Refactor build workflow and add SonarCloud analysis

- Rename the file `gitleaks.yml` to `build.yml` for clarity. - Update the workflow name from "gitleaks" to "Build". - Modify the event triggers to include pull request events of types: opened, synchronize, reopened. - Add a new job named "sonarcloud" for SonarCloud analysis. - Configure SonarCloud steps to checkout code and perform the scan.
vechain · Oct 25, 2023 · 199fd8b · 199fd8b
1 parent 4952501
commit 199fd8b
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 18 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,32 @@
+name: Build
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  gitleaks:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
+
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml