Deduplicate sonal CI github workflow

Author: Pearl Dsilva

.github/workflows/main-sonar-check.yml

@@ -23,46 +23,15 @@ on:
       - main
 
 permissions:
-  contents: read # to fetch code (actions/checkout)
-  pull-requests: write # for sonar to comment on pull-request
+  contents: read
+  pull-requests: write
 
 jobs:
-  build:
+  sonar:
     if: github.repository == 'apache/cloudstack'
-    name: Main Sonar JaCoCo Build
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-
-      - name: Set up JDK17
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '17'
-          cache: 'maven'
-
-      - name: Cache SonarCloud packages
-        uses: actions/cache@v5
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-
-      - name: Cache local Maven repository
-        uses: actions/cache@v5
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-m2
-
-      - name: Run Tests with Coverage
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: |
-          git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
-          cd nonoss && bash -x install-non-oss.sh && cd ..
-          mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack
+    uses: ./.github/workflows/sonar-reusable.yml
+    with:
+      is_pr: false
+    secrets:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/sonar-check.yml

@@ -20,54 +20,19 @@ name: Sonar Quality Check
 on: [pull_request]
 
 permissions:
-  contents: read # to fetch code (actions/checkout)
-  pull-requests: write # for sonar to comment on pull-request
+  contents: read
+  pull-requests: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  build:
+  sonar:
     if: github.repository == 'apache/cloudstack' && github.event.pull_request.head.repo.full_name == github.repository
-    name: Sonar JaCoCo Coverage
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          ref: "refs/pull/${{ github.event.number }}/merge"
-          fetch-depth: 0
-
-      - name: Set up JDK17
-        uses: actions/setup-java@v5
-        with:
-          distribution: 'temurin'
-          java-version: '17'
-          cache: 'maven'
-
-      - name: Cache SonarCloud packages
-        uses: actions/cache@v5
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-
-      - name: Cache local Maven repository
-        uses: actions/cache@v5
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-m2
-
-      - name: Run Build and Tests with Coverage
-        id: coverage
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          PR_ID: ${{ github.event.pull_request.number }}
-          HEADREF: ${{ github.event.pull_request.head.ref }}
-        run: |
-          git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
-          cd nonoss && bash -x install-non-oss.sh && cd ..
-          mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID" -Dsonar.pullrequest.branch="$HEADREF" -Dsonar.pullrequest.github.repository=apache/cloudstack -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.summary_comment=true
+    uses: ./.github/workflows/sonar-reusable.yml
+    with:
+      is_pr: true
+    secrets:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/sonar-reusable.yml

@@ -0,0 +1,100 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: Sonar Quality Check (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      is_pr:
+        description: 'true when called from a pull_request trigger'
+        type: boolean
+        required: true
+    secrets:
+      GITHUB_TOKEN:
+        required: true
+      SONAR_TOKEN:
+        required: false
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  build:
+    name: Sonar JaCoCo Coverage
+    runs-on: ubuntu-22.04
+    steps:
+      # PR callers check out the merge commit; branch callers use the pushed SHA.
+      - uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.is_pr && format('refs/pull/{0}/merge', github.event.number) || github.sha }}
+          fetch-depth: 0
+
+      - name: Set up JDK17
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'maven'
+
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v5
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v5
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-m2
+
+      - name: Install Non-OSS
+        run: |
+          git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss
+          cd nonoss && bash -x install-non-oss.sh && cd ..
+
+      - name: Run Build and Tests with Coverage (PR)
+        if: inputs.is_pr
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          PR_ID: ${{ github.event.pull_request.number }}
+          HEADREF: ${{ github.event.pull_request.head.ref }}
+        run: >
+          mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install
+          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          -Dsonar.projectKey=apache_cloudstack
+          -Dsonar.pullrequest.key="$PR_ID"
+          -Dsonar.pullrequest.branch="$HEADREF"
+          -Dsonar.pullrequest.github.repository=apache/cloudstack
+          -Dsonar.pullrequest.provider=GitHub
+          -Dsonar.pullrequest.github.summary_comment=true
+
+      - name: Run Tests with Coverage (Main)
+        if: "!inputs.is_pr"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: >
+          mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install
+          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          -Dsonar.projectKey=apache_cloudstack