static-analysis.yml

name: Static Analysis
on:
  workflow_call:
    secrets:
      SONAR_TOKEN:
        required: true
jobs:
  pip-compile:
    name: Run the pip-compile pre-commit hooks
    runs-on: ubuntu-latest
    steps:
    - name: Checkout the repository
      uses: actions/checkout@v4

    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.12'

    - name: Run pip-compile pre-commit
      id: pip_compile
      run: |
        python -m pip install --upgrade pip
        pip install pre-commit
        ls requirements/source/* | xargs pre-commit run pip-compile --files

    - name: Check command result
      if: steps.pip_compile.outcome != 'success'
      run: |
        echo "pip-compile failed because the compilation of requirements/source do not match of that in requirements/generated." >&2
        exit 1

  lint:
    name: Ruff
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Lint
        uses: chartboost/ruff-action@v1
        with:
          args: check --output-format=github
      - name: Format
        uses: chartboost/ruff-action@v1
        with:
          args: format --check

  sonarcloud:
    name: Sonar cloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          # Number of commits to fetch. 0 indicates all history for all branches and tags.
          # Default: 1
          fetch-depth: 0
      - uses: sonarsource/sonarcloud-github-action@master
        with:
          args: >
            -Dsonar.python.version=3.12
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}