-
Notifications
You must be signed in to change notification settings - Fork 15
132 lines (117 loc) · 5.02 KB
/
sonar-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: "SonarCloud"
on:
workflow_run:
workflows: [ Build ]
types: [ completed ]
jobs:
debug:
runs-on: ubuntu-latest
name: Display Context
steps:
- name: Display Github Event Context
run: echo "$GITHUB_CONTEXT"
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
analyze:
if: ${{ github.repository == 'streamshub/console' && github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
name: Analyze
steps:
- name: Display Github Event Context
run: echo "$GITHUB_CONTEXT"
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
## Checkout the source of the event that triggered this workflow,
## PR commit (pull_request event) or commit (push event).
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
## Retrieve the `target` directory from the build job
- name: Fetch Build Result
uses: actions/github-script@v7
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "target"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/target.zip', Buffer.from(download.data));
## Extract the `target` directory from the build job
- name: Extract Build Result
run: |
unzip target.zip
## Load the context from the build job - runs for any trigger to allow templates with `steps.build_context.outputs.content`
## to be accepted by GitHub Actions.
- name: Read Build Context
id: build_context
uses: juliangruber/read-file-action@v1
with:
path: ./target/build-context.json
## (PRs Only) Check out the base branch (target of the PR)
- name: Checkout Base Branch (PR Only)
if: github.event.workflow_run.event == 'pull_request'
env:
BASE_BRANCH: ${{ fromJson(steps.build_context.outputs.content).base_ref }}
run: |
git remote add upstream ${{ github.event.repository.clone_url }}
git fetch upstream --prune --tags --force
git checkout -B $BASE_BRANCH upstream/$BASE_BRANCH
git checkout ${{ github.event.workflow_run.head_sha }}
git clean -ffdx --exclude=target/ && git reset --hard HEAD
- name: Setup JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'adopt'
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
## (PRs Only) Run Sonar analysis against the results of the build job, providing PR information
- name: SonarCloud Analysis (PR Only)
if: github.event.workflow_run.event == 'pull_request'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn -B --no-transfer-progress org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=streamshub_console \
-Dsonar.token=${SONAR_TOKEN} \
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \
-Dsonar.pullrequest.key=${{ fromJson(steps.build_context.outputs.content).event.number }} \
-Dsonar.pullrequest.branch=${{ fromJson(steps.build_context.outputs.content).head_ref }} \
-Dsonar.pullrequest.base=${{ fromJson(steps.build_context.outputs.content).base_ref }}
## (Push Only) Run Sonar analysis against the results of the build job
- name: SonarCloud Analysis (Push Only)
if: github.event.workflow_run.event == 'push'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
mvn -B --no-transfer-progress org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=streamshub_console \
-Dsonar.token=${SONAR_TOKEN} \
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \
-Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}