GitHub-Bitwarden
/
gh-actions
mirror of https://github.com/bitwarden/gh-actions.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
360 Commits
42 Branches
3 Tags
38 MiB
 
 
 
 
 
Branch: agalles/fix-actions
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'agalles/fix-actions'
${ noResults }
gh-actions/.github/workflows/_sonar.yml

160 lines
5.9 KiB
Raw Permalink Blame History

name: Scan with Sonar
on:
workflow_call:
inputs:
sonar-config:
description: "Configuration for Sonar"
type: string
default: "default"
sonar-sources:
type: string
sonar-tests:
type: string
sonar-test-inclusions:
type: string
sonar-exclusions:
type: string
secrets:
AZURE_SUBSCRIPTION_ID:
required: true
AZURE_TENANT_ID:
required: true
AZURE_CLIENT_ID:
required: true
permissions: {}
jobs:
quality:
name: Quality scan
runs-on: ubuntu-24.04
permissions:
contents: read
pull-requests: write
id-token: write
steps:
- name: Check out repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false
- name: Log in to Azure
uses: bitwarden/gh-actions/azure-login@main
with:
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
client_id: ${{ secrets.AZURE_CLIENT_ID }}
- name: Get Azure Key Vault secrets
id: get-kv-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: gh-org-bitwarden
secrets: "SONAR-TOKEN"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Scan with Sonar
if: inputs.sonar-config == 'default'
uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
env:
SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
with:
args: >
"-Dsonar.organization=${{ github.repository_owner }}"
"-Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}"
${{ contains(github.event_name, 'pull_request') && format('"-Dsonar.pullrequest.key={0}"', github.event.pull_request.number) || '' }}
${{ inputs.sonar-test-inclusions != '' && format('"-Dsonar.test.inclusions={0}"', inputs.sonar-test-inclusions) || '' }}
${{ inputs.sonar-exclusions != '' && format('"-Dsonar.exclusions={0}"', inputs.sonar-exclusions) || '' }}
${{ inputs.sonar-sources != '' && format('"-Dsonar.sources={0}"', inputs.sonar-sources) || '' }}
${{ inputs.sonar-tests != '' && format('"-Dsonar.tests={0}"', inputs.sonar-tests) || '' }}
- name: Set up Java
if: inputs.sonar-config == 'maven' || inputs.sonar-config == 'dotnet'
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
java-version: 17
distribution: "zulu"
- name: Set up .NET
if: inputs.sonar-config == 'dotnet'
uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
- name: Install Sonar scanner
if: inputs.sonar-config == 'dotnet'
run: dotnet tool install dotnet-sonarscanner -g
- name: Scan with Sonar
if: inputs.sonar-config == 'dotnet'
env:
_SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
_REPOSITORY_NAME: ${{ github.event.repository.name }}
_REPOSITORY_OWNER: ${{ github.repository_owner }}
_SONAR_TEST_INCLUSIONS: ${{ inputs.sonar-test-inclusions }}
_SONAR_EXCLUSIONS: ${{ inputs.sonar-exclusions }}
_SONAR_SOURCES: ${{ inputs.sonar-sources }}
_SONAR_TESTS: ${{ inputs.sonar-tests }}
_PULL_REQUEST_KEY: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || '' }}
run: |
set -euo pipefail
ARGS=()
if [ -n "${_PULL_REQUEST_KEY}" ]; then
ARGS+=("/d:sonar.pullrequest.key=${_PULL_REQUEST_KEY}")
fi
if [ -n "${_SONAR_TEST_INCLUSIONS}" ]; then
ARGS+=("/d:sonar.test.inclusions=${_SONAR_TEST_INCLUSIONS}")
fi
if [ -n "${_SONAR_EXCLUSIONS}" ]; then
ARGS+=("/d:sonar.exclusions=${_SONAR_EXCLUSIONS}")
fi
if [ -n "${_SONAR_SOURCES}" ]; then
ARGS+=("-Dsonar.sources=${_SONAR_SOURCES}")
fi
if [ -n "${_SONAR_TESTS}" ]; then
ARGS+=("-Dsonar.tests=${_SONAR_TESTS}")
fi
dotnet-sonarscanner begin \
/k:"${_REPOSITORY_OWNER}_${_REPOSITORY_NAME}" \
/o:"${_REPOSITORY_OWNER}" \
/d:sonar.token="${_SONAR_TOKEN}" \
/d:sonar.host.url="https://sonarcloud.io" \
"${ARGS[@]}"
dotnet build
dotnet-sonarscanner end /d:sonar.token="${_SONAR_TOKEN}"
- name: Scan with Sonar
if: inputs.sonar-config == 'maven'
env:
_SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
_SONAR_TEST_INCLUSIONS: ${{ inputs.sonar-test-inclusions }}
_SONAR_EXCLUSIONS: ${{ inputs.sonar-exclusions }}
_SONAR_SOURCES: ${{ inputs.sonar-sources }}
_SONAR_TESTS: ${{ inputs.sonar-tests }}
_PULL_REQUEST_KEY: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || '' }}
run: |
set -euo pipefail
ARGS=()
if [ -n "${_SONAR_TEST_INCLUSIONS}" ]; then
ARGS+=("-Dsonar.test.inclusions=${_SONAR_TEST_INCLUSIONS}")
fi
if [ -n "${_SONAR_EXCLUSIONS}" ]; then
ARGS+=("-Dsonar.exclusions=${_SONAR_EXCLUSIONS}")
fi
if [ -n "${_SONAR_SOURCES}" ]; then
ARGS+=("-Dsonar.sources=${_SONAR_SOURCES}")
fi
if [ -n "${_SONAR_TESTS}" ]; then
ARGS+=("-Dsonar.tests=${_SONAR_TESTS}")
fi
if [ -n "${_PULL_REQUEST_KEY}" ]; then
ARGS+=("-Dsonar.pullrequest.key=${_PULL_REQUEST_KEY}")
fi
mvn clean install -Dgpg.skip=true sonar:sonar "${ARGS[@]}"