github composite action checkout detach-CodePudding

I have created a composite action see the link for running a Sonarcloud analysis for dotnet projects.

name: Sonarcloud
description: Sonarcloud
inputs:
  sonar_project_key:
    required: true
    type: string
  github_token:
    required: true
    type: string
  sonar_token:
    required: true
    type: string

runs:
  using: "composite"
  steps:
    - name: Set up JDK 11
      uses: actions/setup-java@v1
      with:
       java-version: 1.11

    - name: Install dotnet SonarCloud scanner
      shell: powershell
      run: |
        dotnet tool install --global dotnet-sonarscanner
     
    - name: Build and analyze
      shell: powershell 
      env:
        GITHUB_TOKEN: ${{ inputs.github_token }}
        SONAR_TOKEN: ${{ inputs.sonar_token }}
      run: |
            dotnet sonarscanner begin /k:"${{ inputs.sonar_project_key }}" /o:"my-org" /d:sonar.login="${{ inputs.sonar_token }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml"
            dotnet build --configuration Release
            dotnet test --no-restore --configuration Release --verbosity normal /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
            dotnet sonarscanner end /d:sonar.login="${{ inputs.sonar_token }}"

Then follow the link I have to create a release with the tag "v1" something like: "my-org/sonarcloud@v1" and then used it in another repository as follows:

name: Sonarcloud
on:
  push:
    branches:
      - main

  pull_request:
    types: [opened, synchronize, reopened]
  workflow_call:
    secrets:
        SONAR_TOKEN:
          required: true
  workflow_dispatch: ~
jobs:
  build:
    name: Build
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: 'true'
          fetch-depth: 0
      
      - uses: microsoft/variable-substitution@v1 
        with:
            files: 'tests/IntegrationTests/tests.settings.json'
        env:
            ConnectionString: ${{ secrets.CONNECTIONSTRING }} # please note that in this repo is connection string but it could vary from repo to repo, 
                                                              # maybe in another repo I need to substitute a Sas token for example
                                                              # so I cannot move the variable substitution to the composite action
      - uses: actions/checkout@v3
      - id: sonarcloud
        uses: my-org/sonarcloud@v1
        with:
            sonar_project_key: 'my-project'
            sonar_token: ${{ secrets.SONAR_TOKEN }}
            github_token: ${{ secrets.GITHUB_TOKEN }}

Check that I need to modify the "tests.settings.json" file in order to provide a valid connection string for the Tests to work.

Now the problem. The transformation is being conducted properly but here:

- uses: actions/checkout@v3
- id: sonarcloud    
  uses: my-org/sonarcloud@v1

git realize that "test.settings.json" has been modified and restore it to original version (that not contain the connection string) and the test fail. here are the logs of the workflow:

2022-04-29T10:56:04.3078283Z [command]"C:\Program Files\Git\bin\git.exe" checkout --detach
2022-04-29T10:56:04.8735279Z M  tests/IntegrationTests/tests.settings.json
2022-04-29T10:56:04.8736695Z HEAD is now at 5e6cf4b fix

So how can I avoid this behavior in the second checkout that is needed in order to get the composite action?.

thanks

CodePudding user response：

I have found the problem! The second

uses: actions/checkout@v3

was not needed. To fix it just removed.

Replace this:

- uses: actions/checkout@v3
- id: sonarcloud
  uses: my-org/sonarcloud@v1
    with:
     sonar_project_key: 'my-project'
     sonar_token: ${{ secrets.SONAR_TOKEN }}
     github_token: ${{ secrets.GITHUB_TOKEN }}

By:

- id: sonarcloud
  uses: my-org/sonarcloud@v1
    with:
     sonar_project_key: 'my-project'
     sonar_token: ${{ secrets.SONAR_TOKEN }}
     github_token: ${{ secrets.GITHUB_TOKEN }}