CI: Add maven-build-action call before SonarQube scan

Issue-ID: CIMAN-33
Change-Id: I6e76c2d078ab3db2c4f6967d3410a66a9a70217b
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>

diff --git a/.github/workflows/security-scans.yaml b/.github/workflows/security-scans.yaml
index 68825b2..1278c7a 100644 (file)
--- a/.github/workflows/security-scans.yaml
+++ b/.github/workflows/security-scans.yaml
@@ -36,8 +36,7 @@ jobs:
   # Scan results are found at: https://sonarcloud.io/login
   sonarqube-cloud:
     name: "SonarQube Cloud"
-    # yamllint disable-line rule:line-length
-    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonarqube-cloud.yaml@8c3cf221da0e47955647647c9a254c1f807081ce # v0.2.18
+    runs-on: ubuntu-latest
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
@@ -46,5 +45,21 @@ jobs:
       # Uncomment the permissions below if installing in a private repository.
       # contents: read
       # actions: read
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    steps:
+      - name: 'Check for file: pom.xml'
+        id: maven-project
+        # yamllint disable-line rule:line-length
+        uses: lfreleng-actions/path-check-action@aa7dabfa92e50e31a0f091dd3e2741692e8dde07 # v0.1.5
+        with:
+          path: "pom.xml"
+
+      - name: "Build Maven project"
+        if: steps.maven-project.outputs.exists == 'true'
+        # yamllint disable-line rule:line-length
+        uses: lfreleng-actions/maven-build-action@766c383c4d1103778a5c166c3a84d081555895e2 # v0.1.0
+
+      - name: "SonarQube Cloud Scan"
+        # yamllint disable-line rule:line-length
+        uses: lfreleng-actions/sonarqube-cloud-scan-action@a5fb959e36b1e7957b7cae5f4a12bf14b5c66875 # v0.1.3
+        with:
+          sonar_token: ${{ secrets.SONAR_TOKEN }}