Analyze PR #177
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Analyze PR | |
| on: | |
| workflow_run: | |
| workflows: | |
| - 'Build' | |
| types: | |
| - completed | |
| permissions: | |
| pull-requests: read | |
| contents: read | |
| checks: write | |
| env: | |
| BUILD_JAVA_VERSION: '25' | |
| jobs: | |
| analyze: | |
| name: Analyze Code | |
| # Only run on forks, in-repo PRs are analyzed directly | |
| if: github.event.workflow_run.head_repository.owner.login != 'dnsjava' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download PR number artifact | |
| id: get_pr_number | |
| #v12 | |
| uses: dawidd6/action-download-artifact@0bd50d53a6d7fb5cb921e607957e9cc12b4ce392 | |
| with: | |
| workflow: ${{ github.event.workflow_run.name }} | |
| run_id: ${{ github.event.workflow_run.id }} | |
| name: pr_number | |
| - name: Read Pull Request Number | |
| id: pr_number | |
| run: | | |
| PR=$(cat pr_number.txt) | |
| echo "pr_number=${PR}" >> "$GITHUB_OUTPUT" | |
| - name: Request PR data from GitHub API | |
| id: get_pr_data | |
| if: steps.get_pr_number.outputs.found_artifact | |
| #v2.4.0 | |
| uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| route: GET /repos/{full_name}/pulls/{number} | |
| full_name: ${{ github.event.repository.full_name }} | |
| number: ${{ steps.pr_number.outputs.pr_number }} | |
| - name: Checkout PR | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ github.event.workflow_run.head_repository.full_name }} | |
| ref: ${{ github.event.workflow_run.head_sha }} | |
| persist-credentials: false | |
| path: pr | |
| # for Sonar | |
| fetch-depth: 0 | |
| - name: Checkout base | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ github.event.repository.full_name }} | |
| ref: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} | |
| persist-credentials: false | |
| path: base | |
| - name: Get analysis data | |
| uses: ./base/.github/actions/prepare-analysis | |
| - name: Run SonarQube | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| WF_REVISION: ${{ github.event.workflow_run.head_sha }} | |
| WF_PRKEY: ${{ fromJson(steps.get_pr_data.outputs.data).number }} | |
| WF_BRANCH: ${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} | |
| WF_BASE: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} | |
| run: | | |
| cp -f base/pom.xml pr/ | |
| cd pr | |
| mvn -B \ | |
| -f pom.xml \ | |
| -Dsonar.scm.revision='${WF_REVISION}' \ | |
| -Dsonar.pullrequest.key='${WF_PRKEY}' \ | |
| -Dsonar.pullrequest.branch='${WF_BRANCH}' \ | |
| -Dsonar.pullrequest.base='${WF_BASE}' \ | |
| properties:read-project-properties \ | |
| org.sonarsource.scanner.maven:sonar-maven-plugin:sonar |