[WIP] Issue #412: use Github Actions as CI

[muhlba91]

fixes #412

[muhlba91]

@romani can you please set the SONAR_TOKEN secret in this repo?

[romani]

secret was added here https://github.com/organizations/checkstyle/settings/secrets/actions

by instructions of https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-an-organization

token is my private account sonar token (I do not see organization secrets) - create at https://sonarcloud.io/account/security/

[muhlba91]

@romani thanks! i figured out why it doesn't pick it up and i believe we need to use any other CI tool for SQ validations. GitHub Actions doesn't populate secrets to PRs with a different source repository than this one.

i saw we use CircleCI in the main repo as well - any chances to have CircleCI enabled for this one with that token?

[romani]

I setup it now - https://app.circleci.com/pipelines/github/checkstyle/sonar-checkstyle

can we use https://github.com/SonarSource/sonarcloud-github-action ? or any other Sonar integration with Github as app.

[muhlba91]

unfortunately, they all require the SONAR_TOKEN secret and in all actions/pipelines/... repository/organization secrets are not passed to workflows from any fork due to security reasons. i didn't find an option to enable this.

qq: did you set the SONAR_TOKEN in CircleCI as well already? unfortunately, i can't use an own token as i don't have "write" access to the sonarcloud project.

[romani]

I didn't put, as there is same security problem.

I do not remember where I setup sonarqube as application in our organization, so it does not require shell hacking.

[muhlba91]

how did you solve this in the main repo? i saw you used circleci there, also for PRs; hence, my thought to go with that one.