name: Sonar
'on':
  push:
    branches:
      - "**"
  pull_request:
    branches:
      - "**"
    types: [opened, synchronize, reopened, labeled]
  schedule:
    - cron: 0 14 * * *
jobs:
  sonarcloud:
    runs-on: ubuntu-latest
    steps:
      - name: Check for external PR
        if: ${{ !(contains(github.event.pull_request.labels.*.name, 'safe') ||
          github.event.pull_request.head.repo.full_name == github.repository ||
          github.event_name != 'pull_request_target') }}
        run: echo "Unsecure PR, must be labelled with the 'safe' label, then run the workflow again" && exit 1
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Use Node.js 16
        uses: actions/setup-node@v1
        with:
          node-version: 16
      - name: Build with npm
        run: |
          npm ci --ignore-scripts
          npm run build --if-present
          npm test
          npm run coverage
          cat .nyc_output/coverage.lcov
      - name: SonarCloud
        uses: sonarsource/sonarcloud-github-action@ba3875ecf642b2129de2b589510c81a8b53dbf4e
        env:
          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
          SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}'
        with:
          args: >
            -Dsonar.sources=.
            -Dsonar.exclusions=test/**/*
            -Dsonar.tests=./test
            -Dsonar.coverage.jacoco.xmlReportPaths=test-results.xml
            -Dsonar.javascript.lcov.reportPaths=.nyc_output/coverage.lcov
            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
            -Dsonar.pullrequest.branch=${{ github.head_ref }}
            -Dsonar.pullrequest.base=${{ github.base_ref }}
            -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }}