code-quality.yml

name: Code Quality

on:
  push:
    branches:
      - main
  pull_request:
    types: [opened, synchronize, reopened]

env:
  CARGO_TERM_COLOR: always

jobs:
  rust:
    name: Check
    runs-on: ubuntu-latest
    
    steps:
    - uses: actions/checkout@v2
    
    - name: Cache `cargo` Registry
      uses: actions/cache@v2
      with:
        path: ~/.cargo/registry
        key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
        restore-keys: |
          ${{ runner.os }}-cargo-registry-

    - name: Cache `cargo` Index
      uses: actions/cache@v2
      with:
        path: ~/.cargo/git
        key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
        restore-keys: |
          ${{ runner.os }}-cargo-index-

    - name: Cache `cargo` Build
      uses: actions/cache@v2
      with:
        path: target
        key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
        restore-keys: |
          ${{ runner.os }}-cargo-build-

    - name: Setup Rust
      uses: actions-rs/toolchain@v1
      with:
        toolchain: nightly
        override: true
        components: rustfmt, clippy

    - name: Install Tools
      run: |
        cargo install cargo-audit
        cargo install cargo-udeps
        cargo install cargo-sonar
    
    - name: Run `clippy`
      run: cargo clippy --message-format=json > clippy.json || true

    - name: Run `cargo-audit`
      run: cargo audit --json > audit.json || true

    - name: Run `cargo-udeps`
      run: cargo +nightly udeps --quiet --workspace --output json > udeps.json || true
    
    - name: Run `cargo-sonar`
      run: cargo sonar --clippy --audit --udeps
    
    - name: Upload to sonarcloud.io
      uses: sonarsource/sonarqube-scan-action@v2.3.0
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
      with:
        args: >
          -Dsonar.host.url=https://sonarcloud.io
          -Dsonar.projectKey=postech-5soat-grupo-25_tech-challenge-pedido-produto
          -Dsonar.organization=postech-5soat-grupo-25
          -Dsonar.sources=src
          -Dsonar.language=rust
          -Dsonar.externalIssuesReportPaths=sonar-issues.json

    - name: Archive Results
      uses: actions/upload-artifact@v1
      with:
        name: code-quality-report
        path: sonar-issues.json