Add SonarCloud to repository (#720)

.github/workflows/sonar.yml

@@ -0,0 +1,69 @@
+name: Sonar
+on:
+  workflow_run:
+    workflows: [Validate PR]
+    types: [completed]
+jobs:
+  sonar:
+    name: Sonar
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+    steps:
+    - name: Download PR number artifact
+      if: github.event.workflow_run.event == 'pull_request'
+      uses: dawidd6/action-download-artifact@v2
+      with:
+        workflow: Validate PR
+        run_id: ${{ github.event.workflow_run.id }}
+        name: PR_NUMBER
+    - name: Read PR_NUMBER.txt
+      if: github.event.workflow_run.event == 'pull_request'
+      id: pr_number
+      uses: juliangruber/read-file-action@v1
+      with:
+        path: ./PR_NUMBER.txt
+    - name: Request GitHub API for PR data
+      if: github.event.workflow_run.event == 'pull_request'
+      uses: octokit/[email protected]
+      id: get_pr_data
+      with:
+        route: GET /repos/{full_name}/pulls/{number}
+        number: ${{ steps.pr_number.outputs.content }}
+        full_name: ${{ github.event.repository.full_name }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - uses: actions/checkout@v3
+      with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+    - name: Checkout base branch
+      if: github.event.workflow_run.event == 'pull_request'
+      run: |
+        git remote add upstream ${{ github.event.repository.clone_url }}
+        git fetch upstream
+        git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
+        git checkout ${{ github.event.workflow_run.head_branch }}
+        git clean -ffdx && git reset --hard HEAD
+    - name: SonarCloud Scan on PR
+      if: github.event.workflow_run.event == 'pull_request'
+      uses: sonarsource/sonarcloud-github-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      with:
+        args: >
+          -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+          -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }}
+          -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }}
+          -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
+    - name: SonarCloud Scan on push
+      if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.event.repository.full_name
+      uses: sonarsource/sonarcloud-github-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      with:
+        args: >
+          -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+          -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}

.github/workflows/validate-pr.yml

@@ -44,3 +44,14 @@ jobs:
             /tmp/result.md
       - name: Upload job summary
         run: cat /tmp/result.md >> $GITHUB_STEP_SUMMARY
+      - name: Save PR number to file
+        if: github.event_name == 'pull_request'
+        run: echo ${{ github.event.number }} > PR_NUMBER.txt
+      - name: Archive PR number
+        if: github.event_name == 'pull_request'
+        uses: actions/upload-artifact@v3
+        with:
+          name: PR_NUMBER
+          path: PR_NUMBER.txt
+
+

sonar-project.properties

@@ -0,0 +1,12 @@
+sonar.projectKey=open-vsx_publish-extensions
+sonar.organization=open-vsx
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=publish-extensions
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+#sonar.sources=.
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8