Scan with SonarScanner #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Scan with SonarScanner | |
on: [ push, pull_request ] | |
env: | |
CCACHE_COMPRESS: exists means true | |
CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros | |
jobs: | |
sonar-scan: | |
name: Scan with SonarScanner | |
strategy: | |
matrix: | |
os: [ ubuntu-latest ] | |
runs-on: ${{ matrix.os }} | |
services: | |
elasticsearch: | |
image: docker://elasticsearch:7.10.1 | |
options: --env discovery.type=single-node --publish 9200:9200 --publish 9300:9300 | |
steps: | |
- name: Download and install latest SonarScanner CLI tool | |
run: | | |
SONAR_SCANNER_VERSION=`curl https://github.com/SonarSource/sonar-scanner-cli/releases/latest \ | |
2>/dev/null | cut -f2 -d'"' | cut -f8 -d'/'` | |
SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli | |
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \ | |
$SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip | |
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ | |
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \ | |
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip | |
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ | |
SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux | |
echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV | |
echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV | |
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV | |
echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH | |
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH | |
- name: Install dependencies | |
run: | | |
df -h | |
sudo apt-get update | |
openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'` | |
libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'` | |
[ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \ | |
sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver} | |
sudo apt-get install -y \ | |
ccache \ | |
parallel \ | |
libboost-thread-dev \ | |
libboost-iostreams-dev \ | |
libboost-date-time-dev \ | |
libboost-system-dev \ | |
libboost-filesystem-dev \ | |
libboost-program-options-dev \ | |
libboost-chrono-dev \ | |
libboost-test-dev \ | |
libboost-context-dev \ | |
libboost-regex-dev \ | |
libboost-coroutine-dev \ | |
libcurl4-openssl-dev | |
sudo apt-get auto-remove -y | |
sudo apt-get clean -y | |
df -h | |
sudo du -hs /mnt/* | |
sudo ls -alr /mnt/ | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- name: Configure | |
run: | | |
pwd | |
df -h . | |
mkdir -p _build | |
sudo mkdir -p /_build/libraries /_build/programs /mnt/_build/tests | |
sudo chmod a+rwx /_build/libraries /_build/programs /mnt/_build/tests | |
ln -s /_build/libraries _build/libraries | |
ln -s /_build/programs _build/programs | |
ln -s /mnt/_build/tests _build/tests | |
sudo ln -s /_build/libraries /mnt/_build/libraries | |
sudo ln -s /_build/programs /mnt/_build/programs | |
sudo ln -s /mnt/_build/tests /_build/tests | |
ls -al _build | |
sed -i '/tests/d' libraries/fc/CMakeLists.txt | |
pushd _build | |
export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR | |
cmake -D CMAKE_BUILD_TYPE=Debug \ | |
-D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \ | |
-D CMAKE_C_COMPILER=gcc \ | |
-D CMAKE_C_COMPILER_LAUNCHER=ccache \ | |
-D CMAKE_CXX_COMPILER=g++ \ | |
-D CMAKE_CXX_COMPILER_LAUNCHER=ccache \ | |
-D CMAKE_C_FLAGS=--coverage \ | |
-D CMAKE_CXX_FLAGS=--coverage \ | |
-D Boost_USE_STATIC_LIBS=OFF \ | |
.. | |
popd | |
- name: Load Cache | |
uses: actions/cache@v2 | |
with: | |
path: | | |
ccache | |
sonar_cache | |
key: sonar-${{ github.ref }}-${{ github.sha }} | |
restore-keys: | | |
sonar-${{ github.ref }}- | |
sonar- | |
- name: Build | |
run: | | |
export CCACHE_DIR="$GITHUB_WORKSPACE/ccache" | |
mkdir -p "$CCACHE_DIR" | |
df -h | |
programs/build_helpers/make_with_sonar bw-output -j 2 -C _build \ | |
witness_node cli_wallet js_operation_serializer get_dev_key network_mapper \ | |
app_test chain_test cli_test es_test | |
df -h | |
du -hs _build/libraries/* _build/programs/* _build/tests/* | |
du -hs _build/* | |
du -hs /_build/* | |
- name: Unit-Tests | |
run: | | |
_build/tests/app_test -l test_suite | |
df -h | |
curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_cluster/settings \ | |
-d '{ "transient": { "cluster.routing.allocation.disk.threshold_enabled": false } }' | |
echo | |
_build/tests/es_test -l test_suite | |
df -h | |
libraries/fc/tests/run-parallel-tests.sh _build/tests/chain_test -l test_suite | |
_build/tests/cli_test -l test_suite | |
df -h | |
echo "Cleanup" | |
rm -rf /tmp/graphene* | |
df -h | |
- name: Quick test for program arguments | |
run: | | |
_build/programs/witness_node/witness_node --version | |
_build/programs/witness_node/witness_node --help | |
if _build/programs/witness_node/witness_node --bad-arg ; then \ | |
echo "Fail: did not get expected error."; false; \ | |
else \ | |
echo "Pass: got expected error."; \ | |
fi | |
if _build/programs/witness_node/witness_node --plugins "account_history elasticsearch" ; then \ | |
echo "Fail: did not get expected error."; false; \ | |
else \ | |
echo "Pass: got expected error."; \ | |
fi | |
if _build/programs/witness_node/witness_node --rpc-endpoint --plugins "witness"; then \ | |
echo "Fail: did not get expected error."; false; \ | |
else \ | |
echo "Pass: got expected error."; \ | |
fi | |
_build/programs/cli_wallet/cli_wallet --version | |
_build/programs/cli_wallet/cli_wallet --help | |
_build/programs/cli_wallet/cli_wallet --suggest-brain-key | |
if _build/programs/cli_wallet/cli_wallet --bad-arg ; then \ | |
echo "Fail: did not get expected error."; false; \ | |
else \ | |
echo "Pass: got expected error."; \ | |
fi | |
- name: Prepare for scanning with SonarScanner | |
run: | | |
mkdir -p sonar_cache | |
find _build/libraries/[acdenptuw]*/CMakeFiles/*.dir \ | |
_build/libraries/plugins/*/CMakeFiles/*.dir \ | |
-type d -print \ | |
| while read d; do \ | |
tmpd="${d:7}"; \ | |
srcd="${tmpd/CMakeFiles*.dir/.}"; \ | |
gcov -o "$d" "${srcd}"/*.[ch][px][px] \ | |
"${srcd}"/include/graphene/*/*.[ch][px][px] ; \ | |
done >/dev/null | |
find _build/programs/[cdgjsw]*/CMakeFiles/*.dir \ | |
-type d -print \ | |
| while read d; do \ | |
tmpd="${d:7}"; \ | |
srcd="${tmpd/CMakeFiles*.dir/.}"; \ | |
gcov -o "$d" "${srcd}"/*.[ch][px][px] ; \ | |
done >/dev/null | |
programs/build_helpers/set_sonar_branch_for_github_actions sonar-project.properties | |
- name: Scan with SonarScanner | |
env: | |
# to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
sonar-scanner \ | |
-Dsonar.login=${{ secrets.SONAR_TOKEN }} |