Add code analyses via Sonar (#458)

.github/workflows/build.yml

@@ -0,0 +1,36 @@
+name: Build
+on:
+    push:
+        branches:
+            - '*'
+    pull_request:
+        types: [opened, synchronize, reopened]
+jobs:
+    build:
+        name: Build
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+            - name: Set up JDK 11
+              uses: actions/setup-java@v1
+              with:
+                  java-version: 11
+            - name: Cache SonarCloud packages
+              uses: actions/cache@v1
+              with:
+                  path: ~/.sonar/cache
+                  key: ${{ runner.os }}-sonar
+                  restore-keys: ${{ runner.os }}-sonar
+            - name: Cache Maven packages
+              uses: actions/cache@v1
+              with:
+                  path: ~/.m2
+                  key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+                  restore-keys: ${{ runner.os }}-m2
+            - name: Build and analyze
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+                  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+              run: cd pf4j && mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar

pf4j/pom.xml

@@ -14,6 +14,10 @@
     <name>PF4J</name>
     <description>Plugin Framework for Java</description>
 
+    <properties>
+        <sonar.projectKey>pf4j_pf4j</sonar.projectKey>
+    </properties>
+
     <build>
         <plugins>
             <plugin>

pom.xml

@@ -58,6 +58,9 @@
         <javadoc.disabled>false</javadoc.disabled>
         <deploy.disabled>false</deploy.disabled>
         <source.disabled>false</source.disabled>
+
+        <sonar.organization>pf4j</sonar.organization>
+        <sonar.host.url>https://sonarcloud.io</sonar.host.url>
     </properties>
 
     <build>