Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: skip Sonar Qube workflow if PR is opened from a non org member #269

Merged
merged 8 commits into from
Sep 11, 2024
Merged

ci: skip Sonar Qube workflow if PR is opened from a non org member #269

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
15ea4ee
- skip workflow if PR is opened from a non org member
jasonbahl Sep 10, 2024
de885f1
- fix typo
jasonbahl Sep 10, 2024
a56eaf3
- update workflow
jasonbahl Sep 10, 2024
1979e8f
- update once more
jasonbahl Sep 10, 2024
b4a3f89
- add logging
jasonbahl Sep 10, 2024
3b26304
- update Workflow Name
jasonbahl Sep 10, 2024
bf86752
- fix output
jasonbahl Sep 10, 2024
9149e06
- fix output
jasonbahl Sep 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/five-turtles-rule.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@wpengine/wp-graphql-content-blocks": patch
---

Skip the Sonar Qube workflow if the user that opened the PR is not a member of the Github org
37 changes: 34 additions & 3 deletions .github/workflows/sonar.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,57 @@
on:
# Trigger analysis when pushing in main or pull requests, and when creating
# a pull request.
# Trigger analysis when pushing to main or pull requests, and when creating a pull request.
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened]

name: Main Workflow
name: SonarQube Analysis
jobs:
sonarqube:
runs-on: ubuntu-22.04
steps:
- name: Check if PR author is an org member
id: check-member
uses: actions/[email protected] # Updated version to support Node 20
with:
script: |
const org = 'wpengine';
const username = context.payload.pull_request.user.login;

try {
const { data: membership } = await github.rest.orgs.getMembershipForUser({
org,
username,
});
console.log({ username, membership });
return { isMember: membership.state === 'active' };
} catch (error) {
console.log(`Error checking membership: ${error}`);
return { isMember: false }; // Treat as not a member if any error occurs
}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# Set an output for the job based on the result of the membership check
- name: Set output for isMember
run: echo "isMember=${{ steps.check-member.outputs.isMember }}" >> $GITHUB_ENV

- name: Skip if not an org member
if: env.isMember == 'false'
run: echo "Skipping workflow because PR author is not an org member" && exit 0

- uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0

- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

- name: SonarQube Quality Gate check
uses: sonarsource/sonarqube-quality-gate-action@master
# Force to fail step after specific time
Expand Down
Loading