ci(sage-monorepo): try new sonar scan workflow for PRs

.github/workflows/sonar-scan.yml

@@ -4,32 +4,28 @@ on:
     types: [opened, synchronize, reopened]
 
 env:
+  HEAD_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
+  HEAD_REF: ${{ github.event.pull_request.head.ref }}
   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
 jobs:
   push:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+        name: Checkout ${{ env.HEAD_REF }} from repository ${{ env.HEAD_REPOSITORY }}
         with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ env.HEAD_REF }}
+          repository: ${{ env.HEAD_REPOSITORY }}
           fetch-depth: 0
 
-      - run: |
-          echo "github.event.pull_request.head.ref: ${{ github.event.pull_request.head.ref }}"
-          echo "repository: ${{ github.event.pull_request.head.repo.full_name }}"
-
       - name: Derive appropriate SHAs for base and head for `nx affected` commands
         uses: nrwl/nx-set-shas@v3
 
-      - name: Can read sonar token
-        run: if [ -z ${SONAR_TOKEN+x} ]; then echo "var is unset"; else echo "var is set to XXX"; fi
-
-      # - name: Set up the dev container
-      #   uses: ./.github/actions/setup-dev-container
+      - name: Set up the dev container
+        uses: ./.github/actions/setup-dev-container
 
-      # - name: Scan the affected projects with Sonar
-      #   run: |
-      #     devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
-      #       && nx affected --target=sonar"
+      - name: Scan the affected projects with Sonar
+        run: |
+          devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
+            && nx affected --target=sonar"