DOPS-3309: Add sonar & defectdojo analysis (#440)

* Add sonar & defectdojo analysis

Signed-off-by: BAStos525 <[email protected]>

* fix sonar key

Signed-off-by: BAStos525 <[email protected]>

* ci: redice gradlew commands amount

Signed-off-by: BAStos525 <[email protected]>

---------

Signed-off-by: BAStos525 <[email protected]>
Signed-off-by: BAStos525 <[email protected]>

Author: BAStos525

.github/workflows/iroha2-pr.yml

@@ -5,8 +5,8 @@ on:
     branches: [ iroha2-dev, iroha2-main ]
 jobs:
   build:
-    runs-on: self-hosted
-    
+    runs-on: ubuntu-latest
+
     env:
       IROHA_IMAGE_TAG: "2.0.0-pre-rc.22.2" # Place "dev" to run on the last iroha
 

.github/workflows/iroha2.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
@@ -23,8 +23,26 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
           restore-keys: |
             ${{ runner.os }}-gradle-
-      - name: Build with Gradle
-        run: ./gradlew build
+      - name: Build with Gradle & Sonarqube analysis
+        run: |
+          ./gradlew build
+          ./gradlew jacocoTestReport
+          ./gradlew sonar -Dsonar.token=${{ secrets.SONAR_TOKEN }}
+      - name: DefectDojo
+        if: always()
+        uses: C4tWithShell/[email protected]
+        with:
+          token: ${{ secrets.DEFECTOJO_TOKEN }}
+          defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
+          product_type: iroha2
+          engagement: ${{ github.ref_name }}
+          tools: "SonarQube API Import,Github Vulnerability Scan"
+          sonar_projectKey: iroha2-java
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_repository: ${{ github.repository }}
+          product: ${{ github.repository }}
+          environment: Test
+          reports: '{"Github Vulnerability Scan": "github.json"}'
       - name: Cleanup Gradle Cache
         # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
         # Restoring these files from a GitHub Actions cache might cause problems for future builds.

build.gradle

@@ -15,6 +15,8 @@ plugins {
     id 'org.jmailen.kotlinter' version "$kotlinLinterVer"
     id 'maven-publish'
     id 'com.github.johnrengelman.shadow' version '8.1.1'
+    id 'org.sonarqube' version "5.1.0.4882"
+    id 'jacoco'
 }
 
 allprojects {
@@ -30,6 +32,7 @@ subprojects {
     apply plugin: 'org.jetbrains.kotlin.jvm'
     apply plugin: 'org.jmailen.kotlinter'
     apply plugin: 'com.github.johnrengelman.shadow'
+    apply plugin: 'jacoco'
 
     publishing {
         publications {
@@ -53,10 +56,6 @@ subprojects {
     group = 'jp.co.soramitsu.iroha2-java'
     version = 'git rev-parse --short HEAD'.execute().text.trim()
 
-    test {
-        useJUnitPlatform()
-    }
-
     java {
         toolchain {
             languageVersion = JavaLanguageVersion.of(8)
@@ -96,6 +95,36 @@ subprojects {
     // uncomment to produce shadowJar build by default
     // it is disabled by default to publish original version by CI, not a fat jar
     tasks.shadowJar.enabled = false
+
+    test {
+        useJUnitPlatform()
+    }
+
+    jacocoTestReport {
+        reports {
+            xml.required = true
+        }
+    }
+
+    plugins.withType(JacocoPlugin) {
+        tasks["test"].finalizedBy 'jacocoTestReport'
+    }
+
+    sonar {
+        properties {
+            property "sonar.projectKey", "iroha-java"
+            property "sonar.host.url", "https://sonar.katana.soramitsu.co.jp"
+            property "sonar.java.coveragePlugin", "jacoco"
+            property "sonar.projectName", "${project.group}:${rootProject.name}.${project.name}"
+            property "sonar.sources", "${project.projectDir}/src/main/kotlin"
+            // exclude projects with no tests
+            if (project.name != "codegen" && project.name != "model" && project.name != "tutorial") {
+                property "sonar.tests", "${project.projectDir}/src/test"
+            }
+            property "sonar.java.test.binaries", "${project.projectDir}/build/test-results/test/binary"
+            property "sonar.junit.reportPaths", "${project.projectDir}/build/test-results/test/"
+        }
+    }
 }
 
 task allShadowJars {

examples/tutorial/build.gradle.kts

@@ -10,3 +10,12 @@ dependencies {
     implementation(project(":block"))
     api(project(":admin-client"))
 }
+
+tasks.jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+    mustRunAfter(":codegen:jacocoTestReport")
+    mustRunAfter(":model:jacocoTestReport")
+    mustRunAfter(":test-tools:jacocoTestReport")
+}

gradle.properties

@@ -13,8 +13,9 @@ i2pCryptoEddsa=0.3.0
 multihashVersion=1.3.0
 googleTinkVer=1.9.0
 # testing
-testContainersVer=1.18.3
+testContainersVer=1.20.3
 junitVersion=5.9.3
 # logging
 logbackVer=1.2.3
 org.gradle.jvmargs=-XX:MetaspaceSize=128M -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
+systemProp.sonar.host.url=https://sonar.katana.soramitsu.co.jp

modules/block/build.gradle

@@ -7,3 +7,7 @@ dependencies {
     testImplementation "org.jetbrains.kotlin:kotlin-test-junit5:$kotlinVer"
     testImplementation "org.jetbrains.kotlin:kotlin-test:$kotlinVer"
 }
+
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+}

modules/client/build.gradle

@@ -31,3 +31,8 @@ dependencies {
 
     testApi project(":test-tools")
 }
+
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+}

modules/codegen/build.gradle

@@ -20,3 +20,9 @@ task generate(type: JavaExec) {
     args "schemaFileName=schema.json"
     finalizedBy ':model:formatKotlin'
 }
+
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+}

modules/model/build.gradle

@@ -0,0 +1,6 @@
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+    mustRunAfter(":codegen:jacocoTestReport")
+}

modules/test-tools/build.gradle

@@ -18,6 +18,10 @@ dependencies {
     testImplementation "org.jetbrains.kotlin:kotlin-test:$kotlinVer"
 }
 
-test {
-    useJUnitPlatform()
+jacocoTestReport {
+    mustRunAfter(":admin-client:jacocoTestReport")
+    mustRunAfter(":block:jacocoTestReport")
+    mustRunAfter(":client:jacocoTestReport")
+    mustRunAfter(":codegen:jacocoTestReport")
+    mustRunAfter(":model:jacocoTestReport")
 }