# This workflow will perform a SonarCloud code analysis on every push to the main branch or
# when a pull request is opened, synchronized, or reopened. The "pull_request_target" event is
# used to ensure that the analysis is done on the source branch of the pull request which has
# access to the SonarCloud token secret.
name: SonarCloud code analysis
on:
    push:
        branches:
            - main
    pull_request_target:
        types: [opened, synchronize, reopened]
jobs:
    build:
        name: Build and analyze
        runs-on: windows-latest
        steps:
            - name: Setup .NET
              uses: actions/setup-dotnet@v3
              with:
                  dotnet-version: '9.0.x'

            - name: Install WASM workload
              run: dotnet workload install wasm-tools

            - name: Set up JDK 17
              uses: actions/setup-java@v3
              with:
                  java-version: 17
                  distribution: 'zulu'

            - name: Checkout code of PR branch
              uses: actions/checkout@v3
              with:
                ref: ${{ github.event.pull_request.head.sha }}
                fetch-depth: 0

            - name: Cache SonarCloud packages
              uses: actions/cache@v3
              with:
                  path: ~\sonar\cache
                  key: ${{ runner.os }}-sonar
                  restore-keys: ${{ runner.os }}-sonar

            - name: Cache SonarCloud scanner
              id: cache-sonar-scanner
              uses: actions/cache@v3
              with:
                  path: .\.sonar\scanner
                  key: ${{ runner.os }}-sonar-scanner
                  restore-keys: ${{ runner.os }}-sonar-scanner

            - name: Install SonarCloud scanner
              if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
              shell: powershell
              run: |
                  New-Item -Path .\.sonar\scanner -ItemType Directory
                  dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner

            - name: Build and analyze
              env:
                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
              shell: powershell
              run: |
                  if ('${{ github.event_name }}' -eq 'pull_request_target') {
                      .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
                  } else {
                      .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
                  }
                  dotnet build
                  dotnet test -c Release /p:CollectCoverage=true /p:CoverletOutput=coverage /p:CoverletOutputFormat=opencover --filter 'FullyQualifiedName!~AliasVault.E2ETests'
                  .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"