Skip to content

PR Scan

PR Scan #35

Workflow file for this run

name: PR Scan
on:
workflow_run:
workflows: ["PR Buid/Test"]
types: [completed]
jobs:
sonar-scan:
runs-on: macos-12
if: github.event.workflow_run.conclusion == 'success'
steps:
- name: Install Tools
run: |
brew install sonar-scanner
env:
HOMEBREW_NO_INSTALL_CLEANUP: 1
- name: Get PR Info
uses: potiuk/get-workflow-origin@v1_5
id: pr_info
with:
token: ${{ secrets.GITHUB_TOKEN }}
sourceRunId: ${{ github.event.workflow_run.id }}
- name: Checkout PR
uses: actions/checkout@v3
with:
ref: ${{ steps.pr_info.outputs.mergeCommitSha }}
fetch-depth: 0
- name: Download Build
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let buildResultsArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "build-results"
})[0];
let buildResultsDownload = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: buildResultsArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/build-results.tar.gz`, Buffer.from(buildResultsDownload.data));
- name: Extract Build Results
run: tar -xzf build-results.tar.gz
- name: Sonar Scanner
run: |
sonar-scanner -Dsonar.scm.revision=${{ steps.pr_info.outputs.sourceHeadSha }} -Dsonar.pullrequest.key=${{ steps.pr_info.outputs.pullRequestNumber }} -Dsonar.pullrequest.branch=${{ steps.pr_info.outputs.sourceHeadBranch }} -Dsonar.pullrequest.base=${{ steps.pr_info.outputs.targetBranch }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}