@@ -50,16 +50,33 @@ jobs:
5050 sarif_file : trivy-results.sarif
5151
5252 codeql :
53- name : CodeQL
53+ name : RustAnalize
5454 runs-on : ubuntu-latest
5555 steps :
5656 - name : Checkout repository
5757 uses : actions/checkout@v4
58- - name : Initialize CodeQL
59- uses : github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
58+
59+ - name : Install cargo-llvm-cov
60+ uses : taiki-e/install-action@cargo-llvm-cov
61+
62+ - name : Install Clippy
63+ run : rustup component add clippy
64+
65+ - name : Install cargo-sonar and run Clippy
66+ run : |
67+ cargo install cargo-sonar
68+ cargo clippy --message-format json > my-clippy-report.json
69+ cargo sonar --issues clippy --clippy-path my-clippy-report.json
70+
71+ name : Generate code coverage
72+ run : cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
73+
74+ - name : SonarCloud Scan
75+ uses : SonarSource/sonarcloud-github-action@master
76+ env :
77+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
78+ SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
6079 with :
61- languages : rust
62- - name : Autobuild
63- uses : github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
64- - name : Perform CodeQL Analysis
65- uses : github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
80+ args : >
81+ -Dsonar.externalIssuesReportPaths=sonar-issues.json
82+ -Dcommunity.rust.lcov.reportPaths=lcov.info
0 commit comments