diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5c86c0f..a9563c8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,25 +1,63 @@
# 本次构建的阶段: compile、package、deploy
-stages:
+stages :
+ - sonarqube-check
+ - sonarqube-vulnerability-report
- compile
- package
+sonarqube-check :
+ stage : sonarqube-check
+ image : maven:3-eclipse-temurin-17
+ variables :
+ SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
+ GIT_DEPTH : "0" # Tells git to fetch all the branches of the project, required by the analysis task
+ cache :
+ key : "${CI_JOB_NAME}"
+ paths:
+ - .sonar/cache
+ script :
+ - mvn verify sonar:sonar
+ allow_failure: true
+ only :
+ - merge_requests
+ - master
+ - main
+ - develop
+
+sonarqube-vulnerability-report:
+ stage : sonarqube-vulnerability-report
+ script :
+ - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=cmhi_commonframework_79d69580-8b80-4c2c-aff6-b289255ae16a&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
+ allow_failure: true
+ only :
+ - merge_requests
+ - master
+ - main
+ - develop
+ artifacts :
+ expire_in: 1 day
+ reports :
+ sast: gl-sast-sonar-report.json
+ dependencies :
+ - sonarqube-check
+
# 编译
-compile:
- stage: compile
- tags:
+compile :
+ stage : compile
+ tags :
- linux-maven
- only:
+ only :
- master
script:
- echo "=============== 开始编译任务 ==============="
- mvn compile
# 打包
-package:
- stage: package
- tags:
+package :
+ stage : package
+ tags :
- linux-maven
- only:
+ only :
- master
script:
- echo "=============== 开始打包任务 ==============="
diff --git a/pom.xml b/pom.xml
index a879f76..48e77e4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,6 +15,9 @@
CommonFramework
17
+ cmhi_commonframework_79d69580-8b80-4c2c-aff6-b289255ae16a
+ CommonFramework
+ true