diff --git a/.github/workflows/release-sonar-dotnet-workflow.yaml b/.github/workflows/release-sonar-dotnet-7-workflow.yaml similarity index 58% rename from .github/workflows/release-sonar-dotnet-workflow.yaml rename to .github/workflows/release-sonar-dotnet-7-workflow.yaml index 808a6911..3e13bab2 100644 --- a/.github/workflows/release-sonar-dotnet-workflow.yaml +++ b/.github/workflows/release-sonar-dotnet-7-workflow.yaml @@ -1,4 +1,4 @@ -name: Release Sonar DotNet Scan Workflow +name: Release Sonar DotNet 7 Scan Workflow on: pull_request: @@ -6,14 +6,14 @@ on: - opened - synchronize paths: - - '.github/workflows/release-sonar-dotnet-workflow.yaml' - - '.github/workflows/sonar-dotnet.yaml' + - '.github/workflows/release-sonar-dotnet-7-workflow.yaml' + - '.github/workflows/sonar-dotnet-7.yaml' push: branches: - main paths: - - '.github/workflows/release-sonar-dotnet-workflow.yaml' - - '.github/workflows/sonar-dotnet.yaml' + - '.github/workflows/release-sonar-dotnet-7-workflow.yaml' + - '.github/workflows/sonar-dotnet-7.yaml' permissions: actions: read @@ -27,9 +27,9 @@ concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} jobs: - sonar-dotnet: + sonar-dotnet-7: uses: ./.github/workflows/pr-and-release-repo.yaml with: - job-name: sonar-dotnet + job-name: sonar-dotnet-7 comment-release: true - release-tag-format: 'v${version}-sonar-dotnet' + release-tag-format: 'v${version}-sonar-dotnet-7' diff --git a/.github/workflows/release-sonar-dotnet-8-workflow.yaml b/.github/workflows/release-sonar-dotnet-8-workflow.yaml new file mode 100644 index 00000000..84417eea --- /dev/null +++ b/.github/workflows/release-sonar-dotnet-8-workflow.yaml @@ -0,0 +1,35 @@ +name: Release Sonar DotNet 8 Scan Workflow + +on: + pull_request: + types: + - opened + - synchronize + paths: + - '.github/workflows/release-sonar-dotnet-8-workflow.yaml' + - '.github/workflows/sonar-dotnet-8.yaml' + push: + branches: + - main + paths: + - '.github/workflows/release-sonar-dotnet-8-workflow.yaml' + - '.github/workflows/sonar-dotnet-8.yaml' + +permissions: + actions: read + contents: write + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # Cancel early on pull requests if new commits are added, + # Don't cancel on release pushes + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + sonar-dotnet-8: + uses: ./.github/workflows/pr-and-release-repo.yaml + with: + job-name: sonar-dotnet-8 + comment-release: true + release-tag-format: 'v${version}-sonar-dotnet-8' diff --git a/.github/workflows/sonar-dotnet.yaml b/.github/workflows/sonar-dotnet-7.yaml similarity index 99% rename from .github/workflows/sonar-dotnet.yaml rename to .github/workflows/sonar-dotnet-7.yaml index 0e8674e8..4ffaa990 100644 --- a/.github/workflows/sonar-dotnet.yaml +++ b/.github/workflows/sonar-dotnet-7.yaml @@ -78,7 +78,7 @@ jobs: dotnet /sonar-scanner/SonarScanner.MSBuild.dll end \ /d:sonar.token=$SONAR_TOKEN" env: - SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet:2.0.0 + SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet-7:2.0.1 PROJECT_NAME: ${{ inputs.project-name }} PROJECT_FILE: ${{ inputs.project-file }} PROJECT_CONTEXT: ${{ inputs.project-context }} diff --git a/.github/workflows/sonar-dotnet-8.yaml b/.github/workflows/sonar-dotnet-8.yaml new file mode 100644 index 00000000..71ed716c --- /dev/null +++ b/.github/workflows/sonar-dotnet-8.yaml @@ -0,0 +1,87 @@ +on: + workflow_call: + inputs: + + project-name: + description: "Name of the dotnet project to scan." + required: true + type: string + + project-file: + description: "Path to the csproj file relative to the project-context." + required: true + type: string + + project-context: + description: "Path to the root dir of the project." + default: '.' + type: string + + sonar-url: + description: "URL of the sonarqube sever." + required: true + type: string + + secrets: + + sonar-token: + description: "Authentication token for sonarqube." + required: true + +jobs: + scan: + runs-on: + labels: [self-hosted, linux, x64] + group: sonar + + steps: + - name: clone repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: determine project version + id: version + uses: actions/github-script@v7.0.1 + with: + script: | + var inputs = ${{ toJSON(inputs) }}; + var ref = "${{ github.ref_name }}"; + + if (context.eventName === "push") { + // On push to tag use the tag as the version + var version = `${ref}`; + console.log(`version: ${version}`); + core.setOutput("version", version); + } + else if (context.eventName === "pull_request") { + // On pr use pr number + var pr = context.payload.number; + var version = `pr-${pr}`; + console.log(`version: ${version}`); + core.setOutput("version", version); + } + + - name: scan project + run: | + docker run --rm -v $(pwd):/repo -w "/repo/$PROJECT_CONTEXT" $SONAR_IMAGE \ + bash -c " \ + dotnet /sonar-scanner/SonarScanner.MSBuild.dll begin \ + /d:sonar.scanner.skipJreProvisioning=true \ + /d:sonar.scanner.javaExePath=/usr/bin/java \ + /k:$PROJECT_NAME /name:$PROJECT_NAME \ + /v:$PROJECT_VERSION \ + /d:sonar.host.url=$SONAR_URL \ + /d:sonar.token=$SONAR_TOKEN && \ + dotnet restore $PROJECT_FILE && \ + dotnet build $PROJECT_FILE -c Release && \ + dotnet /sonar-scanner/SonarScanner.MSBuild.dll end \ + /d:sonar.token=$SONAR_TOKEN" + env: + SONAR_IMAGE: harbor.ukserp.ac.uk/github-workflows/sonar-dotnet-8:1.0.0 + PROJECT_NAME: ${{ inputs.project-name }} + PROJECT_FILE: ${{ inputs.project-file }} + PROJECT_CONTEXT: ${{ inputs.project-context }} + PROJECT_VERSION: ${{ steps.version.outputs.version }} + SONAR_URL: ${{ inputs.sonar-url }} + SONAR_TOKEN: ${{ secrets.sonar-token }}