bfresnel · bfresnel · Sep 8, 2022 · Sep 8, 2022 · Sep 8, 2022 · Sep 8, 2022
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,40 @@
+name: Sonarcloud
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+    branches: [ main ]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 16.0.2
+        uses: actions/setup-java@v3
+        with:
+          java-version: '16.0.2'
+          distribution: 'temurin'
+      - name: Change wrapper permissions
+        run: chmod +x ./gradlew
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew build sonarqube --info
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -2,10 +2,11 @@ plugins {
     id("java")
     id("org.springframework.boot") version "2.7.0"
     id("io.spring.dependency-management") version "1.0.11.RELEASE"
+    id("org.sonarqube") version "3.4.0.2513"
 }
 
 group = "fr.bfr"
-version = "2.1.0"
+version = "2.1.1"
 java.sourceCompatibility = JavaVersion.VERSION_16
 
 
@@ -59,3 +60,15 @@ tasks.jar {
         )
     }
 }
+
+sonarqube {
+    properties {
+        properties(
+            mapOf<String, Any>(
+                "sonar.projectKey" to "bfresnel_loot-table-poc",
+                "sonar.organization" to "bfresnel",
+                "sonar.host.url" to "https://sonarcloud.io",
+            )
+        )
+    }
+}
diff --git a/src/main/java/fr/bfr/services/LootService.java b/src/main/java/fr/bfr/services/LootService.java
@@ -5,18 +5,19 @@
 import fr.bfr.model.DropChance;
 import org.springframework.stereotype.Service;
 
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 @Service
 public class LootService implements LootApi {
 
+    private final SecureRandom secureRandom = new SecureRandom();
+
     @Override
     public List<Character> pull(List<Character> data, List<DropChance> dropChances, Integer numberOfPull) {
         List<Character> pulledCharacters = new ArrayList<>();
         List<Character> charactersListWithDropChance = new ArrayList<>();
-        Random random = new Random();
         int counter = 0;
 
         // Setting an array of 100 characters with number of each character matching the chance
@@ -29,7 +30,7 @@ public List<Character> pull(List<Character> data, List<DropChance> dropChances,
         }
 
         while (counter < numberOfPull) {
-            pulledCharacters.add(charactersListWithDropChance.get(random.nextInt(100)));
+            pulledCharacters.add(charactersListWithDropChance.get(secureRandom.nextInt(100)));
             counter += 1;
         }