mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-02-21 00:17:05 +01:00
3d7eb040ab
# Description of Changes Please provide a summary of the changes, including: This update changes the workflow trigger for SonarQube from using the `pull_request` event to `pull_request_target` for the "main" branch. By doing so, the workflow runs in the context of the base repository, ensuring that the required secrets (like `SONAR_TOKEN`) are available during execution—even when analyzing code from forked repositories. This change enables full Sonar analysis for PRs from forks while being mindful of potential security implications. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details.
64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
name: Run Sonarqube
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request_target:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
pull-requests: read
|
|
actions: read
|
|
|
|
jobs:
|
|
sonarqube:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Gradle
|
|
uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
|
|
|
|
- name: Build and analyze with Gradle
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
DOCKER_ENABLE_SECURITY: true
|
|
STIRLING_PDF_DESKTOP_UI: true
|
|
run: |
|
|
./gradlew clean build sonar \
|
|
-Dsonar.projectKey=Stirling-Tools_Stirling-PDF \
|
|
-Dsonar.organization=stirling-tools \
|
|
-Dsonar.host.url=https://sonarcloud.io \
|
|
-Dsonar.login=${SONAR_TOKEN} \
|
|
-Dsonar.log.level=DEBUG \
|
|
--info
|
|
|
|
- name: Upload Problems Report on Failure
|
|
if: failure()
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
name: gradle-problems-report
|
|
path: build/reports/problems/problems-report.html
|
|
retention-days: 7
|
|
|
|
- name: Upload Sonar Logs on Failure
|
|
if: failure()
|
|
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
|
|
with:
|
|
name: sonar-logs
|
|
path: |
|
|
.scannerwork/report-task.txt
|
|
build/sonar/
|
|
retention-days: 7
|