-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: run sonarcloud via pull_request_target (#43)
`on.pull_request` executes the workflow out of a forked repository. This means the `SONAR_TOKEN` secret will not be available and therefore the workflow will fail. By changing it to `on.pull_request_target`, the workflow definition (and code) from the trusted original repository is run and the secret will be available. see https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ Co-authored-by: Mohamed Chiheb Ben Jemaa <[email protected]>
- Loading branch information
1 parent
8f39b1a
commit db85b48
Showing
2 changed files
with
44 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
name: Code QA - SonarCloud | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request_target: | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
branches: | ||
- main | ||
paths-ignore: | ||
- '.github/**' | ||
|
||
jobs: | ||
sonarcloud: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
# If triggered by a push to **our** repository, we can directly checkout the code. | ||
- name: Checkout branch ${{ github.ref }} | ||
if: ${{ github.event_name == 'push' }} | ||
uses: actions/[email protected] | ||
with: | ||
# Disabling shallow clone is recommended for improving relevancy of reporting | ||
fetch-depth: 0 | ||
|
||
# If triggered by a PR, we have to check out the PR's source | ||
- name: Checkout (preview) merge commit for PR ${{ github.event.pull_request.number }} | ||
if: ${{ github.event_name == 'pull_request_target' }} | ||
uses: actions/[email protected] | ||
with: | ||
# Disabling shallow clone is recommended for improving relevancy of reporting | ||
fetch-depth: 0 | ||
repository: ${{ github.event.pull_request.head.repo.full_name }} | ||
ref: ${{ github.event.pull_request.head.ref }} | ||
|
||
- name: SonarCloud Scan | ||
uses: SonarSource/[email protected] | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | ||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,9 +24,3 @@ jobs: | |
go-version-file: go.mod | ||
- name: Run tests | ||
run: "make test" | ||
|
||
- name: SonarCloud Scan | ||
uses: SonarSource/[email protected] | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | ||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |