Moved sonar analysis out to it's own script file

SamAinsworth-NHS · SamAinsworth-NHS · commit 53ad4dff47b9 · 2025-05-15T14:41:19.000+01:00
diff --git a/.github/workflows/stage-2-analyse.yaml b/.github/workflows/stage-2-analyse.yaml
@@ -1,81 +1,73 @@
-name: Analysis stage
-
-on:
-  workflow_call:
-    inputs:
-      unit_test_dir:
-        description: Directory containing the unit tests
-        required: true
-        type: string
-      build_datetime:
-        description: Build datetime
-        required: true
-        type: string
-      build_timestamp:
-        description: Build timestamp
-        required: true
-        type: string
-      build_epoch:
-        description: Build epoch
-        required: true
-        type: string
-      nodejs_version:
-        description: Node.js version
-        required: true
-        type: string
-      python_version:
-        description: Python version
-        required: true
-        type: string
-      terraform_version:
-        description: Terraform version
-        required: true
-        type: string
-      version:
-        description: Version of the software
-        required: true
-        type: string
-
-jobs:
-  download-test-coverage:
-    name: Download test coverage
-    runs-on: ubuntu-latest
-    timeout-minutes: 2
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          submodules: true
-      - name: Download coverage report
-        uses: actions/download-artifact@v4
-        with:
-          name: test-coverage-report
-          path: coverage
+name: "Perform static analysis"
+description: "Perform static analysis with SonarCloud for .NET projects"
+inputs:
+  sonar_organisation_key:
+    description: "Sonar organisation key, used to identify the project"
+    required: true
+  sonar_project_key:
+    description: "Sonar project key, used to identify the project"
+    required: true
+  sonar_token:
+    description: "Sonar token, the API key"
+    required: true
+  coverage_path:
+    description: "Path to coverage reports"
+    required: false
+    default: "coverage"
+runs:
+  using: "composite"
+  steps:
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: 17
+        distribution: "zulu"
+        
+    - name: Install .NET SDKs
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          7.0.x
+          8.0.x
+          9.0.x
+        
+    - name: Cache SonarQube packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar-${{ hashFiles('**/*.csproj') }}
+        restore-keys: |
+          ${{ runner.os }}-sonar-
           
-  perform-static-analysis:
-    name: Perform static analysis
-    needs: [download-test-coverage]
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-    timeout-minutes: 15
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          submodules: true
-          fetch-depth: 0 # Full history for more accurate reporting
-      - name: Download coverage report
-        uses: actions/download-artifact@v4
-        with:
-          name: test-coverage-report
-          path: coverage
-      - name: Perform static analysis
-        uses: ./.github/actions/perform-static-analysis
-        with:
-          sonar_organisation_key: ${{ vars.SONAR_ORGANISATION_KEY }}
-          sonar_project_key: ${{ vars.SONAR_PROJECT_KEY }}
-          sonar_token: ${{ secrets.SONAR_TOKEN }}
-          coverage_path: "coverage"
+    - name: Cache NuGet packages
+      uses: actions/cache@v4
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.sln') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget-
+          
+    - name: Install SonarScanner
+      shell: bash
+      run: dotnet tool install --global dotnet-sonarscanner
+        
+    - name: SonarCloud analysis
+      shell: bash
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+        SONAR_TOKEN: ${{ inputs.sonar_token }}
+      run: |
+        chmod +x ${{ github.workspace }}/scripts/reports/sonar-analysis.sh
+        ${{ github.workspace }}/scripts/reports/sonar-analysis.sh \
+          "${{ inputs.sonar_project_key }}" \
+          "${{ inputs.sonar_organisation_key }}" \
+          "${{ inputs.sonar_token }}" \
+          "${{ inputs.coverage_path }}" \
+          "${{ github.token }}" \
+          "${{ github.event_name }}" \
+          "${{ github.head_ref }}" \
+          "${{ github.base_ref }}" \
+          "${{ github.event.pull_request.number }}" \
+          "${{ github.repository }}" \
+          "${{ github.ref }}" \
+          "${{ github.sha }}"
diff --git a/scripts/reports/sonar-analysis.sh b/scripts/reports/sonar-analysis.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -e
+
+# Parameters
+SONAR_PROJECT_KEY="$1"
+SONAR_ORGANISATION_KEY="$2"
+SONAR_TOKEN="$3"
+COVERAGE_PATH="${4:-coverage}"
+GITHUB_TOKEN="$5"
+GITHUB_EVENT_NAME="$6"
+GITHUB_HEAD_REF="$7"
+GITHUB_BASE_REF="$8"
+GITHUB_EVENT_PR_NUMBER="$9"
+GITHUB_REPOSITORY="${10}"
+GITHUB_REF="${11}"
+GITHUB_SHA="${12}"
+
+# Get PR information for SonarCloud
+if [[ "$GITHUB_EVENT_NAME" == "pull_request" || "$GITHUB_EVENT_NAME" == "pull_request_target" ]]; then
+  PR_BRANCH="$GITHUB_HEAD_REF"
+  PR_BASE="$GITHUB_BASE_REF"
+  PR_KEY="$GITHUB_EVENT_PR_NUMBER"
+  
+  echo "Running analysis for PR #${PR_KEY} from ${PR_BRANCH} into ${PR_BASE}"
+  PR_ARGS="/d:sonar.pullrequest.key=${PR_KEY} /d:sonar.pullrequest.branch=${PR_BRANCH} /d:sonar.pullrequest.base=${PR_BASE} /d:sonar.pullrequest.github.repository=${GITHUB_REPOSITORY}"
+else
+  BRANCH_NAME="${GITHUB_REF#refs/heads/}"
+  if [[ "$BRANCH_NAME" != "main" && "$BRANCH_NAME" != "master" ]]; then
+    echo "Running analysis for branch ${BRANCH_NAME}"
+    PR_ARGS="/d:sonar.branch.name=${BRANCH_NAME}"
+  else
+    echo "Running analysis for main branch"
+    PR_ARGS=""
+  fi
+fi
+
+# Debug info
+echo "GitHub event: $GITHUB_EVENT_NAME"
+echo "PR arguments: ${PR_ARGS}"
+
+# Restore solution dependencies
+find . -name "*.sln" -exec dotnet restore {} \;
+
+# Begin SonarScanner with coverage configuration and PR information
+dotnet sonarscanner begin \
+  /k:"${SONAR_PROJECT_KEY}" \
+  /o:"${SONAR_ORGANISATION_KEY}" \
+  /d:sonar.token="${SONAR_TOKEN}" \
+  /d:sonar.host.url="https://sonarcloud.io" \
+  /d:sonar.cs.opencover.reportsPaths="${COVERAGE_PATH}/*.xml" \
+  /d:sonar.cs.cobertura.reportsPaths="${COVERAGE_PATH}/cobertura.xml" \
+  /d:sonar.coverage.exclusions="**/*Tests.cs,**/Tests/**/*.cs,**/test/**/*.ts,**/tests/**/*.ts,**/*.spec.ts,**/*.test.ts" \
+  /d:sonar.tests="tests" \
+  /d:sonar.test.inclusions="**/*.spec.ts,**/*.test.ts,**/tests/**/*.ts" \
+  /d:sonar.verbose=true \
+  /d:sonar.scm.provider=git \
+  /d:sonar.scm.revision=${GITHUB_SHA} \
+  ${PR_ARGS}
+
+# Build all solutions
+find . -name "*.sln" -exec dotnet build {} --no-restore \;
+
+# End SonarScanner
+dotnet sonarscanner end /d:sonar.token="${SONAR_TOKEN}"
