Add sonar workflow (#294)

* Create sonar.yml * Update sonar.yml * Upload coverage artifact * Update sonar.yml * Upload coverage only once
matchish · Dec 21, 2024 · e935c0d · e935c0d
1 parent 030a394
commit e935c0d
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 5 deletions.
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -0,0 +1,54 @@
+name: Sonar Analysis
+on:
+  workflow_run:
+    workflows: ["Test application"]
+    types:
+      - completed
+
+jobs:
+  sonar:
+    name: SonarQube Analysis
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+
+      - name: Download code coverage
+        uses: actions/github-script@v6
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "code-coverage"
+            })[0];
+            let download = await github.rest.actions.downloadArtifact({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              artifact_id: matchArtifact.id,
+              archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/code-coverage.zip`, Buffer.from(download.data));
+
+      - name: Extract coverage report
+        run: unzip code-coverage.zip
+
+      - name: SonarQube Scan
+        uses: SonarSource/[email protected]
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+            -Dsonar.coverage.jacoco.xmlReportPaths=coverage.xml
+            ${{ github.event.workflow_run.pull_requests != null && format('-Dsonar.pullrequest.key={0}', github.event.workflow_run.pull_requests[0].number) || '' }}
+            ${{ github.event.workflow_run.pull_requests != null && format('-Dsonar.pullrequest.branch={0}', github.event.workflow_run.pull_requests[0].head.ref) || '' }}
+            ${{ github.event.workflow_run.pull_requests != null && format('-Dsonar.pullrequest.base={0}', github.event.workflow_run.pull_requests[0].base.ref) || '' }}
diff --git a/.github/workflows/test-application.yaml b/.github/workflows/test-application.yaml
@@ -73,9 +73,12 @@ jobs:
                     DB_USERNAME: root
                     ELASTICSEARCH_HOST: '127.0.0.1:9200'
 
-            -   name: SonarCloud Scan
-                uses: SonarSource/sonarcloud-github-action@master
-                env:
-                  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            - name: Upload coverage results
+              uses: actions/upload-artifact@v4
+              if: matrix.php-version == '8.3'
+              with:
+                  name: coverage-report
+                  path: coverage.xml
+                  retention-days: 1
+                  compression-level: 9