-
Notifications
You must be signed in to change notification settings - Fork 1
41 lines (34 loc) · 1.11 KB
/
sonarcloud.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# A workflow that runs SonarQube
name: SonarCloud Nightly
on:
schedule:
- cron: '4 4 * * *'
workflow_dispatch:
push:
branches: [ main ]
# Declare default permissions as read only.
permissions:
contents: read
jobs:
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
with:
egress-policy: block
allowed-endpoints: >
github.com:443
scanner.sonarcloud.io:443
sonarcloud.io:443
- name: "Checkout code"
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
with:
persist-credentials: false
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@f1700773ebdb6efe6b3f8a5cf66150027dda8f5e
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}