name: SonarCloud Scanner

on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read

jobs:
  scan:

    name: SonarCloud Scanner
    runs-on: ubuntu-latest

    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3.3.0
        with:
          fetch-depth: 0

      - name: Set up JDK 17
        uses: actions/setup-java@v3.10.0
        with:
          distribution: 'adopt'
          java-version: '17'
          java-package: jdk
          architecture: x64

      - name: Cache SonarCloud packages
        uses: actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar

      - name: Cache Maven packages
        uses: actions/cache@v3
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2

      - name: SonarCloud analysis
        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
        if: ${{ env.SONAR_TOKEN != 0 }}