44 lines
1.3 KiB
YAML
44 lines
1.3 KiB
YAML
name: SonarQube Analysis
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
project_key:
|
|
type: string
|
|
required: true
|
|
wait_for_quality_gate:
|
|
type: string
|
|
required: false
|
|
default: 'false'
|
|
|
|
secrets:
|
|
SONARQUBE_HOST:
|
|
required: true
|
|
SONARQUBE_TOKEN:
|
|
required: true
|
|
|
|
jobs:
|
|
sonarqube:
|
|
runs-on: ubuntu-latest
|
|
|
|
container:
|
|
image: sonarsource/sonar-scanner-cli:12.0.0.3214_8.0.1
|
|
options: --user root
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
|
|
# Pass URL/token via env (scanner reads SONAR_HOST_URL / SONAR_TOKEN). Keeps secrets out of
|
|
# the rewritten run script and avoids WDIPL-Runner still resolving wrong secret names in -D lines.
|
|
- name: Run SonarQube Scan
|
|
env:
|
|
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
|
|
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
|
run: |
|
|
sonar-scanner \
|
|
-Dsonar.projectKey=${{ inputs.project_key }} \
|
|
-Dsonar.projectName=${{ inputs.project_key }} \
|
|
-Dsonar.sources=. \
|
|
-Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
|
|
-Dsonar.qualitygate.wait=${{ inputs.wait_for_quality_gate == true || inputs.wait_for_quality_gate == 'true' }} |