Bump github/codeql-action from 2.22.5 to 3.23.2 #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Workflow syntax for GitHub Actions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
# SonarCloud: https://sonarcloud.io/ | |
# CI analysis while Automatic Analysis must be disabled for successful execution of this workflow https://docs.sonarcloud.io/advanced-setup/automatic-analysis/#conflict-with-ci-based-analysis | |
name: Scan Code with SonarCloud | |
# Events: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows | |
on: | |
# Run workflow on push except for ignored branches and paths | |
push: | |
paths-ignore: | |
- '**.md' # Ignore documentation changes | |
- '.github/**(!code-scan-sonarcloud.yml)' # Ignore other workflow changes | |
# Run workflow on pull request | |
pull_request: # By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened | |
# Run a single job at a time: https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
# Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
permissions: | |
contents: read | |
jobs: | |
sonarcloud: | |
# Run job when not triggered by a merge | |
if: (github.event_name == 'push' && contains(toJSON(github.event.head_commit.message), 'Merge pull request ') == false) || (github.event_name != 'push') | |
runs-on: ubuntu-latest # GitHub-hosted runners: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources | |
# Set Job-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
permissions: | |
pull-requests: read # Allow SonarCloud to get pull request details | |
environment: sonarcloud # Use `sonarcloud` repository environment | |
steps: | |
# Workaround for the absence of github.branch_name, use github-env-vars-action to define useful environment variables not available by default | |
- uses: FranzDiebold/github-env-vars-action@v2 # https://github.com/marketplace/actions/github-environment-variables-action | |
- name: Checkout repository | |
uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting | |
fetch-depth: 0 | |
- name: Cache SonarCloud dependencies | |
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions | |
with: | |
path: | | |
~/.sonar/cache | |
key: sonarcloud-${{ github.repository_id }} | |
- name: SonarCloud Scan via Github Action | |
uses: sonarsource/[email protected] # https://github.com/marketplace/actions/sonarcloud-scan | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
with: | |
projectBaseDir: src | |
args: > | |
-Dsonar.organization=${{ env.CI_REPOSITORY_OWNER }} | |
-Dsonar.projectKey=${{ env.CI_REPOSITORY_OWNER }}_${{ env.CI_REPOSITORY_NAME }} | |
# In case you need to override default settings | |
# - name: Analyze with SonarCloud | |
# uses: sonarsource/[email protected] | |
# with: | |
# projectBaseDir: my-custom-directory | |
# args: > | |
# -Dsonar.organization=my-organization | |
# -Dsonar.projectKey=my-projectkey | |
# -Dsonar.python.coverage.reportPaths=coverage.xml | |
# -Dsonar.sources=lib/ | |
# -Dsonar.test.exclusions=tests/** | |
# -Dsonar.tests=tests/ | |
# -Dsonar.verbose=true | |
# # SonarCloud GitHub Action fails when a NPM project is detected and recommends usage of NPM Sonar plugin | |
# - name: SonarCloud Scan via NPM (${{ github.event_name }}) | |
# if: github.event_name != 'pull_request' | |
# # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_demoapp-frontend | |
# # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
# # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment | |
# run: | | |
# mvn -B verify \ | |
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \ | |
# -Drevision=${{ env.CI_ACTION_REF_NAME }} \ | |
# -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \ | |
# -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \ | |
# -Dmaven.test.skip=true \ | |
# -Ddockerfile.skip=true | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment | |
# # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
# # SonarCloud GitHub Action fails when a NPM project is detected and recommends usage of NPM Sonar plugin | |
# - name: SonarCloud Scan via NPM (pull_request) | |
# if: github.event_name == 'pull_request' | |
# # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_demoapp-frontend | |
# # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
# # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment | |
# run: | | |
# mvn -B verify \ | |
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \ | |
# -Drevision=${{ env.CI_ACTION_REF_NAME }} \ | |
# -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \ | |
# -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \ | |
# -Dsonar.pullrequest.provider=GitHub \ | |
# -Dsonar.pullrequest.github.repository=${{ github.repository }} \ | |
# -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \ | |
# -Dsonar.pullrequest.branch=${{ github.head_ref }} \ | |
# -Dsonar.pullrequest.base=${{ github.base_ref }} \ | |
# -Dmaven.test.skip=true \ | |
# -Ddockerfile.skip=true | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment | |
# # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ | |
# In case you need to override default settings | |
# - name: SonarCloud Scan via NPM | |
# run: | | |
# mvn -B verify \ | |
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \ | |
# -Dmaven.test.skip=true \ | |
# -Ddockerfile.skip=true \ | |
# -Dsonar.organization=my-organization \ | |
# -Dsonar.projectKey=my-projectkey \ | |
# -Dsonar.python.coverage.reportPaths=coverage.xml \ | |
# -Dsonar.sources=lib/ \ | |
# -Dsonar.test.exclusions=tests/** \ | |
# -Dsonar.tests=tests/ \ | |
# -Dsonar.verbose=true | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
# SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment | |
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment | |
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/ |