.github/workflows/sonarcloud.yml - nutch - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 name: sonarcloud
 on:
   workflow_run:
     workflows: [master pull request ci]
     types: [completed]

 concurrency:
   group: sonarcloud-${{ github.event.workflow_run.pull_requests[0].number || github.event.workflow_run.head_sha }}
   cancel-in-progress: true

 jobs:
   analysis:
     if: github.event.workflow_run.conclusion == 'success'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
         with:
           repository: ${{ github.event.workflow_run.head_repository.full_name }}
           ref: ${{ github.event.workflow_run.head_sha }}
           fetch-depth: 0
       - name: Fetch target branch for PR analysis
         if: github.event.workflow_run.event == 'pull_request'
         run: |
           git remote add upstream https://github.com/${{ github.repository }}.git || true
           git fetch upstream master:refs/remotes/upstream/master
       - name: Set up JDK 17
         uses: actions/setup-java@v5
         with:
           java-version: '17'
           distribution: 'temurin'
       - name: Cache Ivy dependencies
         uses: actions/cache@v4
         with:
           path: ~/.ivy2/cache
           key: ${{ runner.os }}-ivy-${{ hashFiles('ivy/ivy.xml', 'src/plugin/**/ivy.xml') }}
           restore-keys: |
             ${{ runner.os }}-ivy-
       - name: Compile (no tests)
         run: ant compile compile-plugins resolve-test -buildfile build.xml
       - name: Download coverage data
         uses: dawidd6/action-download-artifact@v11
         with:
           name: coverage-data
           workflow: master-build.yml
           run_id: ${{ github.event.workflow_run.id }}
           path: ./build/coverage/
         continue-on-error: true
       - name: Download test reports
         uses: dawidd6/action-download-artifact@v11
         with:
           name: junit-test-results-ubuntu-latest
           workflow: master-build.yml
           run_id: ${{ github.event.workflow_run.id }}
           path: ./build/test/
         continue-on-error: true
       - name: Flatten test reports
         run: |
           mkdir -p ./build/test-reports
           find ./build/test -name 'TEST-*.xml' -exec cp {} ./build/test-reports/ \;
         continue-on-error: true
       - name: Generate JaCoCo XML report
         run: ant jacoco-report -buildfile build.xml
         continue-on-error: true
       - name: Resolve PR number
         id: pr
         run: |
           if [ "${{ github.event.workflow_run.event }}" != "pull_request" ]; then
             echo "is_pr=false" >> "$GITHUB_OUTPUT"
             exit 0
           fi

           PR_NUMBER="${{ github.event.workflow_run.pull_requests[0].number }}"

           if [ -z "$PR_NUMBER" ]; then
             PR_NUMBER=$(gh api \
               "repos/${{ github.repository }}/commits/${{ github.event.workflow_run.head_sha }}/pulls" \
               --jq '.[0].number // empty')
           fi

           if [ -z "$PR_NUMBER" ]; then
             PR_NUMBER=$(gh pr list --repo "${{ github.repository }}" --state open \
               --json number,headRefOid \
               --jq ".[] | select(.headRefOid == \"${{ github.event.workflow_run.head_sha }}\") | .number")
           fi

           if [ -n "$PR_NUMBER" ]; then
             echo "number=${PR_NUMBER}" >> "$GITHUB_OUTPUT"
             echo "is_pr=true" >> "$GITHUB_OUTPUT"
           else
             echo "is_pr=false" >> "$GITHUB_OUTPUT"
             echo "skip=true" >> "$GITHUB_OUTPUT"
             echo "⚠️ Could not resolve PR number for pull_request event. Skipping SonarCloud analysis."
           fi
         env:
           GH_TOKEN: ${{ github.token }}
       - name: SonarCloud Scan (PR)
         if: steps.pr.outputs.is_pr == 'true'
         uses: SonarSource/sonarqube-scan-action@v6
         with:
           args: >
             -Dsonar.pullrequest.key=${{ steps.pr.outputs.number }}
             -Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
             -Dsonar.pullrequest.base=master
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: https://sonarcloud.io
       - name: SonarCloud Scan (branch)
         if: steps.pr.outputs.is_pr == 'false' && steps.pr.outputs.skip != 'true'
         uses: SonarSource/sonarqube-scan-action@v6
         with:
           args: >
             -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: https://sonarcloud.io
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	name: sonarcloud
	on:
	workflow_run:
	workflows: [master pull request ci]
	types: [completed]

	concurrency:
	group: sonarcloud-${{ github.event.workflow_run.pull_requests[0].number \|\| github.event.workflow_run.head_sha }}
	cancel-in-progress: true

	jobs:
	analysis:
	if: github.event.workflow_run.conclusion == 'success'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	with:
	repository: ${{ github.event.workflow_run.head_repository.full_name }}
	ref: ${{ github.event.workflow_run.head_sha }}
	fetch-depth: 0
	- name: Fetch target branch for PR analysis
	if: github.event.workflow_run.event == 'pull_request'
	run: \|
	git remote add upstream https://github.com/${{ github.repository }}.git \|\| true
	git fetch upstream master:refs/remotes/upstream/master
	- name: Set up JDK 17
	uses: actions/setup-java@v5
	with:
	java-version: '17'
	distribution: 'temurin'
	- name: Cache Ivy dependencies
	uses: actions/cache@v4
	with:
	path: ~/.ivy2/cache
	key: ${{ runner.os }}-ivy-${{ hashFiles('ivy/ivy.xml', 'src/plugin/**/ivy.xml') }}
	restore-keys: \|
	${{ runner.os }}-ivy-
	- name: Compile (no tests)
	run: ant compile compile-plugins resolve-test -buildfile build.xml
	- name: Download coverage data
	uses: dawidd6/action-download-artifact@v11
	with:
	name: coverage-data
	workflow: master-build.yml
	run_id: ${{ github.event.workflow_run.id }}
	path: ./build/coverage/
	continue-on-error: true
	- name: Download test reports
	uses: dawidd6/action-download-artifact@v11
	with:
	name: junit-test-results-ubuntu-latest
	workflow: master-build.yml
	run_id: ${{ github.event.workflow_run.id }}
	path: ./build/test/
	continue-on-error: true
	- name: Flatten test reports
	run: \|
	mkdir -p ./build/test-reports
	find ./build/test -name 'TEST-*.xml' -exec cp {} ./build/test-reports/ \;
	continue-on-error: true
	- name: Generate JaCoCo XML report
	run: ant jacoco-report -buildfile build.xml
	continue-on-error: true
	- name: Resolve PR number
	id: pr
	run: \|
	if [ "${{ github.event.workflow_run.event }}" != "pull_request" ]; then
	echo "is_pr=false" >> "$GITHUB_OUTPUT"
	exit 0
	fi

	PR_NUMBER="${{ github.event.workflow_run.pull_requests[0].number }}"

	if [ -z "$PR_NUMBER" ]; then
	PR_NUMBER=$(gh api \
	"repos/${{ github.repository }}/commits/${{ github.event.workflow_run.head_sha }}/pulls" \
	--jq '.[0].number // empty')
	fi

	if [ -z "$PR_NUMBER" ]; then
	PR_NUMBER=$(gh pr list --repo "${{ github.repository }}" --state open \
	--json number,headRefOid \
	--jq ".[] \| select(.headRefOid == \"${{ github.event.workflow_run.head_sha }}\") \| .number")
	fi

	if [ -n "$PR_NUMBER" ]; then
	echo "number=${PR_NUMBER}" >> "$GITHUB_OUTPUT"
	echo "is_pr=true" >> "$GITHUB_OUTPUT"
	else
	echo "is_pr=false" >> "$GITHUB_OUTPUT"
	echo "skip=true" >> "$GITHUB_OUTPUT"
	echo "⚠️ Could not resolve PR number for pull_request event. Skipping SonarCloud analysis."
	fi
	env:
	GH_TOKEN: ${{ github.token }}
	- name: SonarCloud Scan (PR)
	if: steps.pr.outputs.is_pr == 'true'
	uses: SonarSource/sonarqube-scan-action@v6
	with:
	args: >
	-Dsonar.pullrequest.key=${{ steps.pr.outputs.number }}
	-Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
	-Dsonar.pullrequest.base=master
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_HOST_URL: https://sonarcloud.io
	- name: SonarCloud Scan (branch)
	if: steps.pr.outputs.is_pr == 'false' && steps.pr.outputs.skip != 'true'
	uses: SonarSource/sonarqube-scan-action@v6
	with:
	args: >
	-Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	SONAR_HOST_URL: https://sonarcloud.io