From 1d0e275ad1ecae0fb10d7266c50857ee0bdf918f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Str=C3=BCbe?= Date: Tue, 3 Mar 2026 16:58:34 +0100 Subject: [PATCH 1/2] ci: revert support sonar runs for forks (#163) This reverts commit 306e1881e69109debded3bfc6280dd51c6494539. --- .github/workflows/integration-tests-v1.yaml | 2 +- .github/workflows/pull-request.yaml | 48 +++++++++++---------- .github/workflows/release-workflow.yaml | 8 ++-- .github/workflows/sonar.yaml | 36 ---------------- 4 files changed, 30 insertions(+), 64 deletions(-) delete mode 100644 .github/workflows/sonar.yaml diff --git a/.github/workflows/integration-tests-v1.yaml b/.github/workflows/integration-tests-v1.yaml index 55084264..d58f424f 100644 --- a/.github/workflows/integration-tests-v1.yaml +++ b/.github/workflows/integration-tests-v1.yaml @@ -46,4 +46,4 @@ jobs: FIREBOLT_CLIENT_ID: ${{ secrets.SERVICE_ID_STG }} FIREBOLT_CLIENT_SECRET: ${{ secrets.SERVICE_SECRET_STG }} run: | - npm run test:ci integration/v1 + npm run test:ci integration/v1 \ No newline at end of file diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 28da9885..924d1198 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -8,29 +8,31 @@ on: jobs: code-checks: + runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Set up node.js - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: '16' - - - name: Install dependencies - run: npm install - - - name: Type check with typescript - run: npm run type-check - - - name: Test with jest - run: npm test -- --coverage test/unit - - - name: Upload coverage report - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 - with: - name: coverage - path: coverage/ - retention-days: 1 + - name: Check out code + uses: actions/checkout@v6 + + - name: Set up node.js + uses: actions/setup-node@v6 + with: + node-version: '16' + + - name: Install dependencies + run: npm install + + - name: Type check with typescript + run: | + npm run type-check + + - name: Test with jest + run: | + npm test -- --coverage test/unit + + - name: "Security Scan" + uses: SonarSource/sonarqube-scan-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} diff --git a/.github/workflows/release-workflow.yaml b/.github/workflows/release-workflow.yaml index e376d090..cd784de4 100644 --- a/.github/workflows/release-workflow.yaml +++ b/.github/workflows/release-workflow.yaml @@ -23,18 +23,18 @@ jobs: publish: runs-on: ubuntu-latest needs: integration-tests - steps: + steps: - name: Check out code uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ secrets.RELEASE_PAT }} - + - name: Set up node.js uses: actions/setup-node@v6 with: node-version: '16' - + - name: Install dependencies run: | npm install @@ -43,7 +43,7 @@ jobs: run: | git config user.name "GitHub Actions Bot" git config user.email "<>" - + - name: Build run: | npm run build diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml deleted file mode 100644 index a1418862..00000000 --- a/.github/workflows/sonar.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: Sonar scan - -on: - workflow_run: - workflows: [ "PR checks" ] - types: [ completed ] - -jobs: - sonar: - runs-on: ubuntu-latest - # Only run if the triggering workflow succeeded - if: ${{ github.event.workflow_run.conclusion == 'success' }} - - steps: - - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - # Check out the exact commit that was tested, not the base branch - ref: ${{ github.event.workflow_run.head_sha }} - fetch-depth: 0 - - - name: Download coverage report - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 - with: - name: coverage - path: coverage/ - # Pull the artifact from the run that triggered this workflow, - # not from this (sonar) run which has no artifacts of its own - run-id: ${{ github.event.workflow_run.id }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Security scan - uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} From b7036a4f9584c396600b37f7dc643b1957ee374a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Str=C3=BCbe?= Date: Tue, 3 Mar 2026 17:00:20 +0100 Subject: [PATCH 2/2] ci: disable sonarqube-scan on forks --- .github/workflows/pull-request.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 924d1198..3838365a 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -13,13 +13,13 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v6 - + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Set up node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: '16' - + - name: Install dependencies run: npm install @@ -30,9 +30,10 @@ jobs: - name: Test with jest run: | npm test -- --coverage test/unit - + - name: "Security Scan" - uses: SonarSource/sonarqube-scan-action@master + if: github.event.repository.fork == false + uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}