Run Sonar scan before Grype (#26)

loicgreffier · web-flow · commit 12e7cab24635 · 2025-08-25T23:31:45.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -53,6 +53,13 @@ jobs:
         with:
           report_paths: '**/target/surefire-reports/TEST-*.xml'
 
+      - name: Sonar
+        if: github.event.pull_request.head.repo.fork == false
+        run: mvn verify sonar:sonar
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
       - name: Grype source code
         id: grype_source_code
         uses: anchore/scan-action@v6
@@ -69,13 +76,6 @@ jobs:
           sarif_file: ${{ steps.grype_source_code.outputs.sarif }}
           category: 'source-code'
 
-      - name: Sonar
-        if: github.event.pull_request.head.repo.fork == false
-        run: mvn verify sonar:sonar
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
       - name: Docker
         if: github.ref == 'refs/heads/main'
         run: mvn -B -DskipTests package jib:build -Djib.to.auth.username=$DOCKER_USER -Djib.to.auth.password=$DOCKER_TOKEN
