Skip to content

Workflow file for this run

name: Scan affected projects with Sonar NEW
on:
push:
branches:
- main
- 'agora/**'
- 'iatlas/**'
- 'openchallenges/**'
- 'sage-monorepo/**'
- 'schematic/**'
pull_request_target:
types: [opened, synchronize, reopened, labeled]
env:
HEAD_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.ref || github.ref_name }}
HEAD_REPOSITORY: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name || github.repository }}
jobs:
sonar:
runs-on: ubuntu-latest
steps:
- name: Check if the label `sonar-scan-approved` exists
if: ${{ github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'sonar-scan-approved') != true }}
run: echo "Add the label 'sonar-scan-approved' to this PR to activate Sonar scan"; exit 1
- name: Checkout
uses: ./.github/actions/my-checkout
- name: Derive appropriate SHAs for base and head for `nx affected` commands
uses: nrwl/nx-set-shas@v4
# - name: Set up the dev container
# env:
# SONAR_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# uses: ./.github/actions/setup-dev-container
# - name: Scan the affected projects with Sonar
# run: |
# devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
# && nx affected --target=sonar"