on:
  push:
    branches:
      - master
  pull_request:
    branches: [ "main" ]
  workflow_dispatch:

permissions:
  pull-requests: read
  actions: read
name: Run Sonarqube
jobs:
  sonarqube:
    runs-on: ubuntu-latest
    steps:


      - name: Harden Runner
        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
        with:
          egress-policy: audit

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0 

      - name: Set up JDK
        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Build and analyze with Gradle
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          DOCKER_ENABLE_SECURITY: true
          STIRLING_PDF_DESKTOP_UI: true
        run: |
          ./gradlew clean build sonar \
            -Dsonar.projectKey=Stirling-Tools_Stirling-PDF \
            -Dsonar.organization=stirling-tools \
            -Dsonar.host.url=https://sonarcloud.io \
            -Dsonar.log.level=DEBUG \
            --info

      - name: Upload Problems Report on Failure
        if: failure()
        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        with:
          name: gradle-problems-report
          path: build/reports/problems/problems-report.html
          retention-days: 7

      - name: Upload Sonar Logs on Failure
        if: failure()
        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        with:
          name: sonar-logs
          path: |
            .scannerwork/report-task.txt
            build/sonar/
          retention-days: 7