Update SonarCloud workflow (#34)

304NotModified · github-advanced-security[bot] · web-flow · commit 9634a738bd33 · 2026-03-11T22:12:14.000+01:00
* Update SonarCloud workflow

* SonarCloud

* Potential fix for code scanning alert no. 1: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;

---------

Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -1,55 +1,49 @@
 name: SonarCloud
-
+permissions:
+  contents: read
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
   pull_request:
-    branches: [ "main" ]
-  workflow_dispatch:
-
+    types: [opened, synchronize, reopened]
 jobs:
-  sonarcloud:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-
+  build:
+    name: Build and analyze
+    runs-on: windows-latest
     steps:
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: 'zulu' # Alternative distribution options are available.
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
-
-      - name: Setup .NET
-        uses: actions/setup-dotnet@v4
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Cache SonarQube Cloud packages
+        uses: actions/cache@v4
+        with:
+          path: ~\sonar\cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache SonarQube Cloud scanner
+        id: cache-sonar-scanner
+        uses: actions/cache@v4
         with:
-          dotnet-version: 10.0.x
-
-      - name: Install SonarScanner for .NET
+          path: ${{ runner.temp }}\scanner
+          key: ${{ runner.os }}-sonar-scanner
+          restore-keys: ${{ runner.os }}-sonar-scanner
+      - name: Install SonarQube Cloud scanner
+        if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
+        shell: powershell
         run: |
-          dotnet tool install --global dotnet-sonarscanner
-          dotnet tool install --global dotnet-coverage
-
-      - name: Restore dependencies
-        run: dotnet restore SLNX-validator.slnx
-
-      - name: Begin SonarCloud analysis
+          New-Item -Path ${{ runner.temp }}\scanner -ItemType Directory
+          dotnet tool update dotnet-sonarscanner --tool-path ${{ runner.temp }}\scanner
+      - name: Build and analyze
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        shell: powershell
         run: |
-          dotnet sonarscanner begin \
-            /k:"slnx-validator" \
-            /o:"304notmodified" \
-            /d:sonar.token="${SONAR_TOKEN}" \
-            /d:sonar.host.url="https://sonarcloud.io" \
-            /d:sonar.cs.vscoveragexml.reportsPaths="coverage.xml"
-
-      - name: Build
-        run: dotnet build SLNX-validator.slnx --no-incremental -c Release
-
-      - name: Test with coverage
-        run: dotnet-coverage collect "dotnet test --solution SLNX-validator.slnx --no-build -c Release --verbosity normal" -f xml -o coverage.xml
-
-      - name: End SonarCloud analysis
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: dotnet sonarscanner end /d:sonar.token="${SONAR_TOKEN}"
+          ${{ runner.temp }}\scanner\dotnet-sonarscanner begin /k:"slnx-validator" /o:"304notmodified" /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+          dotnet build
+          ${{ runner.temp }}\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
