Skip to content

Scan with SonarScanner #7

Scan with SonarScanner

Scan with SonarScanner #7

Workflow file for this run

name: Scan with SonarScanner
on: [ push, pull_request ]
env:
CCACHE_COMPRESS: exists means true
CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros
jobs:
sonar-scan:
name: Scan with SonarScanner
strategy:
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
services:
elasticsearch:
image: docker://elasticsearch:7.10.1
options: --env discovery.type=single-node --publish 9200:9200 --publish 9300:9300
steps:
- name: Download and install latest SonarScanner CLI tool
run: |
SONAR_SCANNER_VERSION=`curl https://github.com/SonarSource/sonar-scanner-cli/releases/latest \
2>/dev/null | cut -f2 -d'"' | cut -f8 -d'/'`
SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \
$SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV
echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
- name: Install dependencies
run: |
df -h
sudo apt-get update
openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'`
libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'`
[ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \
sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver}
sudo apt-get install -y \
ccache \
parallel \
libboost-thread-dev \
libboost-iostreams-dev \
libboost-date-time-dev \
libboost-system-dev \
libboost-filesystem-dev \
libboost-program-options-dev \
libboost-chrono-dev \
libboost-test-dev \
libboost-context-dev \
libboost-regex-dev \
libboost-coroutine-dev \
libcurl4-openssl-dev
sudo apt-get auto-remove -y
sudo apt-get clean -y
df -h
sudo du -hs /mnt/*
sudo ls -alr /mnt/
- uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: recursive
- name: Configure
run: |
pwd
df -h .
mkdir -p _build
sudo mkdir -p /_build/libraries /_build/programs /mnt/_build/tests
sudo chmod a+rwx /_build/libraries /_build/programs /mnt/_build/tests
ln -s /_build/libraries _build/libraries
ln -s /_build/programs _build/programs
ln -s /mnt/_build/tests _build/tests
sudo ln -s /_build/libraries /mnt/_build/libraries
sudo ln -s /_build/programs /mnt/_build/programs
sudo ln -s /mnt/_build/tests /_build/tests
ls -al _build
sed -i '/tests/d' libraries/fc/CMakeLists.txt
pushd _build
export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR
cmake -D CMAKE_BUILD_TYPE=Debug \
-D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \
-D CMAKE_C_COMPILER=gcc \
-D CMAKE_C_COMPILER_LAUNCHER=ccache \
-D CMAKE_CXX_COMPILER=g++ \
-D CMAKE_CXX_COMPILER_LAUNCHER=ccache \
-D CMAKE_C_FLAGS=--coverage \
-D CMAKE_CXX_FLAGS=--coverage \
-D Boost_USE_STATIC_LIBS=OFF \
..
popd
- name: Load Cache
uses: actions/cache@v2
with:
path: |
ccache
sonar_cache
key: sonar-${{ github.ref }}-${{ github.sha }}
restore-keys: |
sonar-${{ github.ref }}-
sonar-
- name: Build
run: |
export CCACHE_DIR="$GITHUB_WORKSPACE/ccache"
mkdir -p "$CCACHE_DIR"
df -h
programs/build_helpers/make_with_sonar bw-output -j 2 -C _build \
witness_node cli_wallet js_operation_serializer get_dev_key network_mapper \
app_test chain_test cli_test es_test
df -h
du -hs _build/libraries/* _build/programs/* _build/tests/*
du -hs _build/*
du -hs /_build/*
- name: Unit-Tests
run: |
_build/tests/app_test -l test_suite
df -h
curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_cluster/settings \
-d '{ "transient": { "cluster.routing.allocation.disk.threshold_enabled": false } }'
echo
_build/tests/es_test -l test_suite
df -h
libraries/fc/tests/run-parallel-tests.sh _build/tests/chain_test -l test_suite
_build/tests/cli_test -l test_suite
df -h
echo "Cleanup"
rm -rf /tmp/graphene*
df -h
- name: Quick test for program arguments
run: |
_build/programs/witness_node/witness_node --version
_build/programs/witness_node/witness_node --help
if _build/programs/witness_node/witness_node --bad-arg ; then \
echo "Fail: did not get expected error."; false; \
else \
echo "Pass: got expected error."; \
fi
if _build/programs/witness_node/witness_node --plugins "account_history elasticsearch" ; then \
echo "Fail: did not get expected error."; false; \
else \
echo "Pass: got expected error."; \
fi
if _build/programs/witness_node/witness_node --rpc-endpoint --plugins "witness"; then \
echo "Fail: did not get expected error."; false; \
else \
echo "Pass: got expected error."; \
fi
_build/programs/cli_wallet/cli_wallet --version
_build/programs/cli_wallet/cli_wallet --help
_build/programs/cli_wallet/cli_wallet --suggest-brain-key
if _build/programs/cli_wallet/cli_wallet --bad-arg ; then \
echo "Fail: did not get expected error."; false; \
else \
echo "Pass: got expected error."; \
fi
- name: Prepare for scanning with SonarScanner
run: |
mkdir -p sonar_cache
find _build/libraries/[acdenptuw]*/CMakeFiles/*.dir \
_build/libraries/plugins/*/CMakeFiles/*.dir \
-type d -print \
| while read d; do \
tmpd="${d:7}"; \
srcd="${tmpd/CMakeFiles*.dir/.}"; \
gcov -o "$d" "${srcd}"/*.[ch][px][px] \
"${srcd}"/include/graphene/*/*.[ch][px][px] ; \
done >/dev/null
find _build/programs/[cdgjsw]*/CMakeFiles/*.dir \
-type d -print \
| while read d; do \
tmpd="${d:7}"; \
srcd="${tmpd/CMakeFiles*.dir/.}"; \
gcov -o "$d" "${srcd}"/*.[ch][px][px] ; \
done >/dev/null
programs/build_helpers/set_sonar_branch_for_github_actions sonar-project.properties
- name: Scan with SonarScanner
env:
# to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
sonar-scanner \
-Dsonar.login=${{ secrets.SONAR_TOKEN }}