From d0145c0572a6b3433f9d7a5eecc3ad0c1a07555d Mon Sep 17 00:00:00 2001 From: Temitope Sobulo <70235883+temmy234@users.noreply.github.com> Date: Fri, 19 Sep 2025 20:20:09 +0200 Subject: [PATCH 1/6] Create build.yml --- .github/workflows/build.yml | 85 +++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..8558934 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,85 @@ +name: Build +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: + sonarqube: + name: SonarQube + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v5 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarCloud analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# Free for open source project. + +# 1. Login to SonarCloud.io using your GitHub account + +# 2. Import your project on SonarCloud +# * Add your GitHub organization first, then add your repository as a new project. +# * Please note that many languages are eligible for automatic analysis, +# which means that the analysis will start automatically without the need to set up GitHub Actions. +# * This behavior can be changed in Administration > Analysis Method. +# +# 3. Follow the SonarCloud in-product tutorial +# * a. Copy/paste the Project Key and the Organization Key into the args parameter below +# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) +# +# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN +# (On SonarCloud, click on your avatar on top-right > My account > Security +# or go directly to https://sonarcloud.io/account/security/) + +# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) + +name: SonarCloud analysis + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Analyze with SonarCloud + + # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@v2.2.0 + uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the SonarScanner CLI + args: + # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) + # mandatory + -Dsonar.projectKey= + -Dsonar.organization= + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false + # When you need the analysis to take place in a directory other than the one from which it was launched, default is . + projectBaseDir: . From 1e1d67987a46aa300aa1376cdbf5a3c20ba563de Mon Sep 17 00:00:00 2001 From: Temitope Sobulo <70235883+temmy234@users.noreply.github.com> Date: Fri, 19 Sep 2025 20:21:23 +0200 Subject: [PATCH 2/6] Create sonar-project.properties --- sonar-project.properties | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..a03e949 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,14 @@ +sonar.projectKey=temmy234_Hotel-Management-Project-Java +sonar.organization=temmy234 + + +# This is the name and version displayed in the SonarCloud UI. +#sonar.projectName=Hotel-Management-Project-Java +#sonar.projectVersion=1.0 + + +# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. +#sonar.sources=. + +# Encoding of the source code. Default is default system encoding +#sonar.sourceEncoding=UTF-8 From cb42741ecb502c61095b475a3b1edcc05c0be6c5 Mon Sep 17 00:00:00 2001 From: Temitope Sobulo <70235883+temmy234@users.noreply.github.com> Date: Fri, 19 Sep 2025 20:33:54 +0200 Subject: [PATCH 3/6] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8558934..23dcfc4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,7 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}# This workflow uses actions that are not certified by GitHub. + SONAR_TOKEN: ${{ f8e8a897ec0e720fa5d3e746a8b2680b4faee98f }}# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. From 446d5231080a169655735daa88c2dff2b6ee87f7 Mon Sep 17 00:00:00 2001 From: Temitope Sobulo <70235883+temmy234@users.noreply.github.com> Date: Fri, 19 Sep 2025 20:37:08 +0200 Subject: [PATCH 4/6] Update build.yml --- .github/workflows/build.yml | 66 ------------------------------------- 1 file changed, 66 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 23dcfc4..37c99d1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,69 +17,3 @@ jobs: uses: SonarSource/sonarqube-scan-action@v5 env: SONAR_TOKEN: ${{ f8e8a897ec0e720fa5d3e746a8b2680b4faee98f }}# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow helps you trigger a SonarCloud analysis of your code and populates -# GitHub Code Scanning alerts with the vulnerabilities found. -# Free for open source project. - -# 1. Login to SonarCloud.io using your GitHub account - -# 2. Import your project on SonarCloud -# * Add your GitHub organization first, then add your repository as a new project. -# * Please note that many languages are eligible for automatic analysis, -# which means that the analysis will start automatically without the need to set up GitHub Actions. -# * This behavior can be changed in Administration > Analysis Method. -# -# 3. Follow the SonarCloud in-product tutorial -# * a. Copy/paste the Project Key and the Organization Key into the args parameter below -# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) -# -# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN -# (On SonarCloud, click on your avatar on top-right > My account > Security -# or go directly to https://sonarcloud.io/account/security/) - -# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) -# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) - -name: SonarCloud analysis - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - workflow_dispatch: - -permissions: - pull-requests: read # allows SonarCloud to decorate PRs with analysis results - -jobs: - Analysis: - runs-on: ubuntu-latest - - steps: - - name: Analyze with SonarCloud - - # You can pin the exact commit or the version. - # uses: SonarSource/sonarcloud-github-action@v2.2.0 - uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) - with: - # Additional arguments for the SonarScanner CLI - args: - # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) - # mandatory - -Dsonar.projectKey= - -Dsonar.organization= - # Comma-separated paths to directories containing main source files. - #-Dsonar.sources= # optional, default is project base directory - # Comma-separated paths to directories containing test source files. - #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ - # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. - #-Dsonar.verbose= # optional, default is false - # When you need the analysis to take place in a directory other than the one from which it was launched, default is . - projectBaseDir: . From 918392ad10e61d270229b8d8f9e661216e66eada Mon Sep 17 00:00:00 2001 From: Temitope Sobulo <70235883+temmy234@users.noreply.github.com> Date: Fri, 19 Sep 2025 20:45:57 +0200 Subject: [PATCH 5/6] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 37c99d1..453485a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,4 +16,4 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 env: - SONAR_TOKEN: ${{ f8e8a897ec0e720fa5d3e746a8b2680b4faee98f }}# This workflow uses actions that are not certified by GitHub. + SONAR_TOKEN: ${{ secrets.f8e8a897ec0e720fa5d3e746a8b2680b4faee98f }}# This workflow uses actions that are not certified by GitHub. From 37c17e8dbb40e3ea0d10eef8308ae906df012227 Mon Sep 17 00:00:00 2001 From: Temitope Sobulo <70235883+temmy234@users.noreply.github.com> Date: Fri, 19 Sep 2025 20:49:39 +0200 Subject: [PATCH 6/6] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 453485a..ca928d4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,4 +16,4 @@ jobs: - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v5 env: - SONAR_TOKEN: ${{ secrets.f8e8a897ec0e720fa5d3e746a8b2680b4faee98f }}# This workflow uses actions that are not certified by GitHub. + SONAR_TOKEN: ${{ secrets.7031307d734c026467455793a3bc989d79ed5cbc }}# This workflow uses actions that are not certified by GitHub.