From 94ff8a387433977fec92011b7534a771a6e11cba Mon Sep 17 00:00:00 2001 From: admin Date: Thu, 18 Dec 2025 21:21:09 -0600 Subject: [PATCH] Add CI-based SonarCloud workflow with rule exclusions --- .github/workflows/sonarcloud.yml | 70 ++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000000..dcd5a779e0 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,70 @@ +name: SonarCloud Analysis + +on: + push: + branches: [develop, master] + pull_request: + branches: [develop, master] + types: [opened, synchronize, reopened] + +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: '8.0.x' + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'zulu' + + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache SonarCloud scanner + id: cache-sonar-scanner + uses: actions/cache@v4 + with: + path: ./.sonar/scanner + key: ${{ runner.os }}-sonar-scanner + restore-keys: ${{ runner.os }}-sonar-scanner + + - name: Install SonarCloud scanner + if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' + run: | + mkdir -p ./.sonar/scanner + dotnet tool update dotnet-sonarscanner --tool-path ./.sonar/scanner + + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + ./.sonar/scanner/dotnet-sonarscanner begin \ + /k:"cheir-mneme_aletheia" \ + /o:"cheir-mneme" \ + /d:sonar.token="${{ secrets.SONAR_TOKEN }}" \ + /d:sonar.host.url="https://sonarcloud.io" \ + /d:sonar.cs.analyzer.projectOutPaths="_output" \ + /d:sonar.issue.ignore.multicriteria=e1 \ + /d:sonar.issue.ignore.multicriteria.e1.ruleKey=roslyn.sonaranalyzer.security.cs:S5145 \ + /d:sonar.issue.ignore.multicriteria.e1.resourceKey="**/*.cs" + + dotnet build src/Radarr.sln --configuration Release --no-incremental + + ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"