Michael Telatynski
5d0e2efaf3
* Add zizmor CI & make it happy Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix additional zizmor warning Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
27 lines
959 B
YAML
27 lines
959 B
YAML
name: SonarQube
|
|
on:
|
|
# Privilege escalation necessary to call upon SonarCloud
|
|
# 🚨 We must not execute any checked out code here.
|
|
workflow_run: # zizmor: ignore[dangerous-triggers]
|
|
workflows: ["Tests"]
|
|
types:
|
|
- completed
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch }}
|
|
cancel-in-progress: true
|
|
permissions: {}
|
|
jobs:
|
|
sonarqube:
|
|
name: 🩻 SonarQube
|
|
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group'
|
|
permissions:
|
|
actions: read
|
|
statuses: write
|
|
id-token: write # sonar
|
|
uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop # zizmor: ignore[unpinned-uses]
|
|
secrets:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
|
|
with:
|
|
sharded: true
|