.github/workflows/audit.yml

name: Audit

permissions:
  actions: read
  contents: read

on:
  workflow_run:
    workflows: ["Build"]
    types:
      - completed

jobs:
  audit:
    runs-on: ubuntu-latest

    defaults:
      run:
        working-directory: processor

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20.9.0'

#       - name: Run npm audit
#         run: npm audit

      - name: Download code coverage results
        uses: actions/download-artifact@v4
        with:
          name: code-coverage-report
          github-token: ${{ github.token }}
          run-id: ${{ github.event.workflow_run.id }}

      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

      - name: SonarQube Quality Gate
        uses: sonarsource/sonarqube-quality-gate-action@master
        timeout-minutes: 5
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}