pgadmin4/.github/workflows/sonarqube-scan.yml

59 lines
1.7 KiB
YAML

# This workflow requires the following configuration in Github
#
# Variables:
# SONARQUBE_PROJECT_KEY - The project key in SonarQube
#
# Secrets:
# SONARQUBE_TOKEN - SonarQube API token
# SONARQUBE_HOST - The URL of the SonarQube host
name: SonarQube scan
on:
push:
branches: [ "master" ]
concurrency:
group: sonarqube
cancel-in-progress: false
jobs:
run-sonarqube-scan:
# Only run if the project key is set
if: vars.SONARQUBE_PROJECT_KEY != null
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create the scan properties file
run: |
cat <<EOF > sonar-project.properties
sonar.projectKey=${{ vars.SONARQUBE_PROJECT_KEY }}
sonar.projectName=pgAdmin 4
sonar.projectVersion=%VERSION%
# Ignore templates and SQL scripts as they confuse the scanner
sonar.exclusions=**/templates/**/*, **/*.sql
# Let SonarQube know where tests can be found
sonar.test.inclusions=**/tests/**, web/regression
# Python compatibility
sonar.python.version=3.7, 3.8, 3.9, 3.10, 3.11
EOF
APP_RELEASE=`grep "^APP_RELEASE" web/config.py | cut -d"=" -f2 | sed 's/ //g'`
APP_REVISION=`grep "^APP_REVISION" web/config.py | cut -d"=" -f2 | sed 's/ //g'`
APP_LONG_VERSION=${APP_RELEASE}.${APP_REVISION}
sed -i "s/%VERSION%/${APP_LONG_VERSION}/g" sonar-project.properties
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}