From 5945114b7bebdfacbe0565683559a0b54b9dbc59 Mon Sep 17 00:00:00 2001 From: Nick Bolton Date: Thu, 9 Oct 2025 09:49:13 +0100 Subject: [PATCH] refactor: Run SonarCloud workflow standalone and cleanup comments fix: Prevent SonarCloud analysis from running on draft pull requests --- .github/workflows/codeql-analysis.yml | 10 ++---- .github/workflows/continuous-integration.yml | 36 +------------------- .github/workflows/sonarcloud-analysis.yml | 18 +++++++--- 3 files changed, 17 insertions(+), 47 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b0c4f5f34..32e85667a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,13 +1,7 @@ name: "CodeQL Analysis" -# According to the docs, the CodeQL workflow should be triggered directly by push to master -# and by pull requests (we only run this on open PRs as it's very slow). We also use the -# `workflow_dispatch` event is also enabled to allow manual triggering of the workflow for testing. -# -# We should not trigger this workflow with `workflow_call` as this causes the error: -# "1 configuration present on `master` was not found" -# -# Sadly, this means we can't roll it into our monolithic CI workflow. +# This is best run as a standalone workflow, not as part of another workflow like CI +# because of how GitHub understands the code scanning workflows in it's UI. on: workflow_dispatch: pull_request: diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 79065e5d2..31a10a28f 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -23,33 +23,6 @@ env: CMAKE_CONFIGURE: "cmake -Bbuild -DCMAKE_BUILD_TYPE=Release -DSKIP_BUILD_TESTS=ON -DCMAKE_COMPILE_WARNING_AS_ERROR=ON" jobs: - # Always run this job, even if not on PR, since other jobs need it. - pr-comment-flags: - runs-on: ubuntu-latest - needs: lint-clang - - outputs: - no-sonar: ${{ steps.check.outputs.no-sonar }} - - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Check PR comment for flags - if: ${{ github.event_name == 'pull_request' }} - id: check - env: - PR_BODY: ${{ github.event.pull_request.body }} - run: | - no_sonar="{no-sonar}" - - if echo $PR_BODY | grep -q "$no_sonar"; then - echo "Flag $no_sonar found in PR body." - echo "no-sonar=true" >> $GITHUB_OUTPUT - else - echo "No $no_sonar flag found in PR body." - fi - # Quality gate to allow PR merge, used in the branch protection rules. ci-passed: runs-on: ubuntu-latest @@ -96,18 +69,11 @@ jobs: - name: Lint Checker uses: ./.github/actions/lint-clang - analyse-valgrind: + analyze-valgrind: needs: lint-clang if: ${{ github.event_name == 'pull_request' }} uses: ./.github/workflows/valgrind-analysis.yml - analyse-sonarcloud: - needs: pr-comment-flags - if: ${{ needs.pr-comment-flags.outputs.no-sonar != 'true' }} - uses: ./.github/workflows/sonarcloud-analysis.yml - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - main-build: needs: lint-clang name: ${{ matrix.target.name }} diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index ecf521d67..2e35ee010 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -1,11 +1,21 @@ name: "SonarCloud Analysis" +# This is best run as a standalone workflow, not as part of another workflow like CI +# because of how GitHub understands the code scanning workflows in it's UI. on: workflow_dispatch: - workflow_call: - secrets: - SONAR_TOKEN: - required: true + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + paths-ignore: + - "**/*.md" + - ".github/ISSUE_TEMPLATE/**" + - ".editorconfig" + - ".env-example" + - ".gitignore" + - ".gitattributes" + - "cspell.json" + push: + branches: [master] jobs: sonarcloud-analysis: