on:
  workflow_dispatch:
  push:
    branches:
      - main
      - devel
  pull_request:
    types:
      - opened
      - reopened
      - synchronize
    branches:
      - main
      - devel

jobs:
  secrets-gate:
    runs-on: ubuntu-latest
    outputs:
      ok: ${{ steps.check-secrets.outputs.ok }}
    steps:
      - name: check for secrets needed to run SonarQube
        id: check-secrets
        run: |
          if [ ! -z "${{ secrets.SONAR_TOKEN }}" ] && [ ! -z "${{ secrets.SONAR_HOST_URL }}" ]; then
            echo "::set-output name=ok::true"
          fi

  sonarqube:
    needs:
        - secrets-gate
    if: ${{ needs.secrets-gate.outputs.ok == 'true' }}
    runs-on: ubuntu-latest
    services:
      postgres-skeleton-db:
        image: postgres
        env:
          POSTGRES_DB: postgres_rv_database
          POSTGRES_USER: rv_user
          POSTGRES_PASSWORD: rv_password
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 5432:5432
    steps:
      - uses: actions/checkout@v2

      - uses: actions/setup-java@v3
        with:
          distribution: temurin
          java-version: 17

      - uses: gradle/gradle-build-action@v2
        with:
          gradle-version: 7.4.2

      - name: Gradle execute tests
        run: gradle clean build

      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@master
        with:
          args: >
            -Dsonar.projectKey=${{ github.event.repository.name }}
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}