From cc0851d5aa4bcee2b8bd212120a27ccb8b208a8a Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Thu, 2 Jul 2026 12:48:25 +0000 Subject: [PATCH 1/2] ci: add Sonar scan workflow --- .github/workflows/sonar.yml | 33 +++++++++++++++++++++++++++++++++ sonar-project.properties | 6 ++++++ 2 files changed, 39 insertions(+) create mode 100644 .github/workflows/sonar.yml create mode 100644 sonar-project.properties diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 0000000..bcb85bb --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,33 @@ +name: Sonar Scan + +on: + pull_request: + branches: + - main + types: + - opened + - synchronize + - reopened + push: + branches: + - main + workflow_dispatch: + +permissions: + contents: read + pull-requests: read + +jobs: + sonar: + name: Sonar Scan + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v8.2.0 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..cd9e031 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,6 @@ +sonar.organization=randomcodespace +sonar.projectKey=RandomCodeSpace_lane +sonar.projectName=Lane +sonar.sources=src,bin,.github +sonar.exclusions=target/**,node_modules/**,docs/**,.superpowers/** +sonar.sourceEncoding=UTF-8 From ed5441dd779cdd65750850970e2baf77aaad3ea7 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Thu, 2 Jul 2026 12:53:36 +0000 Subject: [PATCH 2/2] ci: pin Sonar workflow actions --- .github/workflows/sonar.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index bcb85bb..8bd711b 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -23,11 +23,13 @@ jobs: if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + # actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 with: fetch-depth: 0 - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v8.2.0 + # SonarSource/sonarqube-scan-action@v8.2.0 + uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}