[ 
https://issues.apache.org/jira/browse/NUTCH-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18094284#comment-18094284
 ] 

ASF GitHub Bot commented on NUTCH-3186:
---------------------------------------

sebastian-nagel opened a new pull request, #940:
URL: https://github.com/apache/nutch/pull/940

   - Cache / upload in master / PR ci build:
     - build artifacts (class files and dependency jars)
     - coverage reports
   - Do not run builds or tests in "sonarcloud" workflow
   - Download cached artifacts and call Sonarcloud scan
   - Do not clean before running integration tests (protocol and indexer) to 
avoid that test results are removed




> Split SonarQube workflow in unprivileged build and privileged analysis part
> ---------------------------------------------------------------------------
>
>                 Key: NUTCH-3186
>                 URL: https://issues.apache.org/jira/browse/NUTCH-3186
>             Project: Nutch
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 1.23
>            Reporter: Sebastian Nagel
>            Assignee: Sebastian Nagel
>            Priority: Critical
>             Fix For: 1.23
>
>
> The SonarQube workflow defined by {{.github/workflows/sonarcloud.yml}} is run 
> in a single workflow which has access to repository secrets. By splitting the 
> workflow in an unprivileged build and privileged part which performs the 
> analysis and sets the SonarQube status will secure the workflow secrets.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to