name: Sonarcloud workflow

on:
  push:
    branches:
      - 'main'
      - 'release*'

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  sonarcloud:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Check secret
        id: checksecret
        uses: ./.github/actions/is-defined
        with:
          value: ${{ secrets.SONAR_TOKEN }}
      - name: Setup build env
        if: steps.checksecret.outputs.result == 'true'
        uses: ./.github/actions/setup-build-env
      - name: SonarCloud Scan
        if: steps.checksecret.outputs.result == 'true'
        uses: sonarsource/sonarcloud-github-action@db501078e936e4b4c8773d1bb949ba9ddb7b6b6a # v1.9
        env:
          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}