From cc0dd5368a38b13bc00125f5d682f2569044bdd3 Mon Sep 17 00:00:00 2001
From: jiangyuanshu <317787106@qq.com>
Date: Tue, 3 Mar 2026 15:56:13 +0800
Subject: [PATCH 1/4] add sonar check

---
 .github/workflows/pr-check.yml | 120 ++++++++++++++++++++++-----------
 build.gradle                   |  12 +++-
 framework/build.gradle         |   2 +-
 plugins/build.gradle           |   1 -
 4 files changed, 93 insertions(+), 42 deletions(-)

diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 5b76470a5f1..9dc814863ce 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -93,9 +93,86 @@ jobs:
               core.info('PR lint passed.');
             }
 
+  sonar-check:
+    name: SonarCloud Analysis
+    needs: pr-lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: Cache Gradle packages
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/gradle-wrapper.properties') }}
+          restore-keys: ${{ runner.os }}-gradle-
+
+      - name: Build and analyze
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+               ./gradlew clean classes testClasses sonar --info -PskipJdkCheck \
+               -Dsonar.host.url=https://sonarcloud.io \
+#               -Dsonar.organization=${{ github.repository_owner }} \
+               -Dsonar.organization=tron-zhaohong \
+#               -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
+               -Dsonar.projectKey=java-tron
+
+  checkstyle:
+    name: Checkstyle
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          java-version: '8'
+          distribution: 'temurin'
+
+      - name: Cache Gradle packages
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/gradle-wrapper.properties') }}
+          restore-keys: ${{ runner.os }}-gradle-
+
+      - name: Run Checkstyle
+        run: ./gradlew :framework:checkstyleMain :framework:checkstyleTest :plugins:checkstyleMain
+
+      - name: Upload Checkstyle reports
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: checkstyle-reports
+          path: |
+            framework/build/reports/checkstyle/
+            plugins/build/reports/checkstyle/
+
   build:
     name: Build ${{ matrix.os-name }}(JDK ${{ matrix.java }} / ${{ matrix.arch }})
-    needs: pr-lint
+    needs: [pr-lint, checkstyle, sonar-check]
     runs-on: ${{ matrix.runner }}
     strategy:
       fail-fast: false
@@ -141,7 +218,7 @@ jobs:
 
   docker-build-rockylinux:
     name: Build rockylinux (JDK 8 / x86_64)
-    needs: pr-lint
+    needs: [pr-lint, checkstyle, sonar-check]
     runs-on: ubuntu-latest
 
     container:
@@ -207,7 +284,7 @@ jobs:
 
   docker-build-debian11:
     name: Build debian11 (JDK 8 / x86_64)
-    needs: pr-lint
+    needs: [pr-lint, checkstyle, sonar-check]
     runs-on: ubuntu-latest
 
     container:
@@ -412,39 +489,4 @@ jobs:
           echo "All coverage gates passed!"
           echo "  Current commit : ${self_cov}%"
           echo "  Base branch    : ${base_branch_cov}%"
-          echo "  Patch coverage : ${patch_cov}%"
-
-  checkstyle:
-    name: Checkstyle
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up JDK 8
-        uses: actions/setup-java@v4
-        with:
-          java-version: '8'
-          distribution: 'temurin'
-
-      - name: Cache Gradle packages
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/gradle-wrapper.properties') }}
-          restore-keys: ${{ runner.os }}-gradle-
-
-      - name: Run Checkstyle
-        run: ./gradlew :framework:checkstyleMain :framework:checkstyleTest :plugins:checkstyleMain
-
-      - name: Upload Checkstyle reports
-        if: failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: checkstyle-reports
-          path: |
-            framework/build/reports/checkstyle/
-            plugins/build/reports/checkstyle/
-
+          echo "  Patch coverage : ${patch_cov}%"
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index 12a0622db99..b686b893316 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,5 +1,10 @@
 import org.gradle.nativeplatform.platform.internal.Architectures
 import org.gradle.internal.os.OperatingSystem
+
+plugins {
+    id "org.sonarqube" version "5.1.0.4882" apply false
+}
+
 allprojects {
     version = "1.0.0"
     apply plugin: "java-library"
@@ -40,7 +45,7 @@ ext.archInfo = [
         VMOptions: isArm64 ? "${rootDir}/gradle/jdk17/java-tron.vmoptions" : "${rootDir}/gradle/java-tron.vmoptions"
 ]
 
-if (!archInfo.java.is(archInfo.requires.JavaVersion)) {
+if (!archInfo.java.is(archInfo.requires.JavaVersion) && !project.hasProperty('skipJdkCheck')) {
     throw new GradleException("Java ${archInfo.requires.JavaVersion} is required for ${archInfo.name}. Detected version ${archInfo.java}")
 }
 
@@ -165,3 +170,8 @@ gradle.buildFinished {
         }
     }
 }
+
+// Apply SonarQube plugin only when running with JDK 17+ (sonar analysis requires JDK 17)
+if (JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
+    apply plugin: "org.sonarqube"
+}
diff --git a/framework/build.gradle b/framework/build.gradle
index 59d070e066d..42e905fda67 100644
--- a/framework/build.gradle
+++ b/framework/build.gradle
@@ -1,6 +1,6 @@
 plugins {
     id "org.gradle.test-retry" version "1.5.9"
-    id "org.sonarqube" version "2.6"
+
     id "com.gorylenko.gradle-git-properties" version "2.4.1"
 }
 
diff --git a/plugins/build.gradle b/plugins/build.gradle
index e03e9a7c49a..6f18f2b9d41 100644
--- a/plugins/build.gradle
+++ b/plugins/build.gradle
@@ -1,5 +1,4 @@
 plugins {
-    id "org.sonarqube" version "2.6"
 }
 
 apply plugin: 'application'

From 1db1711336e78da23588d457965249b3c2955bf3 Mon Sep 17 00:00:00 2001
From: jiangyuanshu <317787106@qq.com>
Date: Tue, 3 Mar 2026 16:06:36 +0800
Subject: [PATCH 2/4] exclude tests when use sonarcheck

---
 build.gradle | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/build.gradle b/build.gradle
index b686b893316..34f3c0463a3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -174,4 +174,24 @@ gradle.buildFinished {
 // Apply SonarQube plugin only when running with JDK 17+ (sonar analysis requires JDK 17)
 if (JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
     apply plugin: "org.sonarqube"
+
+    sonar {
+        properties {
+            property "sonar.sourceEncoding", "UTF-8"
+        }
+    }
+
+    // Only analyze these modules; skip the rest
+    ["protocol", "platform", "example:actuator-example"].each { name ->
+        project(":${name}").sonar.skipProject = true
+    }
+
+    // Only analyze main sources, exclude test sources
+    subprojects {
+        sonar {
+            properties {
+                property "sonar.tests", ""
+            }
+        }
+    }
 }

From 1bf9998486da52cc74513944d92c82444961751e Mon Sep 17 00:00:00 2001
From: jiangyuanshu <317787106@qq.com>
Date: Tue, 3 Mar 2026 16:17:08 +0800
Subject: [PATCH 3/4] skip sonarqube in JDK8

---
 build.gradle | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 34f3c0463a3..9c8a533b337 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,8 +1,16 @@
 import org.gradle.nativeplatform.platform.internal.Architectures
 import org.gradle.internal.os.OperatingSystem
 
-plugins {
-    id "org.sonarqube" version "5.1.0.4882" apply false
+// SonarQube plugin: only resolve on JDK 17+ to avoid verification-metadata issues on JDK 8
+if (JavaVersion.current().isCompatibleWith(JavaVersion.VERSION_17)) {
+    buildscript {
+        repositories {
+            maven { url 'https://plugins.gradle.org/m2/' }
+        }
+        dependencies {
+            classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:5.1.0.4882'
+        }
+    }
 }
 
 allprojects {

From fbaa3f68f2ec1ce4d437ebbfabb0786fc360e7f9 Mon Sep 17 00:00:00 2001
From: jiangyuanshu <317787106@qq.com>
Date: Tue, 3 Mar 2026 16:28:57 +0800
Subject: [PATCH 4/4] use JDK 17 for Checkstyle

---
 .github/workflows/pr-check.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 9dc814863ce..93f1ba5b3e1 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -143,10 +143,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up JDK 8
+      - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
-          java-version: '8'
+          java-version: '17'
           distribution: 'temurin'
 
       - name: Cache Gradle packages