From a3d659de5c05e7f5239fa0301de928842d173123 Mon Sep 17 00:00:00 2001 From: Dusan Date: Thu, 29 Jan 2026 19:01:55 +0100 Subject: [PATCH 01/12] feat: Added SonarQube code analysis into pipeline --- .github/workflows/pr-check.yml | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index e6f3777..6512459 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -24,4 +24,36 @@ jobs: uses: gradle/actions/setup-gradle@v4 - name: Build with Gradle - run: ./gradlew clean build \ No newline at end of file + run: ./gradlew clean build + + sonarcloud: + name: SonarCloud Analysis + needs: build + runs-on: ubuntu-latest + + steps: + - name: Checkout code (full history for PR analysis) + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up JDK 25 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '25' + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: > + -Dsonar.host.url=https://sonarcloud.io + -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} + -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} + -Dsonar.sources=. + -Dsonar.java.binaries=**/build/classes/java/main + -Dsonar.java.test.binaries=**/build/classes/java/test + -Dsonar.junit.reportPaths=**/build/test-results/test \ No newline at end of file From ab8714af2b16d479dd0112e57d58cce96e57fc00 Mon Sep 17 00:00:00 2001 From: Dusan Date: Thu, 29 Jan 2026 19:13:31 +0100 Subject: [PATCH 02/12] fix: sonarqube pipeline fix --- .github/workflows/pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 6512459..bd8c261 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -28,7 +28,7 @@ jobs: sonarcloud: name: SonarCloud Analysis - needs: build + needs: build-and-test runs-on: ubuntu-latest steps: From 7d482c097b05bb3d650f0c6fdb93d82416963d2f Mon Sep 17 00:00:00 2001 From: Dusan Date: Thu, 29 Jan 2026 19:23:20 +0100 Subject: [PATCH 03/12] fix: sonarqube job --- .github/workflows/pr-check.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index bd8c261..3645af8 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -42,6 +42,12 @@ jobs: with: distribution: 'temurin' java-version: '25' + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v4 + + - name: Build + run: ./gradlew -x test clean assemble - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v2 @@ -56,4 +62,6 @@ jobs: -Dsonar.sources=. -Dsonar.java.binaries=**/build/classes/java/main -Dsonar.java.test.binaries=**/build/classes/java/test - -Dsonar.junit.reportPaths=**/build/test-results/test \ No newline at end of file + -Dsonar.junit.reportPaths=**/build/test-results/test + -Dsonar.java.coveragePlugin=jacoco + -Dsonar.coverage.jacoco.xmlReportPaths=**/build/reports/jacoco/test/jacocoTestReport.xml \ No newline at end of file From c3980f31fed71ed0899127c3f576df53881e7bca Mon Sep 17 00:00:00 2001 From: Dusan Date: Thu, 29 Jan 2026 19:29:05 +0100 Subject: [PATCH 04/12] fix: SonarQube job --- .github/workflows/pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 3645af8..c4bae24 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -47,7 +47,7 @@ jobs: uses: gradle/actions/setup-gradle@v4 - name: Build - run: ./gradlew -x test clean assemble + run: ./gradlew clean test jacocoTestReport assemble - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v2 From 60dface72ea7452fc313eb2ef8c8b7cbbcbd6850 Mon Sep 17 00:00:00 2001 From: Dusan Date: Thu, 29 Jan 2026 19:33:23 +0100 Subject: [PATCH 05/12] fix: remove test coverages --- .github/workflows/pr-check.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index c4bae24..dc6527d 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -47,7 +47,7 @@ jobs: uses: gradle/actions/setup-gradle@v4 - name: Build - run: ./gradlew clean test jacocoTestReport assemble + run: ./gradlew -x test clean assemble - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v2 @@ -62,6 +62,4 @@ jobs: -Dsonar.sources=. -Dsonar.java.binaries=**/build/classes/java/main -Dsonar.java.test.binaries=**/build/classes/java/test - -Dsonar.junit.reportPaths=**/build/test-results/test - -Dsonar.java.coveragePlugin=jacoco - -Dsonar.coverage.jacoco.xmlReportPaths=**/build/reports/jacoco/test/jacocoTestReport.xml \ No newline at end of file + -Dsonar.junit.reportPaths=**/build/test-results/test \ No newline at end of file From ca8f8fe96c33f720b8312efb45587e11410fc0d4 Mon Sep 17 00:00:00 2001 From: Dusan Date: Thu, 29 Jan 2026 19:37:33 +0100 Subject: [PATCH 06/12] fix: value for java binaries --- .github/workflows/pr-check.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index dc6527d..f8a0548 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -60,6 +60,6 @@ jobs: -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.sources=. - -Dsonar.java.binaries=**/build/classes/java/main - -Dsonar.java.test.binaries=**/build/classes/java/test - -Dsonar.junit.reportPaths=**/build/test-results/test \ No newline at end of file + -Dsonar.java.binaries=build/classes/java/main + -Dsonar.java.test.binaries=build/classes/java/test + -Dsonar.junit.reportPaths=build/test-results/test \ No newline at end of file From 6effb379979279e03acbc67b6fa31dcec0a7fce5 Mon Sep 17 00:00:00 2001 From: Dusan Date: Sat, 7 Feb 2026 15:32:46 +0100 Subject: [PATCH 07/12] fix: remove double java setup and double build --- .github/workflows/pr-check.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index f8a0548..b0abbc4 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -42,12 +42,12 @@ jobs: with: distribution: 'temurin' java-version: '25' - - - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 - - - name: Build - run: ./gradlew -x test clean assemble + + - name: Download build artifacts + uses: actions/download-artifact@v4 + with: + name: build-output + path: build - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v2 From 35142d7f489df0c0fdb39dc1b7e5b61bd4b9507b Mon Sep 17 00:00:00 2001 From: Dusan Date: Sat, 7 Feb 2026 15:35:59 +0100 Subject: [PATCH 08/12] fix: build path --- .github/workflows/pr-check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index b0abbc4..d51f45d 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -46,8 +46,8 @@ jobs: - name: Download build artifacts uses: actions/download-artifact@v4 with: - name: build-output - path: build + name: build-artifact + path: build/libs - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v2 From 4c3e9191157a7e3e9ff7571cf8bd70e58234cba4 Mon Sep 17 00:00:00 2001 From: Dusan Date: Sat, 7 Feb 2026 15:39:30 +0100 Subject: [PATCH 09/12] fix: add missing upload artifacts step --- .github/workflows/pr-check.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index d51f45d..5815874 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -26,6 +26,13 @@ jobs: - name: Build with Gradle run: ./gradlew clean build + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: build-artifact + path: build/libs/*.jar + retention-days: 1 + sonarcloud: name: SonarCloud Analysis needs: build-and-test From e7771ab789ca7efe061631bc09be202f078647e4 Mon Sep 17 00:00:00 2001 From: Dusan Date: Sat, 7 Feb 2026 15:43:01 +0100 Subject: [PATCH 10/12] fix: add build artifacts to correct path for SonarCloud analysis --- .github/workflows/pr-check.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 5815874..3cba3d5 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -30,7 +30,10 @@ jobs: uses: actions/upload-artifact@v4 with: name: build-artifact - path: build/libs/*.jar + path: | + build/classes + build/libs + build/test-results retention-days: 1 sonarcloud: From d7116d99346b2eacd13d9e363e47fa788bcc0816 Mon Sep 17 00:00:00 2001 From: Dusan Date: Sat, 7 Feb 2026 15:45:14 +0100 Subject: [PATCH 11/12] fix: download artifact path for sonar analysis --- .github/workflows/pr-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 3cba3d5..6f37c0e 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -57,7 +57,7 @@ jobs: uses: actions/download-artifact@v4 with: name: build-artifact - path: build/libs + path: build - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v2 From 1019bc1d4ab66fafc72a3e217883041bd32b5630 Mon Sep 17 00:00:00 2001 From: Dusan Date: Sat, 7 Feb 2026 16:19:16 +0100 Subject: [PATCH 12/12] fix: use commit SHA has for third party dependancy --- .github/workflows/pr-check.yml | 4 ++-- .../com/devoops/backend_poc/controller/TestController.java | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 6f37c0e..8ff5094 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -21,7 +21,7 @@ jobs: java-version: '25' - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0b6dd653ba04f4f93bf581ec31e66cbd7dcb644d - name: Build with Gradle run: ./gradlew clean build @@ -60,7 +60,7 @@ jobs: path: build - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@v2 + uses: SonarSource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/src/main/java/com/devoops/backend_poc/controller/TestController.java b/src/main/java/com/devoops/backend_poc/controller/TestController.java index be5de38..4c973cc 100644 --- a/src/main/java/com/devoops/backend_poc/controller/TestController.java +++ b/src/main/java/com/devoops/backend_poc/controller/TestController.java @@ -33,4 +33,5 @@ public String test() { MDC.remove("requestId"); } } + } \ No newline at end of file