Skip to content
SonarCloud Analysis

SonarCloud Analysis #296

Sign in to view logs

SonarCloud Analysis

SonarCloud Analysis #296

Workflow file for this run

.github/workflows/sonarcloud-analysis.yml at f88174b
# SPDX-FileCopyrightText: 2026 Alliander N.V.
#
# SPDX-License-Identifier: Apache-2.0
name: SonarCloud Analysis
on:
workflow_run:
workflows: [SonarCloud Build]
types: [completed]
jobs:
sonar-check:
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion == 'success'
timeout-minutes: 15
permissions:
contents: read
actions: read
pull-requests: read
steps:
- name: Download PR number artifact
if: github.event.workflow_run.event == 'pull_request'
uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
with:
workflow: SonarCloud Build
run_id: ${{ github.event.workflow_run.id }}
name: PR_NUMBER
- name: Read PR_NUMBER.txt
if: github.event.workflow_run.event == 'pull_request'
id: pr_number
uses: juliangruber/read-file-action@271ff311a4947af354c6abcd696a306553b9ec18 # v1
with:
path: ./PR_NUMBER.txt
- name: Request GitHub API for PR data
if: github.event.workflow_run.event == 'pull_request'
uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0
id: get_pr_data
with:
route: GET /repos/${{ github.event.repository.full_name }}/pulls/${{ steps.pr_number.outputs.content }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Extract PR data
if: github.event.workflow_run.event == 'pull_request'
id: pr_data
env:
PR_JSON: ${{ steps.get_pr_data.outputs.data }}
run: |
echo "pr_head_ref=$(echo "$PR_JSON" | jq -r '.head.ref')" >> "$GITHUB_OUTPUT"
echo "pr_number=$(echo "$PR_JSON" | jq -r '.number')" >> "$GITHUB_OUTPUT"
echo "pr_base_ref=$(echo "$PR_JSON" | jq -r '.base.ref')" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
repository: ${{ github.event.repository.full_name }}
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
submodules: "true"
- name: Checkout base branch
if: github.event.workflow_run.event == 'pull_request'
env:
CLONE_URL: ${{ github.event.repository.clone_url }}
BASE_REF: ${{ steps.pr_data.outputs.pr_base_ref }}
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
run: |
git remote add upstream "$CLONE_URL"
git fetch upstream
git checkout -B "$BASE_REF" "upstream/$BASE_REF"
git checkout -B "$HEAD_BRANCH" "origin/$HEAD_BRANCH"
git clean -ffdx && git reset --hard HEAD
- name: Cache SonarCloud packages
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Download coverage artifact
uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
with:
workflow: SonarCloud Build
run_id: ${{ github.event.workflow_run.id }}
name: coverage
path: coverage/
- name: Analyze (Pull Request)
if: ${{ github.event.workflow_run.event == 'pull_request' }}
uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 #v8.1.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.pullrequest.branch=${{ steps.pr_data.outputs.pr_head_ref }}
-Dsonar.pullrequest.key=${{ steps.pr_data.outputs.pr_number }}
-Dsonar.pullrequest.base=${{ steps.pr_data.outputs.pr_base_ref }}
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
- name: Analyze (Push)
if: ${{ github.event.workflow_run.event == 'push' }}
uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 #v8.1.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}