in-repo PR [pull_request new-branch] #104

Summary
Jobs
- sonar
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Sonarcloud Scan
	run-name: "${{ fromJSON(inputs.event).display_title }} [${{ fromJSON(inputs.event).event }} ${{ fromJSON(inputs.event).head_branch }}]"

	on:
	workflow_dispatch:
	inputs:
	event:
	type: string
	required: true

	jobs:
	sonar:
	runs-on: ubuntu-latest
	container: docker.io/ogdf/clang:15
	if: fromJSON(inputs.event).conclusion == 'success'
	steps:
	- name: "Add link to trigger workflow to summary"
	run: >
	echo 'Trigger: [${{ fromJSON(inputs.event).display_title }}
	[${{ fromJSON(inputs.event).event }}
	${{ fromJSON(inputs.event).head_branch }}]](
	${{ fromJSON(inputs.event).html_url }})' >> $GITHUB_STEP_SUMMARY
	- name: Dump GitHub context
	env:
	GITHUB_CONTEXT: ${{ toJson(github) }}
	STEPS_CONTEXT: ${{ toJson(steps) }}
	RUNNER_CONTEXT: ${{ toJson(runner) }}
	STRATEGY_CONTEXT: ${{ toJson(strategy) }}
	run: \|
	env

	- name: "Add workspace as a safe directory in containers"
	run: git config --system --add safe.directory $GITHUB_WORKSPACE
	- name: Download Artifacts
	uses: actions/download-artifact@v4
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	run-id: ${{ fromJSON(inputs.event).id }}
	repository: ${{ fromJSON(inputs.event).repository.full_name }}

	- name: Get PR Metadata
	if: fromJSON(inputs.event).event == 'pull_request'
	id: pr-info
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const fs = require('fs');
	const pr_number = Number(fs.readFileSync('static-analysis/PR-NUMBER'));
	core.setOutput("pr-number", pr_number);
	const { data: pr_meta } = await github.rest.pulls.get({
	owner: '${{ fromJSON(inputs.event).repository.owner.login }}',
	repo: '${{ fromJSON(inputs.event).repository.name }}',
	pull_number: pr_number,
	});
	console.log(pr_meta);
	if ('${{ fromJSON(inputs.event).head_commit.id }}' != pr_meta.head.sha) {
	core.setFailed('Triggering workflow commit sha does not match claimed PR head commit sha!');
	}
	core.setOutput("base-ref", pr_meta.base.ref);
	return pr_meta;
	- name: Dump GitHub context with PR Metadata
	if: fromJSON(inputs.event).event == 'pull_request'
	env:
	GITHUB_CONTEXT: ${{ toJson(github) }}
	STEPS_CONTEXT: ${{ toJson(steps) }}
	RUNNER_CONTEXT: ${{ toJson(runner) }}
	STRATEGY_CONTEXT: ${{ toJson(strategy) }}
	run: \|
	env

	# PR runs are against a synthetic merge commit ontop of the to-be-merged branch's head
	# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
	- run: \|
	ls -al *
	- name: Checkout repository at PR base branch
	if: fromJSON(inputs.event).event == 'pull_request'
	uses: actions/checkout@v4
	with:
	ref: refs/pull/${{ steps.pr-info.outputs.pr-number }}/merge
	fetch-depth: 0
	path: 'checkout'
	- name: Checkout repository branch
	if: fromJSON(inputs.event).event != 'pull_request'
	uses: actions/checkout@v4
	with:
	ref: ${{ fromJSON(inputs.event).head_branch }}
	fetch-depth: 0
	path: 'checkout'
	- name: Ensure sonar config from master is used
	run: \|
	ls -al *
	mv checkout/* checkout/.* .
	ls -al *
	rmdir checkout
	git checkout origin/${{ github.ref_name }} -- sonar-project.properties
	git status
	ls -al *

	- name: Install sonar-scanner
	uses: SonarSource/sonarcloud-github-c-cpp@v3
	with:
	cache-binaries: false

	- name: SonarCloud Scan
	run: >
	sonar-scanner
	-Dsonar.links.ci=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
	-Dproject.settings=sonar-project.properties
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

in-repo PR [pull_request new-branch] #104

Workflow file

in-repo PR [pull_request new-branch] #104

Jobs

Run details

Workflow file for this run