-
Notifications
You must be signed in to change notification settings - Fork 5k
58 lines (51 loc) · 2.42 KB
/
sonarcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# This GitHub action will checkout and scan third party code.
# Please ensure that any changes to this action do not perform
# actions that may result in code from that branch being executed
# such as installing dependencies or running build scripts.
name: SonarCloud
on:
workflow_run:
workflows:
- Main
types:
- completed
permissions:
actions: read
jobs:
sonarcloud:
# Only scan code from non-forked repositories that have passed the tests
# This will skip scanning the code for forks, but will run for the main repository on PRs from forks
if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.repository.fork == false }}
name: SonarCloud
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }} # Use the repository that triggered the workflow
ref: ${{ github.event.workflow_run.head_branch }} # Use the branch that triggered the workflow
fetch-depth: 0 # Shallow clones should be disabled for better relevancy of analysis
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: lcov.info
path: coverage
github-token: ${{ github.token }} # This is required when downloading artifacts from a different repository or from a different workflow run.
run-id: ${{ github.event.workflow_run.id }} # Use the workflow id that triggered the workflow
- name: Download sonar-project.properties
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: MetaMask/metamask-extension
run: |
sonar_project_properties=$(gh api -H "Accept: application/vnd.github.raw" "repos/$REPOSITORY/contents/sonar-project.properties")
if [ -z "$sonar_project_properties" ]; then
echo "::error::sonar-project.properties not found in $REPOSITORY. Please make sure this file exists on the default branch."
exit 1
fi
echo "$sonar_project_properties" > sonar-project.properties
- name: SonarCloud Scan
# This is SonarSource/[email protected]
uses: SonarSource/sonarcloud-github-action@4b4d7634dab97dcee0b75763a54a6dc92a9e6bc1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}