setup-terraform/.github/workflows/sonar.yml

name: SonarQube
on:
  pull_request:
  push:
    branches:
      - master

jobs:
  SonarQube:
    runs-on: [self-hosted,ts-large-x64-docker-large]
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
      - name: fetching
        if: contains(github.ref, 'pull')
        run: |
          git fetch origin ${{ github.event.pull_request.head.sha }}
          git checkout ${{ github.event.pull_request.head.sha }}
      - name: SonarQube Scan
        uses: tradeshift/actions-sonarqube@v2
        with:
          ca-cert: ${{ secrets.MTLS_CACERT }}
          client-cert: ${{ secrets.MTLS_CERT }}
          client-key: ${{ secrets.MTLS_KEY }}
          token: ${{ secrets.SONAR_TOKEN }}