name: Run Sonarqube on: push: branches: - master pull_request_target: branches: - main workflow_dispatch: # cancel in-progress jobs if a new job is triggered # This is useful to avoid running multiple builds for the same branch if a new commit is pushed # or a pull request is updated. # It helps to save resources and time by ensuring that only the latest commit is built and tested # This is particularly useful for long-running jobs that may take a while to complete. # The `group` is set to a combination of the workflow name, event name, and branch name. # This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of # in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened. concurrency: group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref_name || github.ref }} cancel-in-progress: true permissions: pull-requests: read actions: read jobs: sonarqube: runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 - name: Setup Gradle uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Build and analyze with Gradle env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} DISABLE_ADDITIONAL_FEATURES: false STIRLING_PDF_DESKTOP_UI: true run: | ./gradlew clean build sonar \ -Dsonar.projectKey=Stirling-Tools_Stirling-PDF \ -Dsonar.organization=stirling-tools \ -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.login=${SONAR_TOKEN} \ -Dsonar.log.level=DEBUG \ --info - name: Upload Problems Report on Failure if: failure() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: gradle-problems-report path: build/reports/problems/problems-report.html retention-days: 7 - name: Upload Sonar Logs on Failure if: failure() uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: sonar-logs path: | .scannerwork/report-task.txt build/sonar/ retention-days: 7