add SonarQube scan

Author: hathach

.github/workflows/static_analysis.yml

@@ -42,6 +42,7 @@ jobs:
 
       - name: Build
         run: |
+          mkdir -p build
           cmake examples -B build -G Ninja -DBOARD=${{ matrix.board }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=MinSizeRel
           cmake --build build
 
@@ -117,10 +118,11 @@ jobs:
 
       - name: Analyze
         run: |
+          mkdir -p build
           cmake examples -B build -G Ninja -DBOARD=${{ matrix.board }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=MinSizeRel
           cmake --build build
           pvs-studio-analyzer analyze -f build/compile_commands.json -j --exclude-path hw/mcu/ --exclude-path lib/
-          plog-converter -t sarif -o pvs-${{ matrix.board }}.sarif PVS-Studio.log
+          plog-converter -t sarif -o pvs-studio-${{ matrix.board }}.sarif PVS-Studio.log
 
       - name: Upload SARIF
         uses: github/codeql-action/upload-sarif@v4
@@ -131,28 +133,48 @@ jobs:
       - name: Upload artifact
         uses: actions/upload-artifact@v5
         with:
-          name: pvs-${{ matrix.board }}
-          path: pvs-${{ matrix.board }}.sarif
+          name: pvs-studio-${{ matrix.board }}
+          path: pvs-studio-${{ matrix.board }}.sarif
 
+  SonarQube:
+    runs-on: ubuntu-latest
+    env:
+      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
+    strategy:
+      fail-fast: false
+      matrix:
+        board:
+          - 'metro_m4_express'
+    steps:
+      - name: Checkout TinyUSB
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
 
-#  SonarQube:
-#    name: Build and analyze
-#    runs-on: ubuntu-latest
-#    env:
-#      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
-#    steps:
-#      - uses: actions/checkout@v4
-#        with:
-#          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-#      - name: Install Build Wrapper
-#        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v6
-#      - name: Run Build Wrapper
-#        run: |
-#          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build --preset ${{ env.BOARD }} -t ${{ env.EXAMPLE }}
-#      - name: SonarQube Scan
-#        uses: SonarSource/sonarqube-scan-action@v6
-#        env:
-#          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-#        with:
-#          args: >
-#            --define "sonar.cfamily.compile-commands=${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"
+      - name: Get Dependencies
+        uses: ./.github/actions/get_deps
+        with:
+          arg: -b${{ matrix.board }}
+
+      - name: Setup Toolchain
+        uses: ./.github/actions/setup_toolchain
+        with:
+          toolchain: 'arm-gcc'
+
+      - name: Install Build Wrapper
+        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v6
+
+      - name: Run Build Wrapper
+        run: |
+          cmake examples -B build -G Ninja -DBOARD=${{ matrix.board }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=MinSizeRel
+          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build/
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
+        with:
+          # Consult https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner/ for more information and options
+          args: >
+            --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"