.github/workflows/check.yml

name: Check code on pull requests & subsequent pushes

on:
  pull_request:
    branches:
      - trunk
  push:
    branches:
      - trunk

env:
  GITHUB_USERNAME: AntonOellerer

jobs:
  owasp:
    name: owasp
    runs-on: ubuntu-latest
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Java
        uses: actions/setup-java@v3.13.0
        with:
          java-version: 17
          distribution: 'zulu'
      - name: Run owasp dependency check
        uses: gradle/gradle-build-action@v2
        with:
          arguments: dependencyCheckAnalyze
      - name: Archive owasp check results
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: owasp-results
          path: build/reports/dependency-check-report.html
          retention-days: 5
  checkstyle:
    name: checkstyle
    runs-on: ubuntu-latest
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Java
        uses: actions/setup-java@v3.13.0
        with:
          java-version: 17
          distribution: 'zulu'
      - name: Run checkstyle
        uses: gradle/gradle-build-action@v2
        with:
          arguments: checkMain checkTest
      - name: Archive checkstyle results
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: checkstyle-results
          path: build/reports/checkstyle.html
          retention-days: 5
  tests:
    name: tests
    runs-on: ubuntu-latest
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Java
        uses: actions/setup-java@v3.13.0
        with:
          java-version: 17
          distribution: 'zulu'
      - name: Run tests
        uses: gradle/gradle-build-action@v2
        with:
          arguments: test
      - name: Archive test results
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: test-results
          path: build/reports/tests/test
          retention-days: 5
  sonarcloud:
    name: sonarcloud
    runs-on: ubuntu-20.04
    if: ${{ github.actor != 'dependabot[bot]' }}
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Setup Java
        uses: actions/setup-java@v3.13.0
        with:
          java-version: 17
          distribution: 'zulu'
      - name: Cache SonarCloud packages
        uses: actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Run sonarqube check
        uses: gradle/gradle-build-action@v2
        with:
          arguments: build sonarqube --info
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any