-
Notifications
You must be signed in to change notification settings - Fork 4
89 lines (75 loc) · 2.81 KB
/
sonarcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
on:
push:
branches:
- main
release:
types:
- published
pull_request_target: # This exposes repo secrets to PR, so manual approval via authorize job is enforced via 'external' environment.
workflow_dispatch:
name: sonarcloud
env:
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_NOLOGO: true
dotnet-version: |
8.0.x
7.0.x
6.0.x
5.0.x
3.1.x
2.1.x
jobs:
# Blog https://iterative.ai/blog/testing-external-contributions-using-github-actions-secrets
authorize:
environment:
${{ (github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository) &&
'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: echo ✓
analysis:
needs: authorize
runs-on: ubuntu-latest
steps:
- uses: actions/setup-dotnet@v3
with:
dotnet-version: ${{ env.dotnet-version }}
- run: dotnet --info
- uses: actions/setup-node@v3
with:
node-version: 18
- uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "17"
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
fetch-depth: 0
- name: Install Sonar scanner
run: dotnet tool install --global dotnet-sonarscanner
- name: Install Coverlet
run: |
find ./test -type f -name "*Tests.csproj" -exec dotnet add "{}" package coverlet.msbuild \;
- name: Set env
run: |
echo "GITHUB_REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
echo "SONAR_PROJECT_KEY=${GITHUB_REPOSITORY_OWNER}_${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
echo "SONAR_ORG_KEY=${GITHUB_REPOSITORY_OWNER}" >> $GITHUB_ENV
- name: SonarCloud PR config
if: github.event_name == 'pull_request_target'
run: |
echo "SONAR_PR_ARGS=\
/d:sonar.pullrequest.key=${{ github.event.pull_request.number }} \
/d:sonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} \
/d:sonar.pullrequest.base=${{ github.event.pull_request.base.ref }} \
/d:sonar.scm.revision=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
- name: Analyze with SonarCloud
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
dotnet sonarscanner begin /k:"$SONAR_PROJECT_KEY" /o:"$SONAR_ORG_KEY" /d:sonar.host.url=https://sonarcloud.io /d:sonar.token="$SONAR_TOKEN" /d:sonar.cs.opencover.reportsPaths="**/*opencover.xml" $SONAR_PR_ARGS
dotnet test -c Release /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:ExcludeByFile="test/**/*.cs"
dotnet sonarscanner end /d:sonar.token="$SONAR_TOKEN"