Skip to content

Commit

Permalink
ci(FS-7045): Update sonarqube-scan.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
jwsapienza committed Jan 30, 2024
1 parent d3b1ff4 commit 89f1936
Showing 1 changed file with 77 additions and 0 deletions.
77 changes: 77 additions & 0 deletions .github/workflows/sonarqube-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
###
# Foundation-security SonarQube workflow
# version: 2.1
###
name: Foundation-Security/SonarQube Scan

on:
push:
tags:
- "**"
branches:
- "*main*"
- "*master*"
- "*STABLE*"
pull_request:
types: [opened, synchronize, reopened]
branches:
- "**"
workflow_dispatch:
inputs:
ref:
description: "Branch to scan"
required: true
default: "main"

jobs:
SonarQube-Scan:
name: SonarQube Scan Job
if: ${{ github.actor != 'dependabot[bot]' }}
permissions:
id-token: write
contents: read
runs-on: ubuntu-22.04
steps:
- name: Checkout source repository for dispatch runs
id: checkout-source-dispatch
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ inputs.ref }}
path: source
token: ${{ secrets.GH_SLONIK }}

- name: Checkout source repository for non-dispatch runs
id: checkout-source
if: github.event_name != 'workflow_dispatch'
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.ref }}
path: source
token: ${{ secrets.GH_SLONIK }}

- name: Checkout foundation-security repository
id: checkout-foundation-security
uses: actions/checkout@v4
with:
repository: EnterpriseDB/foundation-security
ref: v2
path: foundation-security
token: ${{ secrets.GH_SLONIK }}

- name: SonarQube Scan
id: call-sq-composite
uses: ./foundation-security/actions/sonarqube
with:
github-token: ${{ secrets.GH_SLONIK }}
github-ref: ${{ github.ref_name }}
sonarqube-url: ${{ vars.SQ_URL }}
sonarqube-token: ${{ secrets.SONARQUBE_TOKEN }}
project-name: ${{ github.event.repository.name }}
pull-request-key: ${{ github.event.number }}
pull-request-branch: ${{ github.head_ref }}
pull-request-base-branch: ${{ github.base_ref }}
foundation-security-sonarqube-token: ${{ secrets.FOUNDATION_SECURITY_SONARQUBE_TOKEN }}
cloudsmith-token: ${{ secrets.CLOUDSMITH_READ_ALL }}

0 comments on commit 89f1936

Please sign in to comment.