action.yml

name: dotnet-sonar-scanner
author: 'Peter Jokumsen'
description: 'Use SonarScanner to analyze .NET project and publish to a sonarcloud project.'
branding:
  icon: 'upload-cloud'
  color: 'blue'
inputs:
  sonar-project-key:
    description: 'Key for Sonar project'
    required: true
  sonar-org-key:
    description: 'Key for Sonar organisation'
    required: true
  token:
    description: 'GitHub token'
    required: true
  sonar-token:
    description: 'Sonar token to use for authenticating with Sonar'
  working-directory:
    description: 'Directory to execute `dotnet build` in'
    required: false
    default: '.'
  dotnet-version:
    description: '.NET SDK to be used'
    required: false
    default: '6.0.x'
  project-version:
    description: 'Project version to use for scan'
    required: false
    default: ''
  checkout:
    description: 'Should action perform checkout of repo itself'
    required: false
    default: 'true'

runs:
  using: 'composite'
  steps:
    - uses: actions/setup-java@v3
      name: Set up JDK 11
      with:
        distribution: 'zulu'
        java-version: '11'

    - uses: actions/setup-dotnet@v3
      name: Setup dotnet
      with:
        dotnet-version: ${{ inputs.dotnet-version }}

    - uses: actions/checkout@v3
      if: inputs.checkout == 'true'
      with:
        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

    - uses: actions/cache@v3
      name: Cache SonarCloud packages
      with:
        path: ~/.sonar/cache
        key: ${{ runner.os }}-sonar
        restore-keys: ${{ runner.os }}-sonar

    - uses: actions/cache@v3
      name: Cache SonarCloud scanner
      id: cache-sonar-scanner
      with:
        path: ${{ inputs.working-directory }}/.sonar/scanner
        key: ${{ runner.os }}-sonar-scanner
        restore-keys: ${{ runner.os }}-sonar-scanner

    - shell: pwsh
      name: Install SonarCloud scanner
      if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
      run: |
        New-Item -Path ${{ inputs.working-directory }}/.sonar/scanner -ItemType Directory
        dotnet tool update dotnet-sonarscanner --tool-path ${{ inputs.working-directory }}/.sonar/scanner

    - shell: pwsh
      name: Build and analyze
      working-directory: ${{ inputs.working-directory }}
      env:
        GITHUB_TOKEN: ${{ inputs.token }}  # Needed to get PR information, if any
        SONAR_TOKEN: ${{ inputs.sonar-token }}
      run: |
        dotnet tool update --global dotnet-coverage

        ./.sonar/scanner/dotnet-sonarscanner begin `
            /k:"${{ inputs.sonar-project-key }}" `
            /o:"${{ inputs.sonar-org-key }}" `
            /d:sonar.login="${{ inputs.sonar-token }}" `
            /d:sonar.host.url="https://sonarcloud.io" `
            /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml `
            /v:${{ inputs.project-version }}

        dotnet build
        dotnet-coverage collect 'dotnet test' -f xml  -o 'coverage.xml'

        ./.sonar/scanner/dotnet-sonarscanner end `
            /d:sonar.login="${{ inputs.sonar-token }}"