forked from eclipse-kapua/kapua
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request eclipse-kapua#3817 from Agnul97/fix-sonarCloudOnForks
FIX - introduction of sonarCloud scans for pullrequests coming from external forks
- Loading branch information
Showing
2 changed files
with
72 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: pr-number-uploader | ||
| on: [pull_request] # Triggers the workflow on pull request events | ||
|
|
||
| #this workflow is used for the sonarCloud scan. | ||
| #It saves into an artifact the pull request number. | ||
| #In this way, then, the sonarCloud workflow (which is executed externally with respect to the context of the pr) retrieves it and performs the scan | ||
|
|
||
| jobs: | ||
| uploader: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| steps: | ||
| - name: Save PR number to file for the sonarCloud scan | ||
| run: echo ${{ github.event.number }} > PR_NUMBER.txt | ||
| - name: Archive PR number | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: PR_NUMBER | ||
| path: PR_NUMBER.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,34 +1,62 @@ | ||
| name: SonarCloud | ||
| on: | ||
| push: | ||
| branches: | ||
| - 'develop' | ||
| - 'release-**' | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
| name: Sonar | ||
|
|
||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| on: | ||
| workflow_run: | ||
| workflows: [pr-number-uploader] | ||
| types: [completed] | ||
|
|
||
| jobs: | ||
| scan: | ||
| sonar: | ||
| name: Scan code with sonarCould | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Download PR number artifact | ||
| uses: dawidd6/action-download-artifact@v2 | ||
| with: | ||
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | ||
| - name: Set up JDK 11 | ||
| uses: actions/setup-java@v3 | ||
| workflow: prNumberUploader.yaml | ||
| run_id: ${{ github.event.workflow_run.id }} | ||
| name: PR_NUMBER | ||
| - name: Read PR_NUMBER.txt | ||
| id: pr_number | ||
| uses: juliangruber/read-file-action@v1 | ||
| with: | ||
| java-version: 11 | ||
| distribution: 'zulu' | ||
| - name: Cache SonarCloud packages | ||
| uses: actions/cache@v3 | ||
| path: ./PR_NUMBER.txt | ||
| - name: Request GitHub API for PR data | ||
| uses: octokit/request-action@v2.x | ||
| id: get_pr_data | ||
| with: | ||
| path: ~/.sonar/cache | ||
| key: ${{ runner.os }}-sonar | ||
| restore-keys: ${{ runner.os }}-sonar | ||
| - name: SonarCloud scan | ||
| run: mvn -B compile org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=org.eclipse_kapua -Dsonar.organization=eclipse | ||
| route: GET /repos/{full_name}/pulls/{number} | ||
| number: ${{ steps.pr_number.outputs.content }} | ||
| full_name: ${{ github.event.repository.full_name }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Checkout into the pr's branch | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| repository: ${{ github.event.workflow_run.head_repository.full_name }} | ||
| ref: ${{ github.event.workflow_run.head_branch }} | ||
| fetch-depth: 0 | ||
| - name: Fetch base branch from upstream #step needed to calculate the "new lines of code metric" for the scan. Basically, the idea is to synch. with the base branch on the upstream because the fork could be not synched with it | ||
| run: | | ||
| git remote add upstream ${{ github.event.repository.clone_url }} | ||
| git fetch upstream | ||
| git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} | ||
| git checkout ${{ github.event.workflow_run.head_branch }} | ||
| git clean -ffdx && git reset --hard HEAD | ||
| - uses: actions/setup-java@v3 | ||
| with: | ||
| distribution: 'zulu' | ||
| java-version: 11 | ||
| - name: SonarCloud Scan | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| run: mvn -B compile org.sonarsource.scanner.maven:sonar-maven-plugin:sonar | ||
| -Dsonar.projectKey=org.eclipse_kapua | ||
| -Dsonar.organization=eclipse | ||
| -Dsonar.host.url=https://sonarcloud.io | ||
| -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} | ||
| -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} | ||
| -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} | ||
| -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} |