adrienjoly/github-actions-ci-with-sonarcloud.yml

## github-actions-ci-with-sonarcloud.yml
# [...]

  sonarcloud:
    needs:
    - test
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting, cf https://sonarcloud.io/project/configuration?analysisMode=GitHubActions
        fetch-depth: 0
    - uses: actions/download-artifact@v2
      with:
        name: code-coverage-report
        path: coverage/
    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      with:
        args: >
          -Dsonar.organization=my-sonarcloud-org
          -Dsonar.projectKey=my-sonarcloud-project
          -Dsonar.pullrequest.github.repository=my-github-org/my-github-repo
          -Dsonar.sources=.
          -Dsonar.exclusions=node_modules/**/*
          -Dsonar.inclusions=src/**/*.ts
          -Dsonar.test.exclusions=__tests__/**/*.test.skip.ts
          -Dsonar.test.inclusions=__tests__/**/*.test.ts
          -Dsonar.sourceEncoding=UTF-8

# Important notes / gotchas:
#
# 1. For coverage to be taken into account, you must call the analyser from
#    your CI workflow (like above) instead of relying on "Automatic Analysis".
# 2. The presence of a SonarQube config file may conflict => remove them.
# 3. For source files to be found by SonarCloud, this CI workflow must run at
#    least once from the main branch of the repository, not from a Pull Request.
#
# See https://twitter.com/adrienjoly/status/1452566263285358598
	# [...]

	sonarcloud:
	needs:
	- test
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	with:
	# Disabling shallow clone is recommended for improving relevancy of reporting, cf https://sonarcloud.io/project/configuration?analysisMode=GitHubActions
	fetch-depth: 0
	- uses: actions/download-artifact@v2
	with:
	name: code-coverage-report
	path: coverage/
	- name: SonarCloud Scan
	uses: sonarsource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	with:
	args: >
	-Dsonar.organization=my-sonarcloud-org
	-Dsonar.projectKey=my-sonarcloud-project
	-Dsonar.pullrequest.github.repository=my-github-org/my-github-repo
	-Dsonar.sources=.
	-Dsonar.exclusions=node_modules/*/
	-Dsonar.inclusions=src/*/.ts
	-Dsonar.test.exclusions=__tests__/*/.test.skip.ts
	-Dsonar.test.inclusions=__tests__/*/.test.ts
	-Dsonar.sourceEncoding=UTF-8

	# Important notes / gotchas:
	#
	# 1. For coverage to be taken into account, you must call the analyser from
	# your CI workflow (like above) instead of relying on "Automatic Analysis".
	# 2. The presence of a SonarQube config file may conflict => remove them.
	# 3. For source files to be found by SonarCloud, this CI workflow must run at
	# least once from the main branch of the repository, not from a Pull Request.
	#
	# See https://twitter.com/adrienjoly/status/1452566263285358598