ci: 优化代码质量扫描配置

2025-11-04 09:01:37 +08:00 · 2024-01-30 23:20:07 +08:00
parent e4180fb976
commit c03c082d2e
3 changed files with 71 additions and 15 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -19,7 +19,7 @@ jobs:
        uses: actions/setup-java@master
        with:
          distribution: 'adopt'
-          java-version: '17'
+          java-version: 17
          cache: 'maven'
      # 3、打包
      - name: Build
@@ -59,7 +59,7 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}  # to check out the actual pull request commit, not the merge commit
          fetch-depth: 0 # a full history is required for pull request analysis
-      - name: Scan
+      - name: Analyze
        uses: JetBrains/qodana-action@v2023.3
        env:
          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
@@ -67,10 +67,29 @@ jobs:
  sonar-scan:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@master
        with:
          fetch-depth: 0
-      - name: Scan
-        uses: SonarSource/sonarcloud-github-action@master
+      - name: Setup Java
+        uses: actions/setup-java@master
+        with:
+          distribution: 'adopt'
+          java-version: 17
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Analyze
+        run: mvn -B verify -Psonar
        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}