trackevery-day/.gitea/workflows/sonarqube.yml
Renovate Bot b69ef2ff26
Some checks failed
Lint / Lint (push) Successful in 32s
SonarQube Scan / SonarQube Trigger (push) Has been cancelled
chore(deps): update sonarsource/sonarqube-scan-action action to v4 (#9)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | major | `v3.1.0` -> `v4.0.0` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v4.0.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v4.0.0)

[Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v3.1.0...v4.0.0)

#### What's Changed

-   SQSCANGHA-46 Replace the Docker action by a composite action by [@&#8203;henryju](https://github.com/henryju) and [@&#8203;antonioaversa](https://github.com/antonioaversa) in https://github.com/SonarSource/sonarqube-scan-action/pull/145

This new major version removes Docker, moving to a [composite action](https://docs.github.com/en/actions/sharing-automations/creating-actions/creating-a-composite-action).
This has multiple benefits:

-   you can now use our GitHub action with Java and Dart project, which previously didn’t support it due to Docker isolation
-   your run won’t fail anymore in peak workload scenarios due to the Docker image hitting the rate limit on DockerHub
-   the scan won’t need to run the scan as a root user, as recommended by GitHub for operations happening in a Docker container
-   you will be able to run the action as part of your workflow on any Operating System

We expect no issues for the vast majority of users, and we encourage you to move to the new version.
You can read more about this new release [here](https://community.sonarsource.com/t/the-upcoming-release-of-github-action-for-sonarqube-v-4-0-0-remove-docker/130180).

**Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v3.1.0...v4.0.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjM4LjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: #9
Co-authored-by: Renovate Bot <renovatebot@schulze.network>
Co-committed-by: Renovate Bot <renovatebot@schulze.network>
2024-11-18 13:38:56 +01:00

34 lines
1017 B
YAML

on:
push:
branches:
- main
- dev
- "!renovate/**"
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
jobs:
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- name: Checking out
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@94d4f8ac4aaefccd7fb84bff00b0aeb2d65fcd49 # v4.0.0
env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
# Check the Quality Gate status.
- name: SonarQube Quality Gate check
uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 2
env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}