Add GitHub Actions and Sonar support

ePages-deGH-235

Author: jmewes

.github/workflows/publish.yml

@@ -0,0 +1,41 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - "*"
+ 
+jobs:
+  publish:
+    name: Publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Test
+        run: ./ci_test.sh
+      - name: Publish to Gradle Plugin Portal
+        env:
+          GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }}
+          GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }}
+        run: ./ci_publish_gradle.sh
+      - name: Publish to Maven Central
+        env:
+          FILE_ENCRYPTION_PASSWORD: ${{ secrets.FILE_ENCRYPTION_PASSWORD }}
+          SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
+          SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+        run: ./ci_publish.sh

.github/workflows/test.yml

@@ -0,0 +1,38 @@
+name: Test
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Test
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./ci_test.sh

.gitignore

@@ -2,6 +2,7 @@
 .gradle/
 .*
 !.gitignore
+!.github/
 .settings/
 build/
 out/

build.gradle.kts

@@ -1,19 +1,18 @@
 
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
-import org.kt3k.gradle.plugin.CoverallsPluginExtension
 import pl.allegro.tech.build.axion.release.domain.TagNameSerializationConfig
 import pl.allegro.tech.build.axion.release.domain.hooks.HooksConfig
 
 
 plugins {
-    id("com.github.kt3k.coveralls") version "2.12.0"
+    `maven-publish`
     id("io.github.gradle-nexus.publish-plugin") version "1.0.0"
     id("org.jmailen.kotlinter") version "3.3.0" apply false
+    id("org.sonarqube") version "4.0.0.2929"
     id("pl.allegro.tech.build.axion-release") version "1.9.2"
     jacoco
     java
     kotlin("jvm") version "1.7.22" apply false
-    `maven-publish`
 }
 
 repositories {
@@ -85,12 +84,6 @@ subprojects {
     }
 }
 
-//coverall multi module plugin configuration starts here
-configure<CoverallsPluginExtension> {
-    sourceDirs = nonSampleProjects.flatMap { it.sourceSets["main"].allSource.srcDirs }.filter { it.exists() }.map { it.path }
-    jacocoReportPath = "$buildDir/reports/jacoco/jacocoRootReport/jacocoRootReport.xml"
-}
-
 tasks {
     val jacocoMerge by creating(JacocoMerge::class) {
         executionData = files(nonSampleProjects.map { File(it.buildDir, "/jacoco/test.exec") })
@@ -115,11 +108,19 @@ tasks {
             xml.isEnabled = true
         }
     }
-    getByName("coveralls").dependsOn(jacocoRootReport)
+    getByName("sonar").dependsOn(jacocoRootReport)
 }
 
 nexusPublishing {
     repositories {
         sonatype ()
     }
 }
+
+sonar {
+    properties {
+        property("sonar.projectKey", "ePages-de_restdocs-api-spec")
+        property("sonar.organization", "epages-de")
+        property("sonar.host.url", "https://sonarcloud.io")
+    }
+}

ci_build.sh

@@ -1,4 +1,15 @@
 #!/bin/bash
 set -e
 
+function check_variable_set() {
+  _VARIABLE_NAME=$1
+	_VARIABLE_VALUE=${!_VARIABLE_NAME}
+	if [[ -z ${_VARIABLE_VALUE} ]]; then
+		echo "Missing env variable ${_VARIABLE_NAME}"
+		exit 1
+	fi
+}
+check_variable_set GRADLE_PUBLISH_KEY
+check_variable_set GRADLE_PUBLISH_SECRET
+
 ./gradlew publishPlugins -p restdocs-api-spec-gradle-plugin

ci_publish_gradle.sh

@@ -1,16 +1,39 @@
 #!/bin/bash
-set -e
 
-openssl aes-256-cbc -K $encrypted_7b7bcfd5be68_key -iv $encrypted_7b7bcfd5be68_iv \
-  -in secret-keys.gpg.enc \
-  -out "${SIGNING_KEYRING_FILE}" \
-  -d
+set -e # Exit with nonzero exit code if anything fails
 
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+SECRET_KEYS_FILE="${SCRIPT_DIR}/secret-keys.gpg"
+
+function check_variable_set() {
+  _VARIABLE_NAME=$1
+	_VARIABLE_VALUE=${!_VARIABLE_NAME}
+	if [[ -z ${_VARIABLE_VALUE} ]]; then
+		echo "Missing env variable ${_VARIABLE_NAME}"
+		exit 1
+	fi
+}
+check_variable_set FILE_ENCRYPTION_PASSWORD
+check_variable_set SIGNING_KEY_ID
+check_variable_set SIGNING_PASSWORD
+check_variable_set SONATYPE_USERNAME
+check_variable_set SONATYPE_PASSWORD
+
+# Decrypt signing key
+gpg --quiet --batch --yes --decrypt --passphrase="${FILE_ENCRYPTION_PASSWORD}" \
+	--output ${SECRET_KEYS_FILE} secret-keys.gpg.enc
+
+if [[ ! -f "${SECRET_KEYS_FILE}" ]]; then
+	echo "File ${SECRET_KEYS_FILE} does not exist"
+	exit 1
+fi
+
+# Publish
 ./gradlew publishToSonatype \
-  --info \
+	--info \
   --exclude-task :restdocs-api-spec-gradle-plugin:publishToSonatype \
-  -Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \
-  -Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \
-  -Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \
-  -Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \
-  -Dorg.gradle.project.signing.secretKeyRingFile="${SIGNING_KEYRING_FILE}"
+	-Dorg.gradle.project.sonatypeUsername="${SONATYPE_USERNAME}" \
+	-Dorg.gradle.project.sonatypePassword="${SONATYPE_PASSWORD}" \
+	-Dorg.gradle.project.signing.keyId="${SIGNING_KEY_ID}" \
+	-Dorg.gradle.project.signing.password="${SIGNING_PASSWORD}" \
+	-Dorg.gradle.project.signing.secretKeyRingFile="${SECRET_KEYS_FILE}"

ci_publish_java.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e # Exit with nonzero exit code if anything fails
+
+if [[ -n "${SONAR_TOKEN}" ]]; then
+  SONAR_GRADLE_TASK="sonar"
+else
+  echo "INFO: Skipping sonar analysis as SONAR_TOKEN is not set"
+fi
+
+./gradlew  \
+  clean \
+  ${SONAR_GRADLE_TASK} \
+  build \
+  --info