Split SonarCloud workflow into two stages to support fork PRs

.github/workflows/sonarcloud-analyze.yml

@@ -0,0 +1,91 @@
+name: SonarCloud - Analyze
+
+on:
+  workflow_run:
+    workflows: ["SonarCloud - Build & Test"]
+    types:
+      - completed
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.workflow_run.head_sha }}
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 10.0.x
+
+      - name: Install SonarScanner for .NET
+        run: |
+          dotnet tool install --global dotnet-sonarscanner
+          dotnet tool install --global dotnet-coverage
+
+      - name: Download SonarCloud artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: sonar-artifacts
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Read PR metadata
+        id: pr
+        run: |
+          if [ -f pr_number.txt ]; then
+            echo "number=$(cat pr_number.txt)" >> $GITHUB_OUTPUT
+            echo "sha=$(cat pr_sha.txt)" >> $GITHUB_OUTPUT
+            echo "branch=$(cat pr_branch.txt)" >> $GITHUB_OUTPUT
+            echo "is_pr=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_pr=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Restore dependencies
+        run: dotnet restore SLNX-validator.slnx
+
+      - name: Begin SonarCloud analysis (PR)
+        if: steps.pr.outputs.is_pr == 'true'
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          PR_NUMBER: ${{ steps.pr.outputs.number }}
+          PR_BRANCH: ${{ steps.pr.outputs.branch }}
+        run: |
+          dotnet sonarscanner begin \
+            /k:"slnx-validator" \
+            /o:"304notmodified" \
+            /d:sonar.token="${SONAR_TOKEN}" \
+            /d:sonar.host.url="https://sonarcloud.io" \
+            /d:sonar.cs.vscoveragexml.reportsPaths="coverage.xml" \
+            /d:sonar.pullrequest.key="${PR_NUMBER}" \
+            /d:sonar.pullrequest.branch="${PR_BRANCH}" \
+            /d:sonar.pullrequest.base="main"
+
+      - name: Begin SonarCloud analysis (push)
+        if: steps.pr.outputs.is_pr == 'false'
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          dotnet sonarscanner begin \
+            /k:"slnx-validator" \
+            /o:"304notmodified" \
+            /d:sonar.token="${SONAR_TOKEN}" \
+            /d:sonar.host.url="https://sonarcloud.io" \
+            /d:sonar.cs.vscoveragexml.reportsPaths="coverage.xml"
+
+      - name: Build
+        run: dotnet build SLNX-validator.slnx --no-incremental -c Release
+
+      - name: End SonarCloud analysis
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: dotnet sonarscanner end /d:sonar.token="${SONAR_TOKEN}"

.github/workflows/sonarcloud-build.yml

@@ -0,0 +1,53 @@
+name: SonarCloud - Build & Test
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 10.0.x
+
+      - name: Install dotnet-coverage
+        run: dotnet tool install --global dotnet-coverage
+
+      - name: Restore dependencies
+        run: dotnet restore SLNX-validator.slnx
+
+      - name: Build
+        run: dotnet build SLNX-validator.slnx --no-incremental -c Release
+
+      - name: Test with coverage
+        run: dotnet-coverage collect "dotnet test --solution SLNX-validator.slnx --no-build -c Release --verbosity normal" -f xml -o coverage.xml
+
+      - name: Save PR metadata
+        if: github.event_name == 'pull_request'
+        run: |
+          echo "${{ github.event.pull_request.number }}" > pr_number.txt
+          echo "${{ github.event.pull_request.head.sha }}" > pr_sha.txt
+          echo "${{ github.event.pull_request.head.ref }}" > pr_branch.txt
+
+      - name: Upload SonarCloud artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: sonar-artifacts
+          path: |
+            coverage.xml
+            pr_number.txt
+            pr_sha.txt
+            pr_branch.txt
+          retention-days: 1