Merge pull request #5819 from microsoft/security/pipeline-type #13015
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Sonarcloud | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
[ | |
"abstractions/**", | |
"authentication/**", | |
"serialization/**", | |
"http/**", | |
"**.md", | |
".vscode/**", | |
"**.svg", | |
"vscode/**", | |
] | |
pull_request: | |
types: [opened, synchronize, reopened] | |
paths: | |
[ | |
"!abstractions/**", | |
"!authentication/**", | |
"!serialization/**", | |
"!http/**", | |
"!**.md", | |
"!.vscode/**", | |
"!**.svg", | |
"!vscode/**", | |
] | |
permissions: | |
contents: read | |
pull-requests: read | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
jobs: | |
checksecret: | |
name: check if SONAR_TOKEN is set in github secrets | |
runs-on: ubuntu-latest | |
outputs: | |
is_SONAR_TOKEN_set: ${{ steps.checksecret_job.outputs.is_SONAR_TOKEN_set }} | |
steps: | |
- name: Check whether unity activation requests should be done | |
id: checksecret_job | |
run: | | |
echo "is_SONAR_TOKEN_set=${{ env.SONAR_TOKEN != '' }}" >> $GITHUB_OUTPUT | |
build: | |
needs: [checksecret] | |
if: needs.checksecret.outputs.is_SONAR_TOKEN_set == 'true' | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: "adopt" | |
java-version: 17 | |
- name: Setup .NET | |
uses: actions/setup-dotnet@v4 | |
with: # At the moment the scanner requires dotnet 5 https://www.nuget.org/packages/dotnet-sonarscanner | |
dotnet-version: | | |
5.x | |
8.x | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Install SonarCloud scanner | |
run: dotnet tool install dotnet-sonarscanner --create-manifest-if-needed | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
CollectCoverage: true | |
CoverletOutputFormat: "opencover" # https://github.com/microsoft/vstest/issues/4014#issuecomment-1307913682 | |
shell: pwsh | |
run: | | |
dotnet tool run dotnet-sonarscanner begin /k:"microsoft_kiota" /o:"microsoft" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="tests/**/coverage.opencover.xml" | |
dotnet build | |
dotnet test kiota.sln --no-build --verbosity normal /p:CollectCoverage=true /p:CoverletOutputFormat=opencover | |
dotnet tool run dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" |