XoopsCore27/.github/workflows/sonarcloud.yml at master · XOOPS/XoopsCore27 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: SonarCloud
on:
  push:
    branches: [master]
  pull_request:
    types: [opened, synchronize, reopened]

concurrency:
  group: sonarcloud-${{ github.ref }}
  cancel-in-progress: true

jobs:
  sonarcloud:
    name: SonarCloud Analysis
    runs-on: ubuntu-22.04
    timeout-minutes: 15
    if: github.repository == 'XOOPS/XoopsCore27'
    env:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
        with:
          fetch-depth: 0

      - name: Setup PHP
        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
        with:
          php-version: "8.4"
          extensions: intl, mbstring, mysqli
          tools: composer
          coverage: none

      # Note: Coverage is handled separately by ci.yml; this workflow focuses on static analysis
      - name: SonarCloud Scan
        if: env.SONAR_TOKEN != ''
        uses: SonarSource/sonarqube-scan-action@299e4b793aaa83bf2aba7c9c14bedbb485688ec4 # v7
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}