
[INFO] --- spring-boot-maven-plugin:2.4.3:repackage (repackage) @ test-spring-boot ---
[INFO] Replacing main artifact with repackaged archive
[INFO]
[INFO] ------------------< com.zemosolabs:test-spring-boot >-------------------
[INFO] Building test-spring-boot 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:3.8.0.2131:sonar (default-cli) @ test-spring-boot ---
[INFO] User cache: /home/runner/.sonar/cache
[INFO] SonarQube version: 8.5.0
[INFO] Default locale: "en", source code encoding: "UTF-8"
[INFO] Load global settings
[INFO] Load global settings (done) | time=752ms
[INFO] Server id: 1BD809FA-AWHW8ct9-T_TB3XqouNu
[INFO] User cache: /home/runner/.sonar/cache
[INFO] Load/download plugins
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=257ms
[INFO] Load/download plugins (done) | time=520ms
[INFO] Loaded core extensions: developer-scanner
[INFO] JavaScript/TypeScript frontend is enabled
[INFO] Found an active CI vendor: 'Github Actions'
[INFO] Load project settings for component key: 'zemoso-int_test-spring-boot'
[INFO] Load project settings for component key: 'zemoso-int_test-spring-boot' (done) | time=149ms
[INFO] Process project properties
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=2ms
[INFO] Project key: zemoso-int_test-spring-boot
[INFO] Base dir: /home/runner/work/test-spring-boot/test-spring-boot
[INFO] Working dir: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar
[INFO] Load project branches
[INFO] Load project branches (done) | time=135ms
[INFO] Check ALM binding of project 'zemoso-int_test-spring-boot'
[INFO] Detected project binding: BOUND
[INFO] Check ALM binding of project 'zemoso-int_test-spring-boot' (done) | time=141ms
[INFO] Load project pull requests
[INFO] Load project pull requests (done) | time=11633ms
[INFO] Load branch configuration
[INFO] Github event: push
[INFO] Auto-configuring branch master
[INFO] Load branch configuration (done) | time=303ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=191ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=17174ms
[INFO] Organization key: zemoso-int
[INFO] Branch name: master, type: long-lived
[INFO] Indexing files...
[INFO] Project configuration:
[INFO] 16 files indexed
[INFO] 0 files ignored because of scm ignore settings
[INFO] Quality profile for java: Sonar way
[INFO] Quality profile for xml: Sonar way
[INFO] ------------- Run sensors on module test-spring-boot
[INFO] JavaScript/TypeScript frontend is enabled
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=135ms
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 11
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=5ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=1ms
[INFO] Java Main Files AST scan
[INFO] 12 source files to be analyzed
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=148ms
[INFO] 12/12 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=2829ms
[INFO] Java Test Files AST scan
[INFO] 3 source files to be analyzed
[INFO] Java Test Files AST scan (done) | time=399ms
[INFO] Java Generated Files AST scan
[INFO] 0 source files to be analyzed
[INFO] Java Generated Files AST scan (done) | time=6ms
[INFO] 3/3 source files have been analyzed
[INFO] Sensor JavaSquidSensor [java] (done) | time=3642ms
[INFO] Sensor SonarCSS Rules [cssfamily]
[INFO] No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
[INFO] Sensor SonarCSS Rules [cssfamily] (done) | time=1ms
[INFO] Sensor C# Project Type Information [csharp]
[INFO] Sensor C# Project Type Information [csharp] (done) | time=0ms
[INFO] Sensor C# Properties [csharp]
[INFO] Sensor C# Properties [csharp] (done) | time=1ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [/home/runner/work/test-spring-boot/test-spring-boot/target/surefire-reports]
[INFO] 0/0 source files have been analyzed
[INFO] Sensor SurefireSensor [java] (done) | time=176ms
[INFO] Sensor JavaXmlSensor [java]
[INFO] 1 source files to be analyzed
[INFO] 1/1 source files have been analyzed
[INFO] Sensor JavaXmlSensor [java] (done) | time=188ms
[INFO] Sensor HTML [web]
[INFO] Sensor HTML [web] (done) | time=3ms
[INFO] Sensor XML Sensor [xml]
[INFO] 1 source file to be analyzed
[INFO] 1/1 source file has been analyzed
[INFO] Sensor XML Sensor [xml] (done) | time=131ms
[INFO] Sensor VB.NET Project Type Information [vbnet]
[INFO] Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
[INFO] Sensor VB.NET Properties [vbnet]
[INFO] Sensor VB.NET Properties [vbnet] (done) | time=1ms
[INFO] Sensor JaCoCo XML Report Importer [jacoco]
[INFO] Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
[INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=16ms
[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend]
[INFO] Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=3ms
[INFO] Sensor JavaSecuritySensor [security]
[INFO] Reading type hierarchy from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/java
[INFO] Read 45 type definitions
[INFO] Reading UCFGs from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/java
[INFO] 06:35:01.487269 Building Runtime Type propagation graph
[INFO] 06:35:01.492958 Running Tarjan on 67 nodes
[INFO] 06:35:01.494391 Tarjan found 67 components
[INFO] 06:35:01.496046 Variable type analysis: done
[INFO] 06:35:01.496565 Building Runtime Type propagation graph
[INFO] 06:35:01.497996 Running Tarjan on 67 nodes
[INFO] 06:35:01.498361 Tarjan found 67 components
[INFO] 06:35:01.498644 Variable type analysis: done
[INFO] Analyzing 16 ucfgs to detect vulnerabilities.
[INFO] All rules entrypoints : 0 Retained UCFGs : 0
[INFO] rule: S5131, entrypoints: 0
[INFO] rule: S5131 done
[INFO] rule: S3649, entrypoints: 0
[INFO] rule: S3649 done
[INFO] rule: S2076, entrypoints: 0
[INFO] rule: S2076 done
[INFO] rule: S2091, entrypoints: 0
[INFO] rule: S2091 done
[INFO] rule: S2078, entrypoints: 0
[INFO] rule: S2078 done
[INFO] rule: S2631, entrypoints: 0
[INFO] rule: S2631 done
[INFO] rule: S5135, entrypoints: 0
[INFO] rule: S5135 done
[INFO] rule: S2083, entrypoints: 0
[INFO] rule: S2083 done
[INFO] rule: S5167, entrypoints: 0
[INFO] rule: S5167 done
[INFO] rule: S5144, entrypoints: 0
[INFO] rule: S5144 done
[INFO] rule: S5145, entrypoints: 0
[INFO] rule: S5145 done
[INFO] rule: S5146, entrypoints: 0
[INFO] rule: S5146 done
[INFO] rule: S5334, entrypoints: 0
[INFO] rule: S5334 done
[INFO] rule: S6096, entrypoints: 0
[INFO] rule: S6096 done
[INFO] Sensor JavaSecuritySensor [security] (done) | time=387ms
[INFO] Sensor CSharpSecuritySensor [security]
[INFO] Reading type hierarchy from: /home/runner/work/test-spring-boot/test-spring-boot/target/ucfg_cs2
[INFO] Read 0 type definitions
[INFO] Reading UCFGs from: /home/runner/work/test-spring-boot/test-spring-boot/target/ucfg_cs2
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor CSharpSecuritySensor [security] (done) | time=1ms
[INFO] Sensor PhpSecuritySensor [security]
[INFO] Reading type hierarchy from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/php
[INFO] Read 0 type definitions
[INFO] Reading UCFGs from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/php
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor PhpSecuritySensor [security] (done) | time=1ms
[INFO] Sensor PythonSecuritySensor [security]
[INFO] Reading type hierarchy from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/python
[INFO] Read 0 type definitions
[INFO] Reading UCFGs from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/python
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor PythonSecuritySensor [security] (done) | time=1ms
[INFO] Sensor JsSecuritySensor [security]
[INFO] Reading type hierarchy from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/js
[INFO] Read 0 type definitions
[INFO] Reading UCFGs from: /home/runner/work/test-spring-boot/test-spring-boot/target/sonar/ucfg2/js
[INFO] No UCFGs have been included for analysis.
[INFO] Sensor JsSecuritySensor [security] (done) | time=1ms
[INFO] ------------- Run sensors on project
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=10ms
[INFO] Sensor Java CPD Block Indexer
[INFO] Sensor Java CPD Block Indexer (done) | time=28ms
[INFO] CPD Executor 7 files had no CPD blocks
[INFO] CPD Executor Calculating CPD for 5 files
[INFO] CPD Executor CPD calculation finished (done) | time=7ms
[INFO] Analysis report generated in 1558ms, dir size=224 KB
[INFO] Analysis report compressed in 43ms, zip size=69 KB
[INFO] Analysis report uploaded in 562ms
[INFO] ANALYSIS SUCCESSFUL, you can find the results at: https://sonarcloud.io/dashboard?id=zemoso-int_test-spring-boot&branch=master
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] More about the report processing at https://sonarcloud.io/api/ce/task?id=AXhYpODYgrc6fF571QW2
[INFO] Analysis total time: 40.173 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:23 min
[INFO] Finished at: 2021-03-22T06:35:04Z
[INFO] ------------------------------------------------------------------------
Maven properties
<properties>
<java.version>11</java.version>
<testcontainers.version>1.15.2</testcontainers.version>
<immutables.version>2.8.3</immutables.version>
<guava.version>19.0</guava.version>
<gson.version>2.8.6</gson.version>
<sonar.projectKey>zemoso-int_test-spring-boot</sonar.projectKey>
<sonar.organization>zemoso-int</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
</properties>
Maven build configuration
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.5</version>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>prepare-package</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>