Skip to content

SONAR-23408 Run FOSSA analysis #252

SONAR-23408 Run FOSSA analysis

SONAR-23408 Run FOSSA analysis #252

Workflow file for this run

on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
name: Main Workflow
jobs:
next:
runs-on: ubuntu-latest
permissions:
id-token: write
pull-requests: read
contents: read
steps:
- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- id: secrets
uses: SonarSource/[email protected]
with:
secrets: |
development/kv/data/next token | sq_next_token;
- name: SonarQube Next Scan
uses: sonarsource/sonarqube-scan-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).sq_next_token }}
SONAR_HOST_URL: https://next.sonarqube.com/sonarqube/