---
name: Analysis with Sonarlint and publish to SonarCloud
on:
  workflow_run:
    workflows: ["Linting and Testing ANTA"]
    types: [completed]

jobs:
  sonarcloud:
    name: Run Sonarlint analysis and upload to SonarCloud.
    if: github.repository == 'aristanetworks/anta'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.workflow_run.head_sha }}
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
      - name: Download coverage from unit tests
        continue-on-error: true
        uses: actions/download-artifact@v4
        with:
          name: pytest-coverage
          github-token: ${{ secrets.GITHUB_TOKEN }}
          run-id: ${{ github.event.workflow_run.id }}
          merge-multiple: true

      - name: Get PR context
        # Source: https://github.com/orgs/community/discussions/25220#discussioncomment-11316244
        id: pr-context
        if: github.event.workflow_run.event == 'pull_request'
        env:
          # Token required for GH CLI:
          GH_TOKEN: ${{ github.token }}
          # Best practice for scripts is to reference via ENV at runtime. Avoid using the expression syntax in the script content directly:
          PR_TARGET_REPO: ${{ github.repository }}
          # If the PR is from a fork, prefix it with `<owner-login>:`, otherwise only the PR branch name is relevant:
          PR_BRANCH: |-
            ${{
              (github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login)
                && format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch)
                || github.event.workflow_run.head_branch
            }}
        # Query the PR number by repo + branch, then assign to step output:
        run: |
          gh pr view --repo "${PR_TARGET_REPO}" "${PR_BRANCH}" \
             --json 'number,baseRefName' --jq '"number=\(.number)\nbase_ref=\(.baseRefName)"' \
             >> "${GITHUB_OUTPUT}"
          echo "pr_branch=${PR_BRANCH}" >> "${GITHUB_OUTPUT}"

      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@v5.2.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          # Using ACTION_STEP_DEBUG to trigger verbose when debugging in Github Action
          args: >
            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
            -Dsonar.pullrequest.key=${{ steps.pr-context.outputs.number }}
            -Dsonar.pullrequest.branch=${{ steps.pr-context.outputs.pr_branch }}
            -Dsonar.pullrequest.base=${{ steps.pr-context.outputs.base_ref }}
            -Dsonar.verbose=${{ secrets.ACTIONS_STEP_DEBUG }}