Skip to content

SonarCloud Scan (PRs triggered by maven.yml) #5080

SonarCloud Scan (PRs triggered by maven.yml)

SonarCloud Scan (PRs triggered by maven.yml) #5080

Workflow file for this run

name: SonarCloud Scan (PRs triggered by maven.yml)
on:
workflow_run:
workflows:
- Build
types:
- completed
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
get-info:
name: "Get information about the source run"
runs-on: ubuntu-latest
if: ${{ github.actor != 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success' }}
outputs:
sourceHeadRepo: ${{ steps.source-run-info.outputs.sourceHeadRepo }}
sourceHeadBranch: ${{ steps.source-run-info.outputs.sourceHeadBranch }}
sourceHeadSha: ${{ steps.source-run-info.outputs.sourceHeadSha }}
mergeCommitSha: ${{ steps.source-run-info.outputs.mergeCommitSha }}
targetCommitSha: ${{ steps.source-run-info.outputs.targetCommitSha }}
pullRequestNumber: ${{ steps.source-run-info.outputs.pullRequestNumber }}
pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }}
targetBranch: ${{ steps.source-run-info.outputs.targetBranch }}
sourceEvent: ${{ steps.source-run-info.outputs.sourceEvent }}
steps:
- name: "Get information about the origin 'CI' run"
uses: potiuk/get-workflow-origin@v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
sourceRunId: ${{ github.event.workflow_run.id }}
sonar:
name: SonarCloud Scan
runs-on: ubuntu-latest
if: ${{ needs.get-info.outputs.sourceEvent == 'pull_request' && github.actor != 'dependabot[bot]' && github.event.workflow_run.conclusion == 'success' }}
needs: get-info
steps:
- uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 21
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build and analyze (PR)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: >
mvn
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ needs.get-info.outputs.pullRequestNumber }}
-Dsonar.pullrequest.branch=${{ needs.get-info.outputs.sourceHeadBranch }}
-Dsonar.pullrequest.base=${{ needs.get-info.outputs.pullRequestNumber }}
-U -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar