Skip to content

Merge pull request #17 from paul-gilber/install-packages-via-features #37

Merge pull request #17 from paul-gilber/install-packages-via-features

Merge pull request #17 from paul-gilber/install-packages-via-features #37

---
# Workflow syntax for GitHub Actions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
# SonarCloud: https://sonarcloud.io/
# CI analysis while Automatic Analysis must be disabled for successful execution of this workflow https://docs.sonarcloud.io/advanced-setup/automatic-analysis/#conflict-with-ci-based-analysis
name: Scan Code with SonarCloud
# Events: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
on:
# Run workflow on push except for ignored branches and paths
push:
paths-ignore:
- '**.md' # Ignore documentation changes
- '.github/**(!code-scan-sonarcloud.yml)' # Ignore other workflow changes
# Run workflow on pull request
pull_request: # By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened
# Run a single job at a time: https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
permissions:
contents: read
jobs:
sonarcloud:
# Run job when not triggered by a merge
if: (github.event_name == 'push' && contains(toJSON(github.event.head_commit.message), 'Merge pull request ') == false) || (github.event_name != 'push')
runs-on: ubuntu-latest # GitHub-hosted runners: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
# Set Job-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
permissions:
pull-requests: read # Allow SonarCloud to get pull request details
environment: sonarcloud # Use `sonarcloud` repository environment
steps:
# Workaround for the absence of github.branch_name, use github-env-vars-action to define useful environment variables not available by default
- uses: FranzDiebold/github-env-vars-action@v2 # https://github.com/marketplace/actions/github-environment-variables-action
- name: Checkout repository
uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: Cache SonarCloud dependencies
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
with:
path: |
~/.sonar/cache
key: sonarcloud-${{ github.repository_id }}
- name: SonarCloud Scan via Github Action
uses: sonarsource/sonarcloud-github-action@v2.0.2 # https://github.com/marketplace/actions/sonarcloud-scan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
with:
projectBaseDir: src
args: >
-Dsonar.organization=${{ env.CI_REPOSITORY_OWNER }}
-Dsonar.projectKey=${{ env.CI_REPOSITORY_OWNER }}_${{ env.CI_REPOSITORY_NAME }}
# In case you need to override default settings
# - name: Analyze with SonarCloud
# uses: sonarsource/sonarcloud-github-action@v2.0.2
# with:
# projectBaseDir: my-custom-directory
# args: >
# -Dsonar.organization=my-organization
# -Dsonar.projectKey=my-projectkey
# -Dsonar.python.coverage.reportPaths=coverage.xml
# -Dsonar.sources=lib/
# -Dsonar.test.exclusions=tests/**
# -Dsonar.tests=tests/
# -Dsonar.verbose=true
# # SonarCloud GitHub Action fails when a NPM project is detected and recommends usage of NPM Sonar plugin
# - name: SonarCloud Scan via NPM (${{ github.event_name }})
# if: github.event_name != 'pull_request'
# # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_demoapp-frontend
# # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment
# run: |
# mvn -B verify \
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \
# -Drevision=${{ env.CI_ACTION_REF_NAME }} \
# -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \
# -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \
# -Dmaven.test.skip=true \
# -Ddockerfile.skip=true
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment
# # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
# # SonarCloud GitHub Action fails when a NPM project is detected and recommends usage of NPM Sonar plugin
# - name: SonarCloud Scan via NPM (pull_request)
# if: github.event_name == 'pull_request'
# # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_demoapp-frontend
# # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment
# run: |
# mvn -B verify \
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \
# -Drevision=${{ env.CI_ACTION_REF_NAME }} \
# -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \
# -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \
# -Dsonar.pullrequest.provider=GitHub \
# -Dsonar.pullrequest.github.repository=${{ github.repository }} \
# -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \
# -Dsonar.pullrequest.branch=${{ github.head_ref }} \
# -Dsonar.pullrequest.base=${{ github.base_ref }} \
# -Dmaven.test.skip=true \
# -Ddockerfile.skip=true
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment
# # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
# In case you need to override default settings
# - name: SonarCloud Scan via NPM
# run: |
# mvn -B verify \
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \
# -Dmaven.test.skip=true \
# -Ddockerfile.skip=true \
# -Dsonar.organization=my-organization \
# -Dsonar.projectKey=my-projectkey \
# -Dsonar.python.coverage.reportPaths=coverage.xml \
# -Dsonar.sources=lib/ \
# -Dsonar.test.exclusions=tests/** \
# -Dsonar.tests=tests/ \
# -Dsonar.verbose=true
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
# SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/