diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 000000000..de926f2ea --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,69 @@ +name: Sonar +on: + workflow_run: + workflows: [Validate PR] + types: [completed] +jobs: + sonar: + name: Sonar + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' + steps: + - name: Download PR number artifact + if: github.event.workflow_run.event == 'pull_request' + uses: dawidd6/action-download-artifact@v2 + with: + workflow: Validate PR + run_id: ${{ github.event.workflow_run.id }} + name: PR_NUMBER + - name: Read PR_NUMBER.txt + if: github.event.workflow_run.event == 'pull_request' + id: pr_number + uses: juliangruber/read-file-action@v1 + with: + path: ./PR_NUMBER.txt + - name: Request GitHub API for PR data + if: github.event.workflow_run.event == 'pull_request' + uses: octokit/request-action@v2.x + id: get_pr_data + with: + route: GET /repos/{full_name}/pulls/{number} + number: ${{ steps.pr_number.outputs.content }} + full_name: ${{ github.event.repository.full_name }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@v3 + with: + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} + fetch-depth: 0 + - name: Checkout base branch + if: github.event.workflow_run.event == 'pull_request' + run: | + git remote add upstream ${{ github.event.repository.clone_url }} + git fetch upstream + git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} + git checkout ${{ github.event.workflow_run.head_branch }} + git clean -ffdx && git reset --hard HEAD + - name: SonarCloud Scan on PR + if: github.event.workflow_run.event == 'pull_request' + uses: sonarsource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + args: > + -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} + -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} + -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} + -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} + - name: SonarCloud Scan on push + if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.event.repository.full_name + uses: sonarsource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + args: > + -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} + -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }} diff --git a/.github/workflows/validate-pr.yml b/.github/workflows/validate-pr.yml index f627e4eaf..8f7618ecc 100644 --- a/.github/workflows/validate-pr.yml +++ b/.github/workflows/validate-pr.yml @@ -44,3 +44,14 @@ jobs: /tmp/result.md - name: Upload job summary run: cat /tmp/result.md >> $GITHUB_STEP_SUMMARY + - name: Save PR number to file + if: github.event_name == 'pull_request' + run: echo ${{ github.event.number }} > PR_NUMBER.txt + - name: Archive PR number + if: github.event_name == 'pull_request' + uses: actions/upload-artifact@v3 + with: + name: PR_NUMBER + path: PR_NUMBER.txt + + diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 000000000..a4713829d --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,12 @@ +sonar.projectKey=open-vsx_publish-extensions +sonar.organization=open-vsx + +# This is the name and version displayed in the SonarCloud UI. +#sonar.projectName=publish-extensions +#sonar.projectVersion=1.0 + +# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. +#sonar.sources=. + +# Encoding of the source code. Default is default system encoding +#sonar.sourceEncoding=UTF-8