Add Sonar analysis to repository

jonas-wielage-sonarsource · jonas-wielage-sonarsource · commit 36010c511378 · 2025-12-12T14:57:12.000+01:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -25,17 +25,36 @@ jobs:
       - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
         with:
           version: 2025.7.12
+
       - name: get secrets
         id: secrets
         uses: SonarSource/vault-action-wrapper@v3
         with:
           secrets: |
             development/kv/data/develocity token | DEVELOCITY_TOKEN;
 
-      # The SonarSource/ci-github-actions/build-gradle fails because of no access to ARTIFACTORY_DEPLOY_USERNAME
-      # it is not needed in this case, so the Gradle is called directly
-      - name: Build with Gradle
+      - name: Create Gradle User Home
+        shell: bash
+        run: |
+          export GRADLE_USER_HOME=${GITHUB_WORKSPACE}/.gradle
+          mkdir -p ${GRADLE_USER_HOME}
+          echo "GRADLE_USER_HOME=${GRADLE_USER_HOME}" >> $GITHUB_ENV
+          export TODAY=$(date '+%Y-%m-%d')
+          echo "TODAY=${TODAY}" >> $GITHUB_ENV
+          find . -name '*.gradle.kts' -type f -exec md5sum {} \; | sort && md5sum gradle/libs.versions.toml && md5sum gradle/wrapper/gradle-wrapper.properties && md5sum gradle.properties > gradle-md5-sums.txt 
+          export GRADLE_CACHE_KEY=$(md5sum gradle-md5-sums.txt | awk '{ print $1 }')
+          echo "GRADLE_CACHE_KEY=${GRADLE_CACHE_KEY}" >> $GITHUB_ENV
+          rm gradle-md5-sums.txt
+      - name: Cache Gradle Dependencies
+        uses: SonarSource/ci-github-actions/cache@v1
+        with:
+          path: ${{ env.GRADLE_USER_HOME }}
+          key: gradle-${{ env.GRADLE_CACHE_KEY }}
+
+      - uses: SonarSource/ci-github-actions/build-gradle@v1
         env:
           DEVELOCITY_ACCESS_KEY: develocity-public.sonar.build=${{ fromJSON(steps.secrets.outputs.vault).DEVELOCITY_TOKEN }}
-        run: |
-          ./gradlew build
+        with:
+          deploy: false
+          use-develocity: true
+          artifactory-reader-role: private-reader
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -0,0 +1,26 @@
+/*
+ * SonarSource Cloud Native Gradle Modules
+ * Copyright (C) 2024-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+plugins {
+    id("org.sonarqube") version "7.2.0.6526"
+}
+
+sonar {
+    properties {
+        property("sonar.projectKey", "SonarSource_cloud-native-gradle-modules")
+        property("sonar.organization", "sonarsource")
+    }
+}
diff --git a/gradle.properties b/gradle.properties
@@ -1,3 +1,7 @@
+group=org.sonarsource.cloudnative.gradle
+version=1.0-SNAPSHOT
+description=Common Gradle modules for multiple projects
+projectTitle=Cloud Security Gradle Modules
 org.gradle.caching=true
 
 org.gradle.jvmargs=-XX:MaxMetaspaceSize=512m
