chore: replace our own TaskHelpers with a more robust impl., adapted … #206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
release: | |
types: | |
- published | |
pull_request_target: # This exposes repo secrets to PR, so manual approval via authorize job is enforced via 'external' environment. | |
workflow_dispatch: | |
name: sonarcloud | |
env: | |
DOTNET_CLI_TELEMETRY_OPTOUT: true | |
DOTNET_NOLOGO: true | |
dotnet-version: | | |
8.0.x | |
6.0.x | |
5.0.x | |
3.1.x | |
2.1.x | |
jobs: | |
# Blog https://iterative.ai/blog/testing-external-contributions-using-github-actions-secrets | |
authorize: | |
environment: | |
${{ (github.event_name == 'pull_request_target' && | |
github.event.pull_request.head.repo.full_name != github.repository) && | |
'external' || 'internal' }} | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo ✓ | |
analysis: | |
needs: authorize | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: ${{ env.dotnet-version }} | |
- run: dotnet --info | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: "17" | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha || github.ref }} | |
fetch-depth: 0 | |
- name: Install Sonar scanner | |
run: dotnet tool install --global dotnet-sonarscanner | |
- name: Install Coverlet | |
run: | | |
find ./test -type f -name "*Tests.csproj" -exec dotnet add "{}" package coverlet.msbuild \; | |
- name: Set env | |
run: | | |
echo "GITHUB_REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV | |
echo "SONAR_PROJECT_KEY=${GITHUB_REPOSITORY_OWNER}_${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV | |
echo "SONAR_ORG_KEY=${GITHUB_REPOSITORY_OWNER}" >> $GITHUB_ENV | |
- name: SonarCloud PR config | |
if: github.event_name == 'pull_request_target' | |
run: | | |
echo "SONAR_PR_ARGS=\ | |
/d:sonar.pullrequest.key=${{ github.event.pull_request.number }} \ | |
/d:sonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} \ | |
/d:sonar.pullrequest.base=${{ github.event.pull_request.base.ref }} \ | |
/d:sonar.scm.revision=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV | |
- name: Analyze with SonarCloud | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
dotnet sonarscanner begin /k:"$SONAR_PROJECT_KEY" /o:"$SONAR_ORG_KEY" /d:sonar.host.url=https://sonarcloud.io /d:sonar.token="$SONAR_TOKEN" /d:sonar.cs.opencover.reportsPaths="**/*opencover.xml" $SONAR_PR_ARGS | |
dotnet test -c Release /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:ExcludeByFile="test/**/*.cs" | |
dotnet sonarscanner end /d:sonar.token="$SONAR_TOKEN" |