diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 42fb85c..3f1f366 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -15,19 +15,20 @@ permissions: contents: read jobs: - build-test: - name: SonarCloud Scan + build: + name: Build and analyze runs-on: ubuntu-latest env: - BUILD_WRAPPER_OUT_DIR: /tmp/build_wrapper_output_directory + BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory + permissions: + contents: read steps: - name: Install libmodsecurity run: | sudo apt-get update -y sudo apt-get install -y libmodsecurity-dev - - name: Check out the code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -40,8 +41,8 @@ jobs: - name: Install dependencies run: npm ci --ignore-scripts - - name: Install SonarCloud Scan for C and C++ - uses: SonarSource/sonarcloud-github-c-cpp@816b1822d71776ee0d32bc012e95024ec52ac1fc # v3.1.0 + - name: Install Build Wrapper + uses: SonarSource/sonarqube-scan-action/install-build-wrapper@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0 - name: Run build-wrapper run: | @@ -60,8 +61,9 @@ jobs: find .. -name '*.o' | xargs gcov --preserve-paths - name: Run sonar-scanner + uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" --define sonar.cfamily.gcov.reportsPath=coverage + with: + args: > + -Dsonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json" -Dsonar.cfamily.gcov.reportsPath=coverage