MetaMask · cmd-ob · May 4, 2025 · May 4, 2025 · May 4, 2025 · May 4, 2025
@@ -103,6 +103,17 @@ jobs:
           is-high-risk-environment: false
       - run: yarn test:scripts
       - run: yarn workspace ${{ matrix.package-name }} run test
+      - name: Transform package name
+        id: transform-package-name
+        run: |
+          echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT"
+        shell: bash
+      - name: Upload coverage reports
+        if: matrix.node-version == '22.x'
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }}
+          path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage/lcov.info
       - name: Require clean working directory
         shell: bash
         run: |

@@ -40,6 +40,13 @@ jobs:
     needs: check-workflows
     uses: ./.github/workflows/lint-build-test.yml
 
+  sonarcloud:
+    name: Sonar Analysis
+    needs: lint-build-test
+    uses: ./.github/workflows/sonarcloud.yml
+    permissions:
+      pull-requests: write
+
   is-release:
     name: Determine whether this is a release merge commit
     needs: lint-build-test
@@ -78,6 +85,7 @@ jobs:
     needs:
       - analyse-code
       - lint-build-test
+      - sonarcloud
     outputs:
       passed: ${{ steps.set-output.outputs.passed }}
     steps:

@@ -0,0 +1,60 @@
+name: SonarCloud Analysis
+
+on:
+  workflow_call:
+
+jobs:
+  prepare:
+    name: Prepare
+    runs-on: ubuntu-latest
+    outputs:
+      child-workspace-package-names: ${{ steps.workspace-package-names.outputs.child-workspace-package-names }}
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: false
+      - name: Fetch workspace package names
+        id: workspace-package-names
+        run: |
+          echo "child-workspace-package-names=$(yarn workspaces list --no-private --json | jq --slurp --raw-output 'map(.name) | @json')" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+  sonar:
+    name: SonarCloud Analysis
+    runs-on: ubuntu-latest
+    needs: prepare
+    strategy:
+      matrix:
+        package-name: ${{ fromJson(needs.prepare.outputs.child-workspace-package-names) }}
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: false
+      - name: Transform package name
+        id: transform-package-name
+        run: |
+          echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT"
+        shell: bash
+      - name: Download coverage reports
+        uses: actions/download-artifact@v4
+        with:
+          name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }}
+          path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@5875562561d22a34be0c657405578705a169af6c
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          projectBaseDir: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}
+          args: >
+            -Dsonar.organization=consensys
+            -Dsonar.projectKey=${{ matrix.package-name }}
+            -Dsonar.sources=src
+            -Dsonar.tests=src,test
+            -Dsonar.test.inclusions=**/*.test.ts
+            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
+            -Dsonar.coverage.exclusions=**/*.test.ts
+            -Dsonar.coverage.minimum=80