-
Notifications
You must be signed in to change notification settings - Fork 14
174 lines (154 loc) · 5.49 KB
/
sonarcloud-pull.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: Sonarcloud-Pull
on:
workflow_run:
workflows: ["Code Analysis"]
types:
- completed
env:
COPR_REPO: ${{ vars.COPR_REPO || '@pki/master' }}
jobs:
retrieve-pr:
if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.pr-artifact-script.outputs.result }}
pr-base: ${{ steps.pr-base-script.outputs.result }}
steps:
- name: 'Download PR artifact'
uses: actions/[email protected]
id: download-pr
with:
result-encoding: string
script: |
var artifacts = await github.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr"
})[0];
if (matchArtifact == null){
core.setFailed("No PR artifact");
return "False";
}
var download = await github.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
return "True";
- name: Unzip the pr
if: steps.download-pr.outputs.result == 'True'
run: unzip pr.zip
- name: Retrieve the pr number
if: success()
id: pr-artifact-script
uses: actions/[email protected]
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_number = Number(fs.readFileSync('./NR'));
return pr_number;
- name: Retrieve the pr base
if: success()
id: pr-base-script
uses: actions/[email protected]
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_base = fs.readFileSync('./BaseBranch');
return pr_base;
init:
name: Initialization
needs: retrieve-pr
uses: ./.github/workflows/init.yml
secrets: inherit
build:
name: Building TomcatJSS
needs: [init, retrieve-pr]
runs-on: ubuntu-latest
steps:
- name: Clone the repository
uses: actions/checkout@v3
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add tomcatjss ${{ github.event.repository.clone_url }}
git fetch tomcatjss
git rebase tomcatjss/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build runner image
uses: docker/build-push-action@v2
with:
context: .
build-args: |
BASE_IMAGE=${{ needs.init.outputs.base-image }}
COPR_REPO=${{ env.COPR_REPO }}
tags: tomcatjss-runner
target: tomcatjss-runner
outputs: type=docker,dest=sonar-runner.tar
- name: Store runner image
uses: actions/cache@v3
with:
key: sonar-runner-${{ github.event.workflow_run.id }}
path: sonar-runner.tar
sonarcloud:
name: SonarCloud
needs: [retrieve-pr, init, build]
if: needs.retrieve-pr.outputs.pr-number != ''
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/ldapjdk
steps:
- name: Retrieve runner image
uses: actions/cache@v3
with:
key: sonar-runner-${{ github.event.workflow_run.id }}
path: sonar-runner.tar
- name: Load runner image
run: docker load --input sonar-runner.tar
- name: Clone the repository
uses: actions/checkout@v3
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add tomcatjss ${{ github.event.repository.clone_url }}
git fetch tomcatjss
git rebase tomcatjss/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Run container
run: |
IMAGE=tomcatjss-runner \
NAME=pki \
tests/bin/runner-init.sh
- name: Copy builds in current folder
run: |
mkdir build
docker cp pki:/usr/share/java/tomcatjss.jar build/
- name: Remove maven related file
run: rm -f pom.xml
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}