Sonarcloud Analysis once a week. (#5137)

* fixing the sonarcloud building in gha
* update to temurin 17
* adds checksums on sonarqube plugins
* ignore generated for spdx
* runs at midnight Tuesday mornings UTC

---------

Signed-off-by: Joshua Fernandes <joshua.fernandes@consensys.net>
Signed-off-by: Justin Florentine <justin+github@florentine.us>
Co-authored-by: Joshua Fernandes <joshua.fernandes@consensys.net>

.github/workflows/sonarcloud.yml

@@ -0,0 +1,42 @@
+
+name: SonarCloud analysis
+
+on:
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    # expression evaluates to midnight on Tuesdays UTC
+    - cron:  '0 0 * * 2'
+
+permissions:
+  pull-requests: read # allows SonarCloud to decorate PRs with analysis results
+
+jobs:
+  Analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build sonarqube --info
+

build.gradle

@@ -28,8 +28,21 @@ plugins {
   id 'me.champeau.jmh' version '0.6.6' apply false
   id 'net.ltgt.errorprone' version '2.0.2'
   id 'maven-publish'
+  id 'org.sonarqube' version '3.4.0.2513'
 }
 
+sonarqube {
+  properties {
+    property "sonar.projectKey", "hyperledger_besu"
+    property "sonar.organization", "hyperledger"
+    property "sonar.host.url", "https://sonarcloud.io"
+    property "sonar.coverage.jacoco.xmlReportPaths", "${buildDir}/reports/jacoco/jacocoRootReport/jacocoRootReport.xml"
+    property "sonar.coverage.exclusions", "acceptance-tests/**/*"
+  }
+}
+
+project.tasks["sonarqube"].dependsOn "jacocoRootReport"
+
 if (!JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
   throw new GradleException("Java 17 or later is required to build Besu.\n" +
   "  Detected version ${JavaVersion.current()}")
@@ -862,7 +875,7 @@ task checkSpdxHeader(type: CheckSpdxHeader) {
     "(.*/.idea/.*)",
     "(.*/out/.*)",
     "(.*/build/.*)",
-    "(.*/src/[^/]+/generated/.*)",
+    "(.*/src/[^/]+/generated/.*)"
   ].join("|")
 
 }

gradle.properties

@@ -2,7 +2,7 @@ version=23.1.1-SNAPSHOT
 
 org.gradle.welcome=never
 # Set exports/opens flags required by Google Java Format and ErrorProne plugins. (JEP-396)
-org.gradle.jvmargs=-Xmx2g \
+org.gradle.jvmargs=-Xmx4g \
 --add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED \
 --add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED \
 --add-exports jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED \

gradle/verification-metadata.xml

@@ -5365,6 +5365,37 @@
             <sha256 value="1482650cbe31e408c1dc89021cbae1d3044ad4a01bf8f62ba360b6a813a13124" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="org.sonarqube" name="org.sonarqube.gradle.plugin" version="3.4.0.2513">
+         <artifact name="org.sonarqube.gradle.plugin-3.4.0.2513.pom">
+            <sha256 value="df74d25d61fd80da10275ce10677358baccd4f05075e8f93edda9ca31afc2546" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonarsource.parent" name="parent" version="59.0.29">
+         <artifact name="parent-59.0.29.pom">
+            <sha256 value="7d2dc7aec9f250ede1c8cdc4cdb563b2ed6c49e209b70024f9f62822d876952a" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonarsource.scanner.api" name="sonar-scanner-api" version="2.16.2.588">
+         <artifact name="sonar-scanner-api-2.16.2.588.jar">
+            <sha256 value="4df4526499760242c2d5d76ee8bc38326b4549c344e034e12bc392d2b8a618ac" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="sonar-scanner-api-2.16.2.588.pom">
+            <sha256 value="d8c866f087da23f3fa729522cb32864d54d366dd6ce6b400abd657af5bba9010" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonarsource.scanner.api" name="sonar-scanner-api-parent" version="2.16.2.588">
+         <artifact name="sonar-scanner-api-parent-2.16.2.588.pom">
+            <sha256 value="c532bb8678ecd5c5e45da5d00211eb67541e9a5ea465b67ba91307b0390b137a" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
+      <component group="org.sonarsource.scanner.gradle" name="sonarqube-gradle-plugin" version="3.4.0.2513">
+         <artifact name="sonarqube-gradle-plugin-3.4.0.2513.jar">
+            <sha256 value="7574088c0b2c260c0cd07952cee88d1931490e79d3253849170b9a0538cdf910" origin="Generated by Gradle"/>
+         </artifact>
+         <artifact name="sonarqube-gradle-plugin-3.4.0.2513.pom">
+            <sha256 value="9673b20fe9f96d83c3cac425b396b703a99113eb8765d2682ad716aa1e42b668" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="org.sonatype.forge" name="forge-parent" version="4">
          <artifact name="forge-parent-4.pom">
             <sha256 value="1838d132479005b4b7459b798e9d9915515090c288082fdcd86db0b10983a24c" origin="Generated by Gradle"/>

gradlew

@@ -86,7 +86,7 @@ APP_NAME="Gradle"
 APP_BASE_NAME=${0##*/}
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+DEFAULT_JVM_OPTS='"-Xmx1024m" "-Xms256m"'
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum