DOPS-3309: Add sonar & defectdojo analysis (#440)

* Add sonar & defectdojo analysis Signed-off-by: BAStos525 <[email protected]> * fix sonar key Signed-off-by: BAStos525 <[email protected]> * ci: redice gradlew commands amount Signed-off-by: BAStos525 <[email protected]> --------- Signed-off-by: BAStos525 <[email protected]> Signed-off-by: BAStos525 <[email protected]>
hyperledger-iroha · Nov 14, 2024 · 29e5694 · 29e5694
1 parent 6558191
commit 29e5694
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 12 deletions.
diff --git a/.github/workflows/iroha2-pr.yml b/.github/workflows/iroha2-pr.yml
@@ -5,8 +5,8 @@ on:
     branches: [ iroha2-dev, iroha2-main ]
 jobs:
   build:
-    runs-on: self-hosted
-    
+    runs-on: ubuntu-latest
+
     env:
       IROHA_IMAGE_TAG: "2.0.0-pre-rc.22.2" # Place "dev" to run on the last iroha
 

diff --git a/.github/workflows/iroha2.yml b/.github/workflows/iroha2.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
@@ -23,8 +23,26 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
           restore-keys: |
             ${{ runner.os }}-gradle-
-      - name: Build with Gradle
-        run: ./gradlew build
+      - name: Build with Gradle & Sonarqube analysis
+        run: |
+          ./gradlew build
+          ./gradlew jacocoTestReport
+          ./gradlew sonar -Dsonar.token=${{ secrets.SONAR_TOKEN }}
+      - name: DefectDojo
+        if: always()
+        uses: C4tWithShell/[email protected]
+        with:
+          token: ${{ secrets.DEFECTOJO_TOKEN }}
+          defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
+          product_type: iroha2
+          engagement: ${{ github.ref_name }}
+          tools: "SonarQube API Import,Github Vulnerability Scan"
+          sonar_projectKey: iroha2-java
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_repository: ${{ github.repository }}
+          product: ${{ github.repository }}
+          environment: Test
+          reports: '{"Github Vulnerability Scan": "github.json"}'
       - name: Cleanup Gradle Cache
         # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
         # Restoring these files from a GitHub Actions cache might cause problems for future builds.

diff --git a/build.gradle b/build.gradle
@@ -15,6 +15,8 @@ plugins {
     id 'org.jmailen.kotlinter' version "$kotlinLinterVer"
     id 'maven-publish'
     id 'com.github.johnrengelman.shadow' version '8.1.1'
+    id 'org.sonarqube' version "5.1.0.4882"
+    id 'jacoco'
 }
 
 allprojects {
@@ -30,6 +32,7 @@ subprojects {
     apply plugin: 'org.jetbrains.kotlin.jvm'
     apply plugin: 'org.jmailen.kotlinter'
     apply plugin: 'com.github.johnrengelman.shadow'
+    apply plugin: 'jacoco'
 
     publishing {
         publications {
@@ -53,10 +56,6 @@ subprojects {
     group = 'jp.co.soramitsu.iroha2-java'
     version = 'git rev-parse --short HEAD'.execute().text.trim()
 
-    test {
-        useJUnitPlatform()
-    }
-
     java {
         toolchain {
             languageVersion = JavaLanguageVersion.of(8)
@@ -96,6 +95,36 @@ subprojects {
     // uncomment to produce shadowJar build by default
     // it is disabled by default to publish original version by CI, not a fat jar
     tasks.shadowJar.enabled = false
+
+    test {
+        useJUnitPlatform()
+    }
+
+    jacocoTestReport {
+        reports {
+            xml.required = true
+        }
+    }
+
+    plugins.withType(JacocoPlugin) {
+        tasks["test"].finalizedBy 'jacocoTestReport'
+    }
+
+    sonar {
+        properties {
+            property "sonar.projectKey", "iroha-java"
+            property "sonar.host.url", "https://sonar.katana.soramitsu.co.jp"
+            property "sonar.java.coveragePlugin", "jacoco"
+            property "sonar.projectName", "${project.group}:${rootProject.name}.${project.name}"
+            property "sonar.sources", "${project.projectDir}/src/main/kotlin"
+            // exclude projects with no tests
+            if (project.name != "codegen" && project.name != "model" && project.name != "tutorial") {
+                property "sonar.tests", "${project.projectDir}/src/test"
+            }
+            property "sonar.java.test.binaries", "${project.projectDir}/build/test-results/test/binary"
+            property "sonar.junit.reportPaths", "${project.projectDir}/build/test-results/test/"
+        }
+    }
 }
 
 task allShadowJars {

diff --git a/examples/tutorial/build.gradle.kts b/examples/tutorial/build.gradle.kts
@@ -10,3 +10,12 @@ dependencies {
     implementation(project(":block"))
     api(project(":admin-client"))
 }
+
+tasks.jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+    mustRunAfter(":codegen:jacocoTestReport")
+    mustRunAfter(":model:jacocoTestReport")
+    mustRunAfter(":test-tools:jacocoTestReport")
+}
diff --git a/gradle.properties b/gradle.properties
@@ -13,8 +13,9 @@ i2pCryptoEddsa=0.3.0
 multihashVersion=1.3.0
 googleTinkVer=1.9.0
 # testing
-testContainersVer=1.18.3
+testContainersVer=1.20.3
 junitVersion=5.9.3
 # logging
 logbackVer=1.2.3
 org.gradle.jvmargs=-XX:MetaspaceSize=128M -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
+systemProp.sonar.host.url=https://sonar.katana.soramitsu.co.jp
diff --git a/modules/block/build.gradle b/modules/block/build.gradle
@@ -7,3 +7,7 @@ dependencies {
     testImplementation "org.jetbrains.kotlin:kotlin-test-junit5:$kotlinVer"
     testImplementation "org.jetbrains.kotlin:kotlin-test:$kotlinVer"
 }
+
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+}
diff --git a/modules/client/build.gradle b/modules/client/build.gradle
@@ -31,3 +31,8 @@ dependencies {
 
     testApi project(":test-tools")
 }
+
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+}
diff --git a/modules/codegen/build.gradle b/modules/codegen/build.gradle
@@ -20,3 +20,9 @@ task generate(type: JavaExec) {
     args "schemaFileName=schema.json"
     finalizedBy ':model:formatKotlin'
 }
+
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+}
diff --git a/modules/model/build.gradle b/modules/model/build.gradle
@@ -0,0 +1,6 @@
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+    mustRunAfter(":codegen:jacocoTestReport")
+}
diff --git a/modules/test-tools/build.gradle b/modules/test-tools/build.gradle
@@ -18,6 +18,10 @@ dependencies {
     testImplementation "org.jetbrains.kotlin:kotlin-test:$kotlinVer"
 }
 
-test {
-    useJUnitPlatform()
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+    mustRunAfter(":codegen:jacocoTestReport")
+    mustRunAfter(":model:jacocoTestReport")
 }