From 156dd235dae4e622d047fefb89826cc47dc38a68 Mon Sep 17 00:00:00 2001
From: Maximilian Arnold <62939182+maxonary@users.noreply.github.com>
Date: Tue, 19 Mar 2024 15:01:30 +0100
Subject: [PATCH] Feat SonarQube static code analysis workflow

---
 .github/workflows/actions.yml | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
index 5f580a5..18f33d7 100644
--- a/.github/workflows/actions.yml
+++ b/.github/workflows/actions.yml
@@ -75,6 +75,27 @@ jobs:
       working-directory: ./frontend
 
 
+  sonarcube-analysis:
+    name: Static Code Analysis
+    runs-on: ubuntu-latest
+    needs: [frontend-job, backend-job]
+    permissions: read-all
+    steps:
+      - uses: actions/checkout@v4
+        with:
+            fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+            SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        # If you wish to fail your job when the Quality Gate is red, uncomment the
+        # following lines. This would typically be used to fail a deployment.
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+            
   deploy-job:
       name: Deploy to Server
       needs: [ backend-job, frontend-job]
@@ -97,7 +118,7 @@ jobs:
           ssh-keyscan -p $SSH_PORT $SSH_HOST >> ~/.ssh/known_hosts
           ssh -p $PORT $SSH_USERNAME@$SSH_HOST '~/deploy_script.sh'
 
-  
+
   lighthouse-job:
     name: Lighthouse Audit
     runs-on: ubuntu-latest