correct sonar.yml & gradle.properties for sonar analysis

Author: sraptis-scy

.github/workflows/sonar.yml

@@ -7,10 +7,97 @@ on:
   workflow_dispatch:
 
 jobs:
-  SAST_caller:
-    uses: eu-digital-identity-wallet/eudi-infra-ci/.github/workflows/sast_bt_testDebugUnitTestCoverage.yml@main
-    secrets:
+  check-secrets:
+    name: Check secrets presence
+    env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
-      DOJO_URL: ${{ secrets.DOJO_URL }}
+    runs-on: ubuntu-latest
+    steps:
+      - run: if [[ -z "$SONAR_TOKEN" ]]; then exit 1; fi
+
+  analysis:
+    name: Analysis
+    needs: check-secrets
+    env:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      DEFECT_DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }}
+      DEFECT_DOJO_URL: ${{ secrets.DOJO_URL }}
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "ORGANIZATION=${{ github.repository_owner}}" >> $GITHUB_ENV
+      - run: echo "PROJECT_KEY=${{ github.repository_owner}}_$(echo ${{ github.repository }} | sed 's/.*\///')" >> $GITHUB_ENV
+      - run: echo "SCAN_DATE=$(TZ='EET' date '+%Y-%m-%d')" >> $GITHUB_ENV
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-java@v5
+        with:
+          distribution: temurin
+          java-version: '17'
+      - uses: gradle/actions/wrapper-validation@v5
+      - uses: gradle/actions/setup-gradle@v5
+      - run: ./gradlew clean test koverXmlReport
+      - uses: sonarsource/[email protected]
+        if: (github.event_name == 'push'|| github.event_name == 'workflow_dispatch')
+        with:
+          projectBaseDir: ${{ github.workspace }}
+          args: >
+            -Dsonar.organization=${{ env.ORGANIZATION }}
+            -Dsonar.projectKey=${{ env.PROJECT_KEY }}
+            -Dsonar.scanner.skipJreProvisioning=true
+            -Dsonar.language=kotlin
+            -Dsonar.coverage.jacoco.xmlReportPaths=document-manager/build/reports/kover/report.xml
+            -Dsonar.kotlin.coverage.reportPaths=document-manager/build/reports/kover/report.xml
+            -Dsonar.kotlin.multiplatform.reportPaths=document-manager/build/reports/kover/report.xml
+            -Dsonar.sources=document-manager/src/main
+            -Dsonar.tests=document-manager/src/test
+            -Dsonar.java.binaries=document-manager/build/classes/kotlin/main
+            -Dsonar.kotlin.binaries=document-manager/build/classes/kotlin/main
+      - uses: sonarsource/[email protected]
+        if: (github.event_name == 'pull_request_target')
+        with:
+          projectBaseDir: ${{ github.workspace }}
+          args: >
+            -Dsonar.organization=${{ env.ORGANIZATION }}
+            -Dsonar.projectKey=${{ env.PROJECT_KEY }}
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+            -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
+            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
+            -Dsonar.scanner.skipJreProvisioning=true
+            -Dsonar.language=kotlin
+            -Dsonar.coverage.jacoco.xmlReportPaths=document-manager/build/reports/kover/report.xml
+            -Dsonar.kotlin.coverage.reportPaths=document-manager/build/reports/kover/report.xml
+            -Dsonar.kotlin.multiplatform.reportPaths=document-manager/build/reports/kover/report.xml
+            -Dsonar.sources=document-manager/src/main
+            -Dsonar.tests=document-manager/src/test
+            -Dsonar.java.binaries=document-manager/build/classes/kotlin/main
+            -Dsonar.kotlin.binaries=document-manager/build/classes/kotlin/main
+      - uses: actions/setup-node@v6
+        if: (github.repository_owner == 'eu-digital-identity-wallet' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch'))
+        with:
+          node-version: 18
+      - name: Publish Sonar Report
+        if: (github.repository_owner == 'eu-digital-identity-wallet' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch'))
+        run: |
+          npm cache clean --force
+          npm install -g [email protected]
+          sonar-report \
+            --sonarurl="https://sonarcloud.io" \
+            --sonarorganization="${{ env.ORGANIZATION }}" \
+            --branch="${{ github.ref_name }}" \
+            --sonartoken="${{ secrets.SONAR_TOKEN }}" \
+            --output sonarreport.html \
+            --application="${{ env.PROJECT_KEY }}" \
+            --sonarcomponent="${{ env.PROJECT_KEY }}"
+          curl -X POST "${{ env.DEFECT_DOJO_URL }}/api/v2/reimport-scan/" \
+            -H "Authorization: Token $DEFECT_DOJO_TOKEN" \
+            -F "active=true" \
+            -F "scan_type=SonarQube Scan detailed" \
+            -F "minimum_severity=Info" \
+            -F "skip_duplicates=true" \
+            -F "close_old_findings=true" \
+            -F "[email protected]" \
+            -F "scan_date=${{ env.SCAN_DATE }}" \
+            -F "auto_create_context=True" \
+            -F "product_name=${{ github.repository }}-${{ github.ref_name }}" \
+            -F "engagement_name=Static Application Security Testing - ${{ github.repository }}-${{ github.ref_name }}"

gradle.properties

@@ -40,8 +40,7 @@ android.nonTransitiveRClass=true
 
 systemProp.sonar.host.url=https://sonarcloud.io
 systemProp.sonar.gradle.skipCompile=true
-systemProp.sonar.coverage.reportPaths=build/reports/kover/xml/report.xml
-systemProp.sonar.projectName=eudi-lib-android-wallet-document-manager
+
 VERSION_NAME=0.13.0-SNAPSHOT
 
 SONATYPE_HOST=CENTRAL_PORTAL