forked from arjungautam1/fullstack-frontend
-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (129 loc) · 8.92 KB
/
code-scan-sonarcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
# Workflow syntax for GitHub Actions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
# SonarCloud: https://sonarcloud.io/
# CI analysis while Automatic Analysis must be disabled for successful execution of this workflow https://docs.sonarcloud.io/advanced-setup/automatic-analysis/#conflict-with-ci-based-analysis
name: Scan Code with SonarCloud
# Events: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
on:
# Run workflow on push except for ignored branches and paths
push:
paths-ignore:
- '**.md' # Ignore documentation changes
- '.github/**(!code-scan-sonarcloud.yml)' # Ignore other workflow changes
# Run workflow on pull request
pull_request: # By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened
# Run a single job at a time: https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
permissions:
contents: read
jobs:
sonarcloud:
# Run job when not triggered by a merge
if: (github.event_name == 'push' && contains(toJSON(github.event.head_commit.message), 'Merge pull request ') == false) || (github.event_name != 'push')
runs-on: ubuntu-latest # GitHub-hosted runners: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
# Set Job-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
permissions:
pull-requests: read # Allow SonarCloud to get pull request details
environment: sonarcloud # Use `sonarcloud` repository environment
steps:
# Workaround for the absence of github.branch_name, use github-env-vars-action to define useful environment variables not available by default
- uses: FranzDiebold/github-env-vars-action@v2 # https://github.com/marketplace/actions/github-environment-variables-action
- name: Checkout repository
uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: Cache SonarCloud dependencies
uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions
with:
path: |
~/.sonar/cache
key: sonarcloud-${{ github.repository_id }}
- name: SonarCloud Scan via Github Action
uses: sonarsource/[email protected] # https://github.com/marketplace/actions/sonarcloud-scan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
with:
projectBaseDir: src
args: >
-Dsonar.organization=${{ env.CI_REPOSITORY_OWNER }}
-Dsonar.projectKey=${{ env.CI_REPOSITORY_OWNER }}_${{ env.CI_REPOSITORY_NAME }}
# In case you need to override default settings
# - name: Analyze with SonarCloud
# uses: sonarsource/[email protected]
# with:
# projectBaseDir: my-custom-directory
# args: >
# -Dsonar.organization=my-organization
# -Dsonar.projectKey=my-projectkey
# -Dsonar.python.coverage.reportPaths=coverage.xml
# -Dsonar.sources=lib/
# -Dsonar.test.exclusions=tests/**
# -Dsonar.tests=tests/
# -Dsonar.verbose=true
# # SonarCloud GitHub Action fails when a NPM project is detected and recommends usage of NPM Sonar plugin
# - name: SonarCloud Scan via NPM (${{ github.event_name }})
# if: github.event_name != 'pull_request'
# # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_demoapp-frontend
# # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment
# run: |
# mvn -B verify \
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \
# -Drevision=${{ env.CI_ACTION_REF_NAME }} \
# -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \
# -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \
# -Dmaven.test.skip=true \
# -Ddockerfile.skip=true
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment
# # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
# # SonarCloud GitHub Action fails when a NPM project is detected and recommends usage of NPM Sonar plugin
# - name: SonarCloud Scan via NPM (pull_request)
# if: github.event_name == 'pull_request'
# # Get SONAR_ORGANIZATION and SONAR_PROJECT_KEY from https://sonarcloud.io/project/information?id=paul-gilber_demoapp-frontend
# # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# # SONAR_PROJECT_KEY must be defined in `sonarcloud` repository environment
# run: |
# mvn -B verify \
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \
# -Drevision=${{ env.CI_ACTION_REF_NAME }} \
# -Dsonar.organization=${{ vars.SONAR_ORGANIZATION }} \
# -Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }} \
# -Dsonar.pullrequest.provider=GitHub \
# -Dsonar.pullrequest.github.repository=${{ github.repository }} \
# -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \
# -Dsonar.pullrequest.branch=${{ github.head_ref }} \
# -Dsonar.pullrequest.base=${{ github.base_ref }} \
# -Dmaven.test.skip=true \
# -Ddockerfile.skip=true
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment
# # SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/
# In case you need to override default settings
# - name: SonarCloud Scan via NPM
# run: |
# mvn -B verify \
# org.sonarsource.scanner.npm:sonar-npm-plugin:sonar \
# -Dmaven.test.skip=true \
# -Ddockerfile.skip=true \
# -Dsonar.organization=my-organization \
# -Dsonar.projectKey=my-projectkey \
# -Dsonar.python.coverage.reportPaths=coverage.xml \
# -Dsonar.sources=lib/ \
# -Dsonar.test.exclusions=tests/** \
# -Dsonar.tests=tests/ \
# -Dsonar.verbose=true
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is a special secret automatically generated by GitHub: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
# SONAR_ORGANIZATION: ${{ vars.SONAR_ORGANIZATION }} # SONAR_ORGANIZATION must be defined in `sonarcloud` repository environment
# SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }} # SONAR_HOST_URL must be defined in `sonarcloud` repository environment
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN must be defined in `sonarcloud` repository environment. SonarCloud access token should be generated from https://sonarcloud.io/account/security/