sonar.yaml

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request.
  push:
    branches:
      - master
      - release**
  pull_request:
    types: [opened, synchronize, reopened]
name: SonarCloud
jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    if: ${{ github.repository_owner == 'nrkno' && !github.event.pull_request.head.repo.fork }}
    timeout-minutes: 15

    steps:
      - uses: actions/checkout@v4
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0
          persist-credentials: false

      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: ".node-version"
      - uses: ./.github/actions/setup-meteor
      - name: restore node_modules
        uses: actions/cache@v4
        with:
          path: |
            node_modules
            meteor/node_modules
            packages/node_modules
          key: ${{ runner.os }}-${{ hashFiles('yarn.lock', 'meteor/yarn.lock', 'meteor/.meteor/release', 'packages/yarn.lock') }}
      - name: Prepare Environment
        run: |
          yarn
          yarn build:packages
        env:
          CI: true

      - name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}