-
Notifications
You must be signed in to change notification settings - Fork 13
45 lines (39 loc) · 1.47 KB
/
sonar-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Sonar Scan
on:
push:
branches:
- main
- 'agora/**'
- 'iatlas/**'
- 'openchallenges/**'
- 'sage-monorepo/**'
- 'schematic/**'
pull_request_target:
types: [opened, synchronize, reopened, labeled]
jobs:
sonar:
runs-on: ubuntu-latest
steps:
- name: Check if the label `sonar-scan-approved` exists (PR only)
if: ${{ github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'sonar-scan-approved') != true }}
run: |
echo "WARNING: Please consider if this PR can be trusted with advanced privileges."
echo "If yes, add the label 'sonar-scan-approved' to this PR to enable Sonar scan."
exit 1
- uses: actions/checkout@v4
name: Checkout
with:
# We need to fetch all branches and commits so that Nx affected has a base to compare
# against.
fetch-depth: 0
- name: Derive appropriate SHAs for base and head for `nx affected` commands
uses: nrwl/nx-set-shas@v4
- name: Set up the dev container
env:
SONAR_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
uses: ./.github/actions/setup-dev-container
- name: Scan the affected projects with Sonar
run: |
devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
&& nx affected --target=sonar"