Analysis with Sonarlint and publish to SonarCloud #100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Analysis with Sonarlint and publish to SonarCloud | |
| "on": | |
| workflow_run: | |
| workflows: ["Code Testing"] | |
| types: [completed] | |
| jobs: | |
| sonarcloud: | |
| name: Run Sonarlint analysis and upload to SonarCloud. | |
| if: github.repository == 'aristanetworks/j2lint' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha }} | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Download coverage from unit tests | |
| continue-on-error: true | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: pytest-coverage | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| merge-multiple: true | |
| - name: "Get PR context" | |
| # Source: https://github.com/orgs/community/discussions/25220#discussioncomment-11316244 | |
| id: pr-context | |
| if: github.event.workflow_run.event == 'pull_request' | |
| env: | |
| # Token required for GH CLI: | |
| GH_TOKEN: ${{ github.token }} | |
| # Best practice for scripts is to reference via ENV at runtime. Avoid using the expression syntax in the script content directly: | |
| PR_TARGET_REPO: ${{ github.repository }} | |
| # If the PR is from a fork, prefix it with `<owner-login>:`, otherwise only the PR branch name is relevant: | |
| PR_BRANCH: |- | |
| ${{ | |
| (github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login) | |
| && format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch) | |
| || github.event.workflow_run.head_branch | |
| }} | |
| # Query the PR number by repo + branch, then assign to step output: | |
| run: | | |
| gh pr view --repo "${PR_TARGET_REPO}" "${PR_BRANCH}" \ | |
| --json 'number,baseRefName' --jq '"number=\(.number)\nbase_ref=\(.baseRefName)"' \ | |
| >> "${GITHUB_OUTPUT}" | |
| echo "pr_branch=${PR_BRANCH}" >> "${GITHUB_OUTPUT}" | |
| - name: SonarQube Scan | |
| uses: SonarSource/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| # Using ACTION_STEP_DEBUG to trigger verbose when debugging in Github Action | |
| args: > | |
| -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} | |
| -Dsonar.pullrequest.key=${{ steps.pr-context.outputs.number }} | |
| -Dsonar.pullrequest.branch=${{ steps.pr-context.outputs.pr_branch }} | |
| -Dsonar.pullrequest.base=${{ steps.pr-context.outputs.base_ref }} | |
| -Dsonar.verbose=${{ secrets.ACTIONS_STEP_DEBUG }} |