feat(sonar-dotnet): add sonar dotnet scan workflow (#198)

SwanseaUniversityMedical · Nov 8, 2024 · 02f6fda · 02f6fda
1 parent 2e7d892
commit 02f6fda
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 1 deletion.
diff --git a/.github/commitlint.config.mjs b/.github/commitlint.config.mjs
@@ -11,7 +11,8 @@ export default {
         'charts',
         'commitlint',
         'labeler',
-        'renovate'
+        'renovate',
+        'sonar-dotnet'
     ]]
   }
 };
diff --git a/.github/workflows/release-sonar-dotnet-workflow.yaml b/.github/workflows/release-sonar-dotnet-workflow.yaml
@@ -0,0 +1,35 @@
+name: Release Sonar DotNet Scan Workflow
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    paths:
+      - '.github/workflows/release-sonar-dotnet-workflow.yaml'
+      - '.github/workflows/sonar-dotnet.yaml'
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/release-sonar-dotnet-workflow.yaml'
+      - '.github/workflows/sonar-dotnet.yaml'
+
+permissions:
+  actions: read
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  # Cancel early on pull requests if new commits are added,
+  # Don't cancel on release pushes
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  sonar-dotnet:
+    uses: ./.github/workflows/pr-and-release-repo.yaml
+    with:
+      job-name: sonar-dotnet
+      comment-release: true
+      release-tag-format: 'v${version}-sonar-dotnet'
diff --git a/.github/workflows/sonar-dotnet.yaml b/.github/workflows/sonar-dotnet.yaml
@@ -0,0 +1,61 @@
+on:
+  workflow_call:
+    inputs:
+
+      project-name:
+        description: "Name of the dotnet project to scan."
+        required: true
+        type: string
+
+      project-file:
+        description: "Path to the csproj file relative to the project-context."
+        required: true
+        type: string
+
+      project-context:
+        description: "Path to the root dir of the project."
+        default: '.'
+        type: string
+
+      sonar-url:
+        description: "URL of the sonarqube sever."
+        required: true
+        type: string
+
+    secrets:
+
+      sonar-token:
+        description: "Authentication token for sonarqube."
+        required: true
+
+jobs:
+  scan:
+    runs-on:
+      labels: [self-hosted, linux, x64]
+      group: heavy
+
+    steps:
+      - name: clone repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: scan project
+        run: |
+          docker run --rm -v $(pwd):/repo -w "/repo/$PROJECT_CONTEXT" $SONAR_IMAGE \
+            bash -c " \
+              dotnet /sonar-scanner/SonarScanner.MSBuild.dll begin \
+                /k:$PROJECT_NAME /name:$PROJECT_NAME \
+                /d:sonar.host.url=$SONAR_URL \
+                /d:sonar.login=$SONAR_TOKEN && \
+              dotnet restore $PROJECT_FILE && \
+              dotnet build $PROJECT_FILE -c Release && \
+              dotnet /sonar-scanner/SonarScanner.MSBuild.dll end \
+                /d:sonar.login=$SONAR_TOKEN"
+        env:
+          SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/dotnet-sonar:23.06.4-r2
+          PROJECT_NAME: ${{ inputs.project-name }}
+          PROJECT_FILE: ${{ inputs.project-file }}
+          PROJECT_CONTEXT: ${{ inputs.project-context }}
+          SONAR_URL: ${{ inputs.sonar-url }}
+          SONAR_TOKEN: ${{ secrets.sonar-token }}