diff --git a/.github/scripts/jacoco-to-cobertura.xsl b/.github/scripts/jacoco-to-cobertura.xsl
new file mode 100644
index 00000000..a93764ed
--- /dev/null
+++ b/.github/scripts/jacoco-to-cobertura.xsl
@@ -0,0 +1,167 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+
+ 0
+ 0.1
+ 0
+
+ .
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
+
+ 1
+
+
+ 0
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ % (
+
+ /
+
+ )
+
+
+
+ false
+
+
+
+
+
+
diff --git a/.github/workflows/basic_code_checks.yml b/.github/workflows/basic_code_checks.yml
index a5388fe3..eaf30230 100644
--- a/.github/workflows/basic_code_checks.yml
+++ b/.github/workflows/basic_code_checks.yml
@@ -57,6 +57,7 @@ jobs:
needs: license_compliance
permissions:
contents: write
+ code-quality: write
steps:
- name: Checkout repository
@@ -76,8 +77,24 @@ jobs:
distribution: temurin
java-version: 25
- - name: Build Maven project
- run: mvn clean verify
+ - name: Build Maven project and Sonar analysis
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+ -Dsonar.organization=decathlon \
+ -Dsonar.projectKey=Decathlon_internal-developer-platform \
+ -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \
+ -Dsonar.host.url=https://sonarcloud.io \
+ -B
+
+ - name: Upload code coverage to GitHub
+ uses: actions/upload-code-coverage@abb5995db9e0199b0e2bb9dbd136fce4cb1ec4d3 # v1
+ with:
+ file: target/cobertura.xml
+ language: Java
+ label: code-coverage/jacoco
- name: Upload built jar
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
diff --git a/.github/workflows/build_and_push.yml b/.github/workflows/build_and_push.yml
index 387ae029..bedfc8bc 100644
--- a/.github/workflows/build_and_push.yml
+++ b/.github/workflows/build_and_push.yml
@@ -9,15 +9,14 @@ on: # yamllint disable-line rule:truthy
description: 'Tag name for the release (e.g., v1.0.0)'
required: true
-permissions:
- contents: read
- id-token: write
-
jobs:
build-and-push:
runs-on: ubuntu-latest
name: Build and Push Docker Image
timeout-minutes: 20
+ permissions:
+ contents: read
+ id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
index 779c7bb9..4ece252c 100644
--- a/.github/workflows/copilot-setup-steps.yml
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -42,4 +42,4 @@ jobs:
- name: Install dependencies
working-directory: docs
run: |
- uv sync
+ uv sync --no-build --frozen
diff --git a/.github/workflows/deploy_docs.yml b/.github/workflows/deploy_docs.yml
index 2d33a98b..95bc5757 100644
--- a/.github/workflows/deploy_docs.yml
+++ b/.github/workflows/deploy_docs.yml
@@ -18,11 +18,6 @@ on: # yamllint disable-line rule:truthy
types: [created]
workflow_dispatch:
-permissions:
- contents: read
- pages: write
- id-token: write
-
concurrency:
group: "pages-${{ github.ref }}"
cancel-in-progress: false
@@ -31,6 +26,10 @@ jobs:
build:
name: Build Documentation
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pages: write
+ id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -48,12 +47,12 @@ jobs:
- name: Install dependencies
working-directory: docs
run: |
- uv sync
+ uv sync --no-build --frozen
- name: Build documentation
working-directory: docs
run: |
- uv run zensical build
+ uv run --no-build --frozen zensical build
- name: Check navigation links
run: |
@@ -77,6 +76,10 @@ jobs:
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
+ permissions:
+ contents: read
+ pages: write
+ id-token: write
steps:
- name: Deploy to GitHub Pages
id: deployment
diff --git a/.github/workflows/lint_pull_request_title.yml b/.github/workflows/lint_pull_request_title.yml
index 25e5a1b0..993b1c34 100644
--- a/.github/workflows/lint_pull_request_title.yml
+++ b/.github/workflows/lint_pull_request_title.yml
@@ -10,14 +10,13 @@ on: # yamllint disable-line rule:truthy
- edited
- synchronize
-permissions:
- pull-requests: write
- statuses: write
-
jobs:
lint-title:
name: Lint PR title
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
+ statuses: write
steps:
- name: Check PR title convention
diff --git a/pom.xml b/pom.xml
index a5e4c3e7..e19c2749 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,6 +24,7 @@
1.21.4
3.15.0
0.8.14
+ 1.1.0
1.5.5.Final
@@ -253,7 +254,7 @@
org.sonarsource.scanner.maven
sonar-maven-plugin
- 3.9.1.2184
+ 5.7.0.6970
@@ -314,6 +315,63 @@
+
+ com.google.code.maven-replacer-plugin
+ maven-replacer-plugin
+ 1.4.1
+
+
+ remove-dtd-from-jacoco
+
+ replace
+
+ verify
+
+ target/site/jacoco/jacoco.xml
+ true
+
+
+ <!DOCTYPE[^>]*>
+
+
+
+
+
+
+
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+ ${xml-maven-plugin.version}
+
+
+
+ ${project.build.directory}/site/jacoco
+
+ jacoco.xml
+
+ ${project.basedir}/.github/scripts/jacoco-to-cobertura.xsl
+ ${project.build.directory}
+
+
+ cobertura.xml
+
+
+
+
+
+
+
+ jacoco-to-cobertura
+
+ transform
+
+ verify
+
+
+
+
com.github.spotbugs
spotbugs-maven-plugin