Skip to content

SonarCloud Analysis for PRs from Fork #234

SonarCloud Analysis for PRs from Fork

SonarCloud Analysis for PRs from Fork #234

#
# Copyright © 2017-2024 Dominic Heutelbeck (dominic@heutelbeck.com)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: SonarCloud Analysis for PRs from Fork
on:
workflow_run:
workflows: [Testing and Publishing]
types:
- completed
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
analyze:
if: ${{ github.event.workflow_run.head_repository.fork && (github.event.workflow_run.conclusion == 'success') }}
name: SonarCloud Analysis
runs-on: ubuntu-latest
timeout-minutes: 35
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Download Artifact
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with:
name: pr_build
github-token: ${{ secrets.GHUB_ACCESS_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: Set up JDK 17
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
with:
distribution: 'temurin'
java-version: 17
cache: 'maven'
- name: Get PR Number
run: echo "PR=$(cat pr_data.txt)" >> $GITHUB_ENV
- name: Analyze with SonarCloud
env:
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
run: >
mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar
-pl !:sapl-demo-oauth2-jwt-client-application
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.organization=heutelbeck
-Dsonar.projectKey=heutelbeck_sapl-demos
-Dsonar.sources=pom.xml,src/
-Dsonar.inclusions=**/pom.xml,**/src/main/java/**,**/src/main/resources/**
-Dsonar.exclusions=**/xtext-gen/**/*,**/xtend-gen/**/*,**/emf-gen/**/*
-Dsonar.java.spotbugs.reportPaths=target/spotbugsXml.xml
-Dsonar.pullrequest.key=${PR}
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
- name: Clean up Local Repository before Caching
run: rm -rf /.m2/repository/io/sapl