Sonar for PRs #260
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sonar for PRs | |
| on: | |
| workflow_run: | |
| workflows: ['PRs'] | |
| types: [completed] | |
| jobs: | |
| sonar: | |
| name: Sonar | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| if: github.event.workflow_run.conclusion == 'success' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.workflow_run.head_repository.full_name }} | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| fetch-depth: 0 | |
| - name: Debug Workflow Info | |
| run: | | |
| echo "Workflow Run ID: ${{ github.event.workflow_run.id }}" | |
| echo "Workflow Head SHA: ${{ github.event.workflow_run.head_sha }}" | |
| echo "Current SHA: ${{ github.sha }}" | |
| echo "Head Branch: ${{ github.event.workflow_run.head_branch }}" | |
| echo "Repository: ${{ github.event.workflow_run.head_repository.full_name }}" | |
| # Output raw context for additional details | |
| echo "=== Raw Context ===" | |
| echo "Workflow Head SHA: ${{ github.event.workflow_run }}" | |
| - name: 'Raw Context' | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| JSON.stringify(${{ github.event.workflow_run }}, null, 2) | |
| # Download reports | |
| - name: 'Download reports' | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| async function downloadArtifact(artifactName) { | |
| console.log(`Looking for artifact: ${artifactName}`); | |
| let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| run_id: context.payload.workflow_run.id, | |
| }); | |
| console.log('Available artifacts:', allArtifacts.data.artifacts.map(a => a.name)); | |
| let matchArtifact = allArtifacts.data.artifacts.find((artifact) => { | |
| return artifact.name === artifactName; | |
| }); | |
| if (!matchArtifact) { | |
| throw new Error(`Artifact "${artifactName}" not found!`); | |
| } | |
| let download = await github.rest.actions.downloadArtifact({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| artifact_id: matchArtifact.id, | |
| archive_format: 'zip', | |
| }); | |
| let fs = require('fs'); | |
| fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/${artifactName}.zip`, Buffer.from(download.data)); | |
| return artifactName; | |
| } | |
| // Download both artifacts | |
| await Promise.all([ | |
| downloadArtifact('ngx-deploy-npm-coverage-report'), | |
| downloadArtifact('lint-report') | |
| ]); | |
| - name: 'Extract reports' | |
| run: | | |
| # Extract coverage report | |
| mkdir -p coverage/packages/ngx-deploy-npm | |
| unzip ngx-deploy-npm-coverage-report.zip -d coverage/packages/ngx-deploy-npm | |
| # Extract lint report | |
| mkdir -p reports | |
| unzip lint-report.zip -d reports | |
| - name: SonarCloud Scan | |
| uses: SonarSource/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONARQUBE_SCANNER }} | |
| with: | |
| args: > | |
| -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} | |
| -Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }} | |
| -Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }} | |
| -Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }} |