apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: sonarqube-analysis
spec:
  params:
    - name: home
      type: string
      default: ""
      description: home directory
    - name: workshop
      type: string
      default: ""
      description: workshop within workspace containing the source (if any)

    - name: sonarHostUrl
      type: string
      default: "https://sonarqube.unbox-x.net"
      description: SonarQube server URL

    - name: projectKey
      type: string
      description: SonarQube project key

  workspaces:
    - name: shared
      description: Workspace with shared code (e.g. from git-clone)

    - name: sonar-auth
      description: |
        Workspace containing authentication token (file: `token`)

  steps:
    - name: sonar-scan
      image: sonarsource/sonar-scanner-cli:5
      workingDir: /workspace/shared/$(params.workshop)
      script: |
        #!/bin/sh
        set -e

        SONAR_TOKEN=$(cat /workspace/sonar-auth/token)

        echo "📡 Running SonarQube analysis on project $(params.projectKey)..."

        sonar-scanner \
          -Dsonar.projectKey=$(params.projectKey) \
          -Dsonar.host.url=$(params.sonarHostUrl) \
          -Dsonar.login=$SONAR_TOKEN