chore: trigger fresh status #39

Workflow file for this run

	name: Sonar Scan

	on:
	workflow_dispatch:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	jobs:
	sonar:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Check Sonar configuration
	id: sonar_config
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_ORG: ${{ vars.SONAR_ORG }}
	SONAR_PROJECT_KEY: ${{ vars.SONAR_PROJECT_KEY }}
	run: \|
	if [ -n "${SONAR_TOKEN}" ] && [ -n "${SONAR_ORG}" ] && [ -n "${SONAR_PROJECT_KEY}" ]; then
	echo "enabled=true" >> "$GITHUB_OUTPUT"
	else
	echo "enabled=false" >> "$GITHUB_OUTPUT"
	echo "Sonar scan skipped: missing SONAR_TOKEN or vars SONAR_ORG/SONAR_PROJECT_KEY."
	fi

	- name: Set up Python
	if: steps.sonar_config.outputs.enabled == 'true'
	uses: actions/setup-python@v5
	with:
	python-version: "3.12"

	- name: Install dependencies
	if: steps.sonar_config.outputs.enabled == 'true'
	run: \|
	python -m pip install --upgrade pip
	pip install -e ".[dev,llm,enrich]"

	- name: Resolve project version
	if: steps.sonar_config.outputs.enabled == 'true'
	id: project_version
	run: \|
	python - <<'PY'
	import os
	import pathlib
	import tomllib

	data = tomllib.loads(pathlib.Path("pyproject.toml").read_text())
	version = data.get("project", {}).get("version")
	if not version:
	raise SystemExit("Missing project.version in pyproject.toml")
	with open(os.environ["GITHUB_OUTPUT"], "a") as handle:
	handle.write(f"version={version}\n")
	print(f"Using project version: {version}")
	PY

	- name: Run tests with coverage
	if: steps.sonar_config.outputs.enabled == 'true'
	run: \|
	pytest tests/ -v --cov=pidpal --cov-report=xml --cov-fail-under=80

	- name: SonarCloud Scan
	if: steps.sonar_config.outputs.enabled == 'true'
	uses: SonarSource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92 # v2
	continue-on-error: true
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	with:
	args: >
	-Dsonar.organization=${{ vars.SONAR_ORG }}
	-Dsonar.projectKey=${{ vars.SONAR_PROJECT_KEY }}
	-Dsonar.projectVersion=${{ steps.project_version.outputs.version }}
	-Dsonar.python.coverage.reportPaths=coverage.xml
	-Dsonar.qualitygate.wait=true
	-Dsonar.qualitygate.timeout=300

	- name: Fail on unresolved Sonar issues/hotspots
	if: steps.sonar_config.outputs.enabled == 'true'
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_PROJECT_KEY: ${{ vars.SONAR_PROJECT_KEY }}
	run: \|
	set -euo pipefail

	if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then
	pr_number="$(jq -r '.pull_request.number' "$GITHUB_EVENT_PATH")"
	issues_url="https://sonarcloud.io/api/issues/search?componentKeys=${SONAR_PROJECT_KEY}&pullRequest=${pr_number}&resolved=false&ps=1"
	hotspots_url="https://sonarcloud.io/api/hotspots/search?projectKey=${SONAR_PROJECT_KEY}&pullRequest=${pr_number}&status=TO_REVIEW&ps=1"
	else
	branch_name="${GITHUB_REF_NAME}"
	issues_url="https://sonarcloud.io/api/issues/search?componentKeys=${SONAR_PROJECT_KEY}&branch=${branch_name}&resolved=false&ps=1"
	hotspots_url="https://sonarcloud.io/api/hotspots/search?projectKey=${SONAR_PROJECT_KEY}&branch=${branch_name}&status=TO_REVIEW&ps=1"
	fi

	issues_total="$(curl -sS -u "${SONAR_TOKEN}:" "${issues_url}" \| jq -r '.paging.total')"
	hotspots_total="$(curl -sS -u "${SONAR_TOKEN}:" "${hotspots_url}" \| jq -r '.paging.total')"

	if [ "${issues_total}" -gt 0 ] \|\| [ "${hotspots_total}" -gt 0 ]; then
	echo "::error::SonarCloud reports ${issues_total} unresolved issues and ${hotspots_total} hotspots."
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: trigger fresh status #39

Workflow file

chore: trigger fresh status #39

Uh oh!

Workflow file for this run