Skip to content

Commit

Permalink
ci: run sonarcloud via pull_request_target (#43)
Browse files Browse the repository at this point in the history
`on.pull_request` executes the workflow out of a forked repository. This means the `SONAR_TOKEN` secret will not be available and therefore the workflow will fail.
By changing it to `on.pull_request_target`, the workflow definition (and code) from the trusted original repository is run and the secret will be available.

see https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/

Co-authored-by: Mohamed Chiheb Ben Jemaa <[email protected]>
  • Loading branch information
pborn-ionos and mcbenjemaa authored Dec 18, 2023
1 parent 8f39b1a commit db85b48
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 6 deletions.
44 changes: 44 additions & 0 deletions .github/workflows/code-qa-sonarcloud.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Code QA - SonarCloud

on:
push:
branches:
- main
pull_request_target:
types:
- opened
- synchronize
- reopened
branches:
- main
paths-ignore:
- '.github/**'

jobs:
sonarcloud:
runs-on: ubuntu-latest

steps:
# If triggered by a push to **our** repository, we can directly checkout the code.
- name: Checkout branch ${{ github.ref }}
if: ${{ github.event_name == 'push' }}
uses: actions/[email protected]
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0

# If triggered by a PR, we have to check out the PR's source
- name: Checkout (preview) merge commit for PR ${{ github.event.pull_request.number }}
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/[email protected]
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}

- name: SonarCloud Scan
uses: SonarSource/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
6 changes: 0 additions & 6 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,3 @@ jobs:
go-version-file: go.mod
- name: Run tests
run: "make test"

- name: SonarCloud Scan
uses: SonarSource/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

0 comments on commit db85b48

Please sign in to comment.