Skip to content

Sonar analysis

Sonar analysis #235

Workflow file for this run

name: Sonar analysis
on:
push:
pull_request_target:
types: [opened, synchronize, reopened, labeled]
# Please read https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ before editing this file
permissions: read-all
concurrency:
group: sonar-${{ github.ref }}
cancel-in-progress: true
jobs:
run-sonar:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup java 17
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
with:
distribution: temurin
java-version: 17
- name: Install LLVM and Clang
uses: ./.github/actions/install-llvm
with:
version: "15"
- name: Analyze in push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
if: env.SONAR_TOKEN != '' && github.event_name == 'push'
uses: gradle/gradle-build-action@40b6781dcdec2762ad36556682ac74e31030cfe2 # v2.5.1
with:
arguments: build jacocoTestReport sonar --stacktrace --info --max-workers 2 --no-daemon -Dorg.gradle.jvmargs=-XX:MaxMetaspaceSize=512m
- name: Checkout source branch
if: github.event_name == 'pull_request_target'
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
persist-credentials: false
- name: Analyze in PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
if: env.SONAR_TOKEN != '' && github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'Ready to test')
uses: gradle/gradle-build-action@40b6781dcdec2762ad36556682ac74e31030cfe2 # v2.5.1
with:
arguments: build jacocoTestReport sonar --info --max-workers 2 --no-daemon -Dorg.gradle.jvmargs=-XX:MaxMetaspaceSize=512m -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}