# Must only be called from a workflow_run in the context of the upstream repo name: SonarCloud on: workflow_call: secrets: SONAR_TOKEN: required: true ELEMENT_BOT_TOKEN: required: true inputs: sharded: type: boolean required: false description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact" jobs: sonarqube: runs-on: ubuntu-latest if: | github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group' steps: # We create the status here and then update it to success/failure in the `report` stage # This provides an easy link to this workflow_run from the PR before Sonarcloud is done. - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1 with: authToken: ${{ secrets.GITHUB_TOKEN }} state: pending context: ${{ github.workflow }} / SonarCloud (${{ github.event.workflow_run.event }} => ${{ github.event_name }}) sha: ${{ github.event.workflow_run.head_sha }} target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - name: "🧮 Checkout code" uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 with: repository: ${{ github.event.workflow_run.head_repository.full_name }} ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: 📥 Download artifact uses: actions/download-artifact@v4 if: ${{ !inputs.sharded }} with: github-token: ${{ secrets.ELEMENT_BOT_TOKEN }} run-id: ${{ github.event.workflow_run.id }} name: coverage path: coverage - name: 📥 Download sharded artifacts uses: actions/download-artifact@v4 if: inputs.sharded with: github-token: ${{ secrets.ELEMENT_BOT_TOKEN }} run-id: ${{ github.event.workflow_run.id }} pattern: coverage-* path: coverage merge-multiple: true - id: extra_args run: | coverage=$(find coverage -type f -name '*lcov.info' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g') echo "sonar.javascript.lcov.reportPaths=$coverage" >> sonar-project.properties reports=$(find coverage -type f -name 'jest-sonar-report*.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g') echo "sonar.testExecutionReportPaths=$reports" >> sonar-project.properties - name: "🩻 SonarCloud Scan" id: sonarcloud uses: matrix-org/sonarcloud-workflow-action@v3.2 # workflow_run fails report against the develop commit always, we don't want that for PRs continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }} with: skip_checkout: true repository: ${{ github.event.workflow_run.head_repository.full_name }} is_pr: ${{ github.event.workflow_run.event == 'pull_request' }} version_cmd: "cat package.json | jq -r .version" branch: ${{ github.event.workflow_run.head_branch }} revision: ${{ github.event.workflow_run.head_sha }} token: ${{ secrets.SONAR_TOKEN }} - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1 if: always() with: authToken: ${{ secrets.GITHUB_TOKEN }} state: ${{ steps.sonarcloud.outcome == 'success' && 'success' || 'failure' }} context: ${{ github.workflow }} / SonarCloud (${{ github.event.workflow_run.event }} => ${{ github.event_name }}) sha: ${{ github.event.workflow_run.head_sha }} target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}