.github/workflows/sonar.yml

name: Sonarqube

on:
  workflow_run:
    workflows: ["Build and test"]
    types:
      - completed

jobs:
  sonar:
    name: Sonar
    if: github.event.workflow_run.conclusion == 'success'
    runs-on: ubuntu-latest

    steps:
    - name: Checkout develop or PR branch
      uses: actions/checkout@v4
      with:
        repository: ${{ github.event.workflow_run.head_repository.full_name }}
        ref: ${{ github.event.workflow_run.head_branch }}
        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of Sonar analysis
    - name: Setup JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: 17
        distribution: 'temurin'
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@v3

    - name: Cache SonarCloud packages
      uses: actions/cache@v4
      with:
        path: ~/.sonar/cache
        key: ${{ runner.os }}-sonar-${{ hashFiles('build.gradle') }}

    - name: Download sonar artifact
      uses: actions/download-artifact@v4
      with:
        name: sonar-artifact
        run-id: ${{ github.event.workflow_run.id }}
        github-token: ${{ secrets.GITHUB_TOKEN }}
        merge-multiple: true
    - name: Extract sonar artifact
      run: |
        tar -xf sonar.tar
        echo "PR_NUMBER=$(sed '1q;d' PR_EVENT.txt)" >> "$GITHUB_ENV"
        echo "PR_HEAD_REF=$(sed '2q;d' PR_EVENT.txt)" >> "$GITHUB_ENV"
        echo "PR_BASE_REF=$(sed '3q;d' PR_EVENT.txt)" >> "$GITHUB_ENV"
  
    - name: Analyze with sonarqube (push develop)
      if: github.event.workflow_run.event == 'push'
      run: ./gradlew --info sonar
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    - name: Analyze with sonarqube (PR)
      if: github.event.workflow_run.event == 'pull_request'
      run: >
        ./gradlew --info sonar
          -Dsonar.scm.provider=git
          -Dsonar.pullrequest.key=${{ env.PR_NUMBER }}
          -Dsonar.pullrequest.branch=${{ env.PR_HEAD_REF }}
          -Dsonar.pullrequest.base=${{ env.PR_BASE_REF }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}