kyverno/.github/workflows/sonarcloud.yaml

name: Sonarcloud workflow

on:
  push:
    branches:
      - 'main'
      - 'release*'

jobs:
  sonarcloud:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v2
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0
      - name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@156db6fef3e168e4972abb76de0b32bbce8ec77a # pin@master
        env:
          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
Integrate Sonarcloud and Nancy github action (#3491) * Integrate Sonarcloud and Nancy github action Integrate Sonarcloud for static code analysis and Nancy for analysing dependencies Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> * fix: pin actions to commit sha Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix auth for pr Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-09-14 12:55:14 +05:30			`name: Sonarcloud workflow`

			`on:`
			`push:`
			`branches:`
			`- 'main'`
			`- 'release*'`

			`jobs:`
			`sonarcloud:`
			`runs-on: ubuntu-latest`
			`steps:`
chore(deps): bump actions/checkout from 2.4.0 to 3.1.0 (#5564) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2022-12-05 09:43:16 +01:00			`- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v2`
Integrate Sonarcloud and Nancy github action (#3491) * Integrate Sonarcloud and Nancy github action Integrate Sonarcloud for static code analysis and Nancy for analysing dependencies Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> * fix: pin actions to commit sha Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix auth for pr Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> 2022-09-14 12:55:14 +05:30			`with:`
			`# Disabling shallow clone is recommended for improving relevancy of reporting`
			`fetch-depth: 0`
			`- name: SonarCloud Scan`
			`uses: sonarsource/sonarcloud-github-action@156db6fef3e168e4972abb76de0b32bbce8ec77a # pin@master`
			`env:`
			`GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`