diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index a4f5cb4..87d3b8f 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -11,12 +11,67 @@ permissions: {} jobs: sonarqube: name: 🩻 SonarQube - if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group' - uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop + runs-on: ubuntu-24.04 + if: | + github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.event != 'merge_group' permissions: actions: read statuses: write id-token: write # sonar - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }} + steps: + # We create the status here and then update it to success/failure in the `report` stage + # This provides an easy link to this workflow_run from the PR before Sonarcloud is done. + - uses: guibranco/github-status-action-v2@119b3320db3f04d89e91df840844b92d57ce3468 + with: + authToken: ${{ secrets.GITHUB_TOKEN }} + state: pending + context: ${{ github.workflow }} / SonarCloud (${{ github.event.workflow_run.event }} => ${{ github.event_name }}) + sha: ${{ github.event.workflow_run.head_sha }} + target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + + - name: "🧮 Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + - name: 📥 Download artifact + uses: actions/download-artifact@v4 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + run-id: ${{ github.event.workflow_run.id }} + name: coverage + path: . + + - id: extra_args + run: | + coverage=$(find . -type f -name 'lcov.info' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g') + echo "sonar.javascript.lcov.reportPaths=$coverage" >> sonar-project.properties + reports=$(find . -type f -name 'sonar-report.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g') + echo "sonar.testExecutionReportPaths=$reports" >> sonar-project.properties + synapseCoverage=$(find . -type f -name 'coverage.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g') + + - name: "🩻 SonarCloud Scan" + id: sonarcloud + uses: matrix-org/sonarcloud-workflow-action@v3.3 + # workflow_run fails report against the develop commit always, we don't want that for PRs + continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }} + with: + skip_checkout: true + repository: ${{ github.event.workflow_run.head_repository.full_name }} + is_pr: ${{ github.event.workflow_run.event == 'pull_request' }} + version_cmd: "cat package.json | jq -r .version" + branch: ${{ github.event.workflow_run.head_branch }} + revision: ${{ github.event.workflow_run.head_sha }} + token: ${{ secrets.SONAR_TOKEN }} + + - uses: guibranco/github-status-action-v2@119b3320db3f04d89e91df840844b92d57ce3468 + if: always() + with: + authToken: ${{ secrets.GITHUB_TOKEN }} + state: ${{ steps.sonarcloud.outcome == 'success' && 'success' || 'failure' }} + context: ${{ github.workflow }} / SonarCloud (${{ github.event.workflow_run.event }} => ${{ github.event_name }}) + sha: ${{ github.event.workflow_run.head_sha }} + target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}