Skip to content

SonarCloud

SonarCloud #234

name: "SonarCloud"
on:
workflow_run:
workflows: [ Build ]
types: [ completed ]
jobs:
analyze:
if: ${{ github.repository == 'xlate/property-inject' && github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
name: Analyze
steps:
- name: Display Github Event Context
run: echo "$GITHUB_CONTEXT"
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
## Checkout the source of the event that triggered this workflow,
## PR commit (pull_request event) or commit (push event).
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
## Retrieve the `target` directory from the build job
- name: Fetch Build Result
uses: actions/github-script@v7
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "target"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/target.zip', Buffer.from(download.data));
## Extract the `target` directory from the build job
- name: Extract Build Result
run: |
mkdir target && unzip target.zip -d target
## Load the context from the build job - runs for any trigger to allow templates with `steps.build_context.outputs.content`
## to be accepted by GitHub Actions.
- name: Read Build Context
id: build_context
uses: juliangruber/read-file-action@v1
with:
path: ./target/build-context.json
## (PRs Only) Check out the base branch (target of the PR)
- name: Checkout Base Branch (PR Only)
if: github.event.workflow_run.event == 'pull_request'
env:
BASE_BRANCH: ${{ fromJson(steps.build_context.outputs.content).base_ref }}
run: |
git remote add upstream ${{ github.event.repository.clone_url }}
git fetch upstream --prune --tags --force
git checkout -B $BASE_BRANCH upstream/$BASE_BRANCH
git checkout ${{ github.event.workflow_run.head_sha }}
git clean -ffdx --exclude=target/ && git reset --hard HEAD
- name: Setup JDK
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 21
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Setup Maven Cache
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: m2-repository-${{ hashFiles('**/pom.xml') }}
## (PRs Only) Run Sonar analysis against the results of the build job, providing PR information
- name: SonarCloud Analysis (PR Only)
if: github.event.workflow_run.event == 'pull_request'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \
-Dsonar.pullrequest.key=${{ fromJson(steps.build_context.outputs.content).event.number }} \
-Dsonar.pullrequest.branch=${{ fromJson(steps.build_context.outputs.content).head_ref }} \
-Dsonar.pullrequest.base=${{ fromJson(steps.build_context.outputs.content).base_ref }}
## (Push Only) Run Sonar analysis against the results of the build job
- name: SonarCloud Analysis (Push Only)
if: github.event.workflow_run.event == 'push'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \
-Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}