feat: add sonar dotnet 8 workflow (#209)

.github/workflows/release-sonar-dotnet-workflow.yaml → .github/workflows/release-sonar-dotnet-7-workflow.yaml

@@ -1,19 +1,19 @@
-name: Release Sonar DotNet Scan Workflow
+name: Release Sonar DotNet 7 Scan Workflow
 
 on:
   pull_request:
     types:
       - opened
       - synchronize
     paths:
-      - '.github/workflows/release-sonar-dotnet-workflow.yaml'
-      - '.github/workflows/sonar-dotnet.yaml'
+      - '.github/workflows/release-sonar-dotnet-7-workflow.yaml'
+      - '.github/workflows/sonar-dotnet-7.yaml'
   push:
     branches:
       - main
     paths:
-      - '.github/workflows/release-sonar-dotnet-workflow.yaml'
-      - '.github/workflows/sonar-dotnet.yaml'
+      - '.github/workflows/release-sonar-dotnet-7-workflow.yaml'
+      - '.github/workflows/sonar-dotnet-7.yaml'
 
 permissions:
   actions: read
@@ -27,9 +27,9 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  sonar-dotnet:
+  sonar-dotnet-7:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
-      job-name: sonar-dotnet
+      job-name: sonar-dotnet-7
       comment-release: true
-      release-tag-format: 'v${version}-sonar-dotnet'
+      release-tag-format: 'v${version}-sonar-dotnet-7'

.github/workflows/release-sonar-dotnet-8-workflow.yaml

@@ -0,0 +1,35 @@
+name: Release Sonar DotNet 8 Scan Workflow
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    paths:
+      - '.github/workflows/release-sonar-dotnet-8-workflow.yaml'
+      - '.github/workflows/sonar-dotnet-8.yaml'
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/release-sonar-dotnet-8-workflow.yaml'
+      - '.github/workflows/sonar-dotnet-8.yaml'
+
+permissions:
+  actions: read
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  # Cancel early on pull requests if new commits are added,
+  # Don't cancel on release pushes
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  sonar-dotnet-8:
+    uses: ./.github/workflows/pr-and-release-repo.yaml
+    with:
+      job-name: sonar-dotnet-8
+      comment-release: true
+      release-tag-format: 'v${version}-sonar-dotnet-8'

.github/workflows/sonar-dotnet.yaml → .github/workflows/sonar-dotnet-7.yaml

@@ -78,7 +78,7 @@ jobs:
               dotnet /sonar-scanner/SonarScanner.MSBuild.dll end \
                 /d:sonar.token=$SONAR_TOKEN"
         env:
-          SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet:2.0.0
+          SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet-7:2.0.1
           PROJECT_NAME: ${{ inputs.project-name }}
           PROJECT_FILE: ${{ inputs.project-file }}
           PROJECT_CONTEXT: ${{ inputs.project-context }}

.github/workflows/sonar-dotnet-8.yaml

@@ -0,0 +1,87 @@
+on:
+  workflow_call:
+    inputs:
+
+      project-name:
+        description: "Name of the dotnet project to scan."
+        required: true
+        type: string
+
+      project-file:
+        description: "Path to the csproj file relative to the project-context."
+        required: true
+        type: string
+
+      project-context:
+        description: "Path to the root dir of the project."
+        default: '.'
+        type: string
+
+      sonar-url:
+        description: "URL of the sonarqube sever."
+        required: true
+        type: string
+
+    secrets:
+
+      sonar-token:
+        description: "Authentication token for sonarqube."
+        required: true
+
+jobs:
+  scan:
+    runs-on:
+      labels: [self-hosted, linux, x64]
+      group: sonar
+
+    steps:
+      - name: clone repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: determine project version
+        id: version
+        uses: actions/[email protected]
+        with:
+          script: |
+            var inputs = ${{ toJSON(inputs) }};
+            var ref = "${{ github.ref_name }}";
+            
+            if (context.eventName === "push") {
+              // On push to tag use the tag as the version
+              var version = `${ref}`;
+              console.log(`version: ${version}`);
+              core.setOutput("version", version);
+            }
+            else if (context.eventName === "pull_request") {
+              // On pr use pr number
+              var pr = context.payload.number;
+              var version = `pr-${pr}`;
+              console.log(`version: ${version}`);
+              core.setOutput("version", version);
+            }
+
+      - name: scan project
+        run: |
+          docker run --rm -v $(pwd):/repo -w "/repo/$PROJECT_CONTEXT" $SONAR_IMAGE \
+            bash -c " \
+              dotnet /sonar-scanner/SonarScanner.MSBuild.dll begin \
+                /d:sonar.scanner.skipJreProvisioning=true \
+                /d:sonar.scanner.javaExePath=/usr/bin/java \
+                /k:$PROJECT_NAME /name:$PROJECT_NAME \
+                /v:$PROJECT_VERSION \
+                /d:sonar.host.url=$SONAR_URL \
+                /d:sonar.token=$SONAR_TOKEN && \
+              dotnet restore $PROJECT_FILE && \
+              dotnet build $PROJECT_FILE -c Release && \
+              dotnet /sonar-scanner/SonarScanner.MSBuild.dll end \
+                /d:sonar.token=$SONAR_TOKEN"
+        env:
+          SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet-8:1.0.0
+          PROJECT_NAME: ${{ inputs.project-name }}
+          PROJECT_FILE: ${{ inputs.project-file }}
+          PROJECT_CONTEXT: ${{ inputs.project-context }}
+          PROJECT_VERSION: ${{ steps.version.outputs.version }}
+          SONAR_URL: ${{ inputs.sonar-url }}
+          SONAR_TOKEN: ${{ secrets.sonar-token }}