refactor: Run SonarCloud workflow standalone and cleanup comments

fix: Prevent SonarCloud analysis from running on draft pull requests
2025-10-09 09:49:13 +01:00
parent 559b7b5a17
commit 5945114b7b
3 changed files with 17 additions and 47 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,13 +1,7 @@
 name: "CodeQL Analysis"

-# According to the docs, the CodeQL workflow should be triggered directly by push to master
-# and by pull requests (we only run this on open PRs as it's very slow). We also use the
-# `workflow_dispatch` event is also enabled to allow manual triggering of the workflow for testing.
-#
-# We should not trigger this workflow with `workflow_call` as this causes the error:
-#   "1 configuration present on `master` was not found"
-#
-# Sadly, this means we can't roll it into our monolithic CI workflow.
+# This is best run as a standalone workflow, not as part of another workflow like CI
+# because of how GitHub understands the code scanning workflows in it's UI.
 on:
  workflow_dispatch:
  pull_request:
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@ -23,33 +23,6 @@ env:
  CMAKE_CONFIGURE: "cmake -Bbuild -DCMAKE_BUILD_TYPE=Release -DSKIP_BUILD_TESTS=ON -DCMAKE_COMPILE_WARNING_AS_ERROR=ON"

 jobs:
-  # Always run this job, even if not on PR, since other jobs need it.
-  pr-comment-flags:
-    runs-on: ubuntu-latest
-    needs: lint-clang
-
-    outputs:
-      no-sonar: ${{ steps.check.outputs.no-sonar }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Check PR comment for flags
-        if: ${{ github.event_name == 'pull_request' }}
-        id: check
-        env:
-          PR_BODY: ${{ github.event.pull_request.body }}
-        run: |
-          no_sonar="{no-sonar}"
-
-          if echo $PR_BODY | grep -q "$no_sonar"; then
-            echo "Flag $no_sonar found in PR body."
-            echo "no-sonar=true" >> $GITHUB_OUTPUT
-          else
-            echo "No $no_sonar flag found in PR body."
-          fi
-
  # Quality gate to allow PR merge, used in the branch protection rules.
  ci-passed:
    runs-on: ubuntu-latest
@ -96,18 +69,11 @@ jobs:
      - name: Lint Checker
        uses: ./.github/actions/lint-clang

-  analyse-valgrind:
+  analyze-valgrind:
    needs: lint-clang
    if: ${{ github.event_name == 'pull_request' }}
    uses: ./.github/workflows/valgrind-analysis.yml

-  analyse-sonarcloud:
-    needs: pr-comment-flags
-    if: ${{ needs.pr-comment-flags.outputs.no-sonar != 'true' }}
-    uses: ./.github/workflows/sonarcloud-analysis.yml
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
  main-build:
    needs: lint-clang
    name: ${{ matrix.target.name }}
--- a/.github/workflows/sonarcloud-analysis.yml
+++ b/.github/workflows/sonarcloud-analysis.yml
@ -1,11 +1,21 @@
 name: "SonarCloud Analysis"

+# This is best run as a standalone workflow, not as part of another workflow like CI
+# because of how GitHub understands the code scanning workflows in it's UI.
 on:
  workflow_dispatch:
-  workflow_call:
-    secrets:
-      SONAR_TOKEN:
-        required: true
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    paths-ignore:
+      - "**/*.md"
+      - ".github/ISSUE_TEMPLATE/**"
+      - ".editorconfig"
+      - ".env-example"
+      - ".gitignore"
+      - ".gitattributes"
+      - "cspell.json"
+  push:
+    branches: [master]

 jobs:
  sonarcloud-analysis: