name: Sonarqube scanner
on:
  pull_request:
  push:
    branches:
      - master

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: fetching
        if: contains(github.ref, 'pull')
        run: |
          git fetch origin ${{ github.event.pull_request.head.sha }}
          git checkout ${{ github.event.pull_request.head.sha }}
      - name: SonarQube Scan
        uses: tradeshift/actions-sonarqube@v2
        with:
          ca-cert: ${{ secrets.MTLS_CACERT }}
          client-cert: ${{ secrets.MTLS_CERT }}
          client-key: ${{ secrets.MTLS_KEY }}
          token: ${{ secrets.SONAR_TOKEN }}