Add SonarCloud scanning

jerone · Aug 19, 2024 · c0debde · c0debde
1 parent fc39110
commit c0debde
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -56,6 +56,37 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
 
+  sonarcloud:
+    name: Run SonarCloud scanning
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read # Allows SonarCloud to decorate PRs with analysis results.
+    steps:
+      # - uses: actions/setup-java@v4
+      #   with:
+      #     distribution: "temurin"
+      #     java-version: "21" # SonarCloud requires v17 or higher.
+      #     check-latest: true
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis.
+
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarcloud-github-action@v2
+        if: success() || failure() # Run this step even if previous step failed.
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.projectKey=jerone_Jvw.DevToys.SemverCalculator
+            -Dsonar.organization=jerone
+            -Dsonar.projectBaseDir=.
+            -Dsonar.sources=./Jvw.DevToys.SemverCalculator/
+            # -Dsonar.tests=./tests/
+            # -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
+
   nuget_pack:
     name: Pack NuGet package
     runs-on: ubuntu-latest
@@ -112,7 +143,7 @@ jobs:
   nuget_publish:
     name: Publish NuGet package
     runs-on: ubuntu-latest
-    needs: [nuget_validate, build_test, analyze_codeql]
+    needs: [nuget_validate, build_test, analyze_codeql, sonarcloud]
     if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
     steps:
       - name: Setup .NET

diff --git a/cspell.json b/cspell.json
@@ -8,14 +8,19 @@
     "autobuild",
     "codeql",
     "dotnet",
+    "Dsonar",
     "github",
     "GITHUB",
+    "jerone",
     "meziantou",
     "Meziantou",
     "ncipollo",
     "nupkg",
     "nupkgs",
-    "pwsh"
+    "pwsh",
+    "sonarcloud",
+    "sonarsource",
+    "temurin"
   ],
   "ignoreWords": [],
   "import": []