@@ -74,47 +74,56 @@ jobs:
7474 # -Dsonar.projectBaseDir=caldera
7575
7676 # --- Sonar scan for forked PRs (runs safely with pull_request_target) ---
77- # sonar_fork_pr:
78- # runs-on: ubuntu-latest
79- # if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.fork }}
80- # permissions:
81- # contents: read
82- # pull-requests: write # needed only for PR comments/decorations
83- # steps:
84- # # Checkout the base repo at the base SHA for context (not fork code)
85- # - name: Checkout base repo
86- # uses: actions/checkout@v4
87- # with:
88- # ref: ${{ github.event.pull_request.base.sha }}
89- # fetch-depth: 0
77+ sonar_fork_pr :
78+ runs-on : ubuntu-latest
79+ if : ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.fork }}
80+ permissions :
81+ contents : read
82+ pull-requests : write # remove if you don't want PR comments
83+ steps :
84+ - name : Checkout base repo
85+ uses : actions/checkout@v4
86+ with :
87+ ref : ${{ github.event.pull_request.base.sha }}
88+ fetch-depth : 0
9089
91- # # Checkout the fork’s PR head as data into ./pr
92- # - name: Checkout PR HEAD (fork)
93- # uses: actions/checkout@v4
94- # with:
95- # repository: ${{ github.event.pull_request.head.repo.full_name }}
96- # ref: ${{ github.event.pull_request.head.sha }}
97- # path: pr
98- # fetch-depth: 0
99- # submodules: recursive
90+ - name : Checkout PR HEAD (fork)
91+ uses : actions/checkout@v4
92+ with :
93+ repository : ${{ github.event.pull_request.head.repo.full_name }}
94+ ref : ${{ github.event.pull_request.head.sha }}
95+ path : pr
96+ fetch-depth : 0
97+ submodules : recursive
10098
101- # # Optional debug info
102- # - name: Debug checkout
103- # run: |
104- # echo "PR #${{ github.event.pull_request.number }}"
105- # echo "Head: ${{ github.event.pull_request.head.ref }} @ ${{ github.event.pull_request.head.sha }}"
106- # echo "Base: ${{ github.event.pull_request.base.ref }} @ ${{ github.event.pull_request.base.sha }}"
107- # ls -la pr || true
99+ # Detect where the sonar-project.properties actually is (pr/ or pr/caldera)
100+ - name : Detect Sonar base dir
101+ id : detect
102+ run : |
103+ set -euo pipefail
104+ if [ -f pr/caldera/sonar-project.properties ]; then
105+ echo "base=pr/caldera" >> "$GITHUB_OUTPUT"
106+ elif [ -f pr/sonar-project.properties ]; then
107+ echo "base=pr" >> "$GITHUB_OUTPUT"
108+ else
109+ echo "No sonar-project.properties found under pr/ or pr/caldera"
110+ echo "base=pr" >> "$GITHUB_OUTPUT" # fallback to repo root
111+ fi
112+ echo "Using base dir: $(grep '^base=' "$GITHUB_OUTPUT" | cut -d= -f2)"
113+ echo "Has SONAR_TOKEN? $([ -n "${SONAR_TOKEN:-}" ] && echo yes || echo no)"
114+ env :
115+ SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
108116
109- # # Run Sonar scan against fork code
110- # - name: SonarQube Scan (fork PR)
111- # uses: SonarSource/[email protected] 112- # env:
113- # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
114- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
115- # with:
116- # projectBaseDir: pr/caldera # <— override the action’s default "."
117- # args: |
118- # -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
119- # -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
120- # -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
117+ # If your project key/org are NOT in the properties file, uncomment and set below
118+ - name : SonarQube Scan (fork PR)
119+ uses :
SonarSource/[email protected] 120+ env :
121+ SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
122+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
123+ # SONAR_HOST_URL: https://sonarcloud.io # set if you’re self-hosted or non-default
124+ with :
125+ projectBaseDir : ${{ steps.detect.outputs.base }}
126+ args : |
127+ -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
128+ -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
129+ -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
0 commit comments