This is an automated email from the ASF dual-hosted git repository.
jamesbognar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/juneau.git
The following commit(s) were added to refs/heads/master by this push:
new 0732b5d68 More website
0732b5d68 is described below
commit 0732b5d68018760e91ece13f02b6890e6b5be347
Author: James Bognar <[email protected]>
AuthorDate: Sat Sep 27 09:06:51 2025 -0400
More website
---
.github/workflows/sonarcloud.yml | 82 ++++++++++++++++++++++++++
README.md | 28 +++++----
SONARCLOUD_SETUP.md | 120 ++++++++++++++++++++++++++++++++++++++
juneau-docs/src/pages/security.md | 27 +++++++--
pom.xml | 6 ++
sonar-project.properties | 48 +++++++++++++++
6 files changed, 292 insertions(+), 19 deletions(-)
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 000000000..cddb83367
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,82 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+name: SonarCloud Analysis
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ branches: [ master ]
+ schedule:
+ - cron: '0 2 * * 1' # Run every Monday at 2 AM UTC
+
+jobs:
+ sonarcloud:
+ name: SonarCloud Analysis
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0 # Shallow clones should be disabled for better
analysis
+
+ - name: Set up JDK 17
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'temurin'
+ java-version: '17'
+
+ - name: Cache SonarQube packages
+ uses: actions/cache@v3
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+ restore-keys: ${{ runner.os }}-sonar
+
+ - name: Cache Maven dependencies
+ uses: actions/cache@v3
+ with:
+ path: ~/.m2
+ key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+ restore-keys: ${{ runner.os }}-m2
+
+ - name: Build and analyze
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR
information, if any
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ run: |
+ mvn clean verify sonar:sonar \
+ -Dsonar.projectKey=apache_juneau \
+ -Dsonar.organization=apache \
+ -Dsonar.host.url=https://sonarcloud.io \
+ -Dsonar.login=$SONAR_TOKEN \
+ -Dsonar.java.coveragePlugin=jacoco \
+
-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco-aggregate/jacoco.xml \
+ -Dsonar.junit.reportPaths=target/surefire-reports \
+ -Dsonar.sources=src/main/java \
+ -Dsonar.tests=src/test/java \
+
-Dsonar.exclusions=**/target/**,**/doc/**,**/examples/**,**/src/main/resources/**,**/src/test/resources/**
\
+ -Dsonar.test.exclusions=**/target/**,**/doc/**,**/examples/** \
+ -Dsonar.java.binaries=target/classes \
+ -Dsonar.java.test.binaries=target/test-classes \
+ --batch-mode --no-transfer-progress
+
+ - name: SonarCloud Quality Gate Check
+ uses: sonarcloud-io/quality-gate-action@v2
+ timeout-minutes: 5
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ # Force to fail step after specific time
+ on-failure: continue
diff --git a/README.md b/README.md
index d95272e56..5523168ea 100644
--- a/README.md
+++ b/README.md
@@ -13,34 +13,32 @@
***************************************************************************************************************************
-->
-> **⚠️ WORK IN PROGRESS**
-> This README and documentation are currently being updated as part of our
migration to Docusaurus. Some links may not work correctly yet. We're actively
working to resolve these issues. For the most reliable documentation, please
refer to the [official Apache Juneau website](https://juneau.apache.org/).
+> **📢 Documentation Update**
+> This README has been updated to reflect our new Docusaurus-based
documentation site. For the most current documentation, please visit the
[official Apache Juneau website](https://juneau.staged.apache.org/).
# Apache Juneau
[](https://github.com/apache/juneau/actions/workflows/maven.yml)
[](https://github.com/apache/juneau/actions/workflows/codeql-analysis.yml)
-[](https://github.com/apache/juneau/actions/workflows/pages.yml)
+[](https://sonarcloud.io/summary/new_code?id=apache_juneau)
+[](https://sonarcloud.io/summary/new_code?id=apache_juneau)
## 📚 Documentation & Resources
### 🌐 Official Resources
-* **[🏠 Homepage](https://juneau.apache.org/)** - Official Apache Juneau website
+* **[🏠 Homepage](https://juneau.staged.apache.org/)** - Official Apache Juneau
website
* **[📖 Wiki](https://github.com/apache/juneau/wiki)** - Community
documentation and guides
* **[🎯 Pet Store App](https://github.com/apache/juneau-petstore)** - Complete
example application
-### 📋 Stable Documentation
-* **[📚 Official
Javadocs](https://juneau.apache.org/site/apidocs-9.0.0/index.html)** - Released
API documentation (v9.0.0)
-* **[📖 Official
Documentation](https://juneau.apache.org/site/apidocs-9.0.0/overview-summary.html#overview.description)**
- Complete framework documentation
+### 📋 Documentation
+* **[📚 Javadocs](https://juneau.staged.apache.org/site/apidocs/)** - Complete
API documentation
+* **[📖 User Guide](https://juneau.staged.apache.org/docs/)** - Comprehensive
framework documentation
+* **[🔧 Examples](https://juneau.staged.apache.org/docs/examples/)** - Code
examples and tutorials
+* **[📊 Test Reports](https://juneau.staged.apache.org/site/surefire.html)** -
JUnit test execution results
+* **[📦
Dependencies](https://juneau.staged.apache.org/site/dependencies.html)** -
Project dependency analysis
+* **[📋 Project
Reports](https://juneau.staged.apache.org/site/project-reports.html)** -
Complete Maven site reports
-### 🚀 Development Documentation
-* **[📖 Project Site](https://github.com/pages/apache/juneau/)** - Latest
project documentation with API docs, test reports, and project information
-* **[🔧 API Documentation](https://github.com/pages/apache/juneau/apidocs/)** -
Current development Javadoc API documentation
-* **[📊 Test Reports](https://github.com/pages/apache/juneau/surefire.html)** -
JUnit test execution results
-* **[📦
Dependencies](https://github.com/pages/apache/juneau/dependencies.html)** -
Project dependency analysis
-* **[📋 Project
Reports](https://github.com/pages/apache/juneau/project-reports.html)** -
Complete Maven site reports
-
-> **Note:** The development documentation is automatically updated with each
commit and provides the most current project information.
+> **Note:** The documentation is automatically updated and provides the most
current project information.
## Description
diff --git a/SONARCLOUD_SETUP.md b/SONARCLOUD_SETUP.md
new file mode 100644
index 000000000..da9d2c1d9
--- /dev/null
+++ b/SONARCLOUD_SETUP.md
@@ -0,0 +1,120 @@
+# SonarCloud Setup Guide for Apache Juneau
+
+This guide explains how to set up SonarCloud analysis for the Apache Juneau
project.
+
+## Prerequisites
+
+1. **SonarCloud Account**: Sign up at [sonarcloud.io](https://sonarcloud.io)
using your GitHub account
+2. **Organization**: The project should be under the `apache` organization on
SonarCloud
+3. **Repository Access**: Ensure you have admin access to the Apache Juneau
repository
+
+## Setup Steps
+
+### 1. Create SonarCloud Project
+
+1. Go to [SonarCloud](https://sonarcloud.io)
+2. Click "Analyze new project"
+3. Select "Apache" organization
+4. Choose "apache/juneau" repository
+5. Set project key to: `apache_juneau`
+6. Choose "With GitHub Actions" as the analysis method
+
+### 2. Configure GitHub Secrets
+
+Add the following secret to your GitHub repository:
+
+- **Secret Name**: `SONAR_TOKEN`
+- **Secret Value**: Generate from SonarCloud → My Account → Security →
Generate Tokens
+
+To add the secret:
+1. Go to GitHub repository → Settings → Secrets and variables → Actions
+2. Click "New repository secret"
+3. Name: `SONAR_TOKEN`
+4. Value: Copy from SonarCloud token generation
+
+### 3. Verify Configuration Files
+
+The following files have been added to the project:
+
+- **`.github/workflows/sonarcloud.yml`** - GitHub Actions workflow
+- **`sonar-project.properties`** - SonarCloud configuration
+- **`pom.xml`** - Updated with SonarCloud Maven plugin
+
+### 4. Test the Setup
+
+1. Push the changes to the repository
+2. Check the Actions tab to see the SonarCloud workflow running
+3. Visit [SonarCloud
Dashboard](https://sonarcloud.io/project/overview?id=apache_juneau) to see
results
+
+## Configuration Details
+
+### Workflow Triggers
+
+The SonarCloud analysis runs:
+- **On every push** to master branch
+- **On every pull request** to master branch
+- **Scheduled**: Every Monday at 2:00 AM UTC
+
+### Analysis Configuration
+
+- **Java Version**: 17
+- **Coverage**: JaCoCo integration
+- **Test Reports**: Surefire reports
+- **Exclusions**: Target directories, documentation, examples
+
+### Quality Gate
+
+The workflow includes a quality gate check that will:
+- ✅ **Pass**: If code meets quality standards
+- ❌ **Fail**: If critical issues are found (but won't block the build)
+
+## Monitoring and Maintenance
+
+### Dashboard Access
+
+- **Public Dashboard**:
[sonarcloud.io/project/overview?id=apache_juneau](https://sonarcloud.io/project/overview?id=apache_juneau)
+- **Quality Gate Status**: Visible in README badges
+- **Security Rating**: Displayed on security page
+
+### Regular Tasks
+
+1. **Review Quality Gate Results**: Check weekly for any failing quality gates
+2. **Address Security Issues**: Prioritize security hotspots and
vulnerabilities
+3. **Monitor Technical Debt**: Track and reduce technical debt over time
+4. **Update Dependencies**: Keep SonarCloud Maven plugin updated
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Token Issues**: Ensure `SONAR_TOKEN` secret is correctly set
+2. **Build Failures**: Check Maven build logs for Java compilation issues
+3. **Coverage Issues**: Verify JaCoCo reports are generated correctly
+4. **Timeout Issues**: Large projects may need longer timeout settings
+
+### Getting Help
+
+- **SonarCloud Documentation**:
[docs.sonarcloud.io](https://docs.sonarcloud.io)
+- **GitHub Actions Logs**: Check workflow execution logs
+- **SonarCloud Community**:
[community.sonarcloud.io](https://community.sonarcloud.io)
+
+## Benefits
+
+With SonarCloud integration, you get:
+
+- **Automated Quality Analysis**: Every commit and PR
+- **Security Vulnerability Detection**: Proactive security scanning
+- **Code Coverage Tracking**: Test coverage metrics
+- **Technical Debt Monitoring**: Maintainability insights
+- **Quality Gate Enforcement**: Consistent code quality standards
+- **Public Quality Metrics**: Transparent project health indicators
+
+## Next Steps
+
+After successful setup:
+
+1. **Review Initial Results**: Check the first analysis results
+2. **Configure Quality Gates**: Set appropriate quality standards
+3. **Address Critical Issues**: Fix high-priority security and quality issues
+4. **Monitor Trends**: Track improvement over time
+5. **Share Results**: Update documentation with quality metrics
diff --git a/juneau-docs/src/pages/security.md
b/juneau-docs/src/pages/security.md
index 2e999562d..42a423628 100644
--- a/juneau-docs/src/pages/security.md
+++ b/juneau-docs/src/pages/security.md
@@ -10,10 +10,17 @@ Apache Juneau takes security seriously and uses automated
tools to help identify
## Current Security Status
[](https://github.com/apache/juneau/security/code-scanning)
+[](https://sonarcloud.io/summary/new_code?id=apache_juneau)
+[](https://sonarcloud.io/summary/new_code?id=apache_juneau)
+[](https://sonarcloud.io/summary/new_code?id=apache_juneau)
-[**View latest security analysis results
→**](https://github.com/apache/juneau/security/code-scanning)
+### Analysis Results
+- [**GitHub CodeQL Analysis
→**](https://github.com/apache/juneau/security/code-scanning) - Security
vulnerability detection
+- [**SonarCloud Quality Analysis
→**](https://sonarcloud.io/summary/new_code?id=apache_juneau) - Code quality,
security, and maintainability
-## About CodeQL
+## About Our Analysis Tools
+
+### GitHub CodeQL
We use [GitHub CodeQL](https://codeql.github.com/) for automated security
analysis. CodeQL is GitHub's semantic code analysis engine that helps identify:
@@ -21,11 +28,23 @@ We use [GitHub CodeQL](https://codeql.github.com/) for
automated security analys
- **Bugs and errors** - Logic errors and potential runtime issues
- **Code quality issues** - Patterns that could lead to problems
+### SonarCloud
+
+We use [SonarCloud](https://sonarcloud.io/) for comprehensive code quality
analysis. SonarCloud provides:
+
+- **Code quality metrics** - Maintainability, reliability, and security ratings
+- **Technical debt analysis** - Time to fix code quality issues
+- **Code coverage integration** - Test coverage analysis with JaCoCo
+- **Security hotspot detection** - Potential security vulnerabilities
+- **Code smell detection** - Anti-patterns and maintainability issues
+- **Duplication analysis** - Code duplication detection
+
## Analysis Schedule
-Our security analysis runs automatically:
+Our security and quality analysis runs automatically:
-- **Scheduled runs**: Every Thursday at 3:15 AM UTC
+- **CodeQL**: Every Thursday at 3:15 AM UTC
+- **SonarCloud**: Every Monday at 2:00 AM UTC
- **On every push** to the master branch
- **On every pull request** to the master branch
- **Languages analyzed**: Java
diff --git a/pom.xml b/pom.xml
index 12ec16048..e1bd0cadd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -227,6 +227,12 @@
<version>${jacoco.plugin.version}</version>
</plugin>
+ <plugin>
+
<groupId>org.sonarsource.scanner.maven</groupId>
+
<artifactId>sonar-maven-plugin</artifactId>
+ <version>3.11.0.3922</version>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..8d9db34f4
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,48 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SonarCloud configuration for Apache Juneau
+sonar.projectKey=apache_juneau
+sonar.organization=apache
+sonar.host.url=https://sonarcloud.io
+
+# Project information
+sonar.projectName=Apache Juneau
+sonar.projectVersion=9.1.0
+
+# Source code configuration
+sonar.sources=src/main/java
+sonar.tests=src/test/java
+sonar.java.binaries=target/classes
+sonar.java.test.binaries=target/test-classes
+
+# Exclusions
+sonar.exclusions=**/target/**,**/doc/**,**/examples/**,**/src/main/resources/**,**/src/test/resources/**,**/generated/**,**/build/**
+sonar.test.exclusions=**/target/**,**/doc/**,**/examples/**,**/generated/**,**/build/**
+
+# Coverage configuration
+sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco-aggregate/jacoco.xml
+sonar.junit.reportPaths=target/surefire-reports
+
+# Java specific settings
+sonar.java.source=17
+sonar.java.target=17
+
+# Quality gate configuration
+sonar.qualitygate.wait=true
+
+# Additional settings for large projects
+sonar.analysis.mode=publish
+sonar.verbose=true
