Skip to content

Sonar Quality Pull Request Analysis #728

Sonar Quality Pull Request Analysis

Sonar Quality Pull Request Analysis #728

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name: Sonar Quality Pull Request Analysis
on:
workflow_run:
workflows: [SonarBuild]
types: [completed]
concurrency:
group: sonar-pr-workflow-${{ github.event.workflow_run.head_repository.full_name }}-${{ github.event.workflow_run.head_branch }}
cancel-in-progress: true
jobs:
sonarcloud:
if: ${{ github.event.workflow_run.conclusion == 'success' && github.repository == 'apache/ignite' }}
name: Sonar Analysis
runs-on: ubuntu-latest
permissions:
contents: read
actions: write
checks: write
steps:
- name: Download pull request event artifact
uses: actions/download-artifact@v4
with:
name: pr-event-artifact
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Read pull request event
shell: bash
run: |
# We can trust these values because we use 'workflow approval' to
# review the PR before approving the workflow:
echo "pr_number=$(sed '1q;d' pr-event.txt)" >> "$GITHUB_ENV"
echo "pr_head_ref=$(sed '2q;d' pr-event.txt)" >> "$GITHUB_ENV"
echo "pr_base_ref=$(sed '3q;d' pr-event.txt)" >> "$GITHUB_ENV"
echo "pr_head_sha=$(sed '4q;d' pr-event.txt)" >> "$GITHUB_ENV"
echo "target_artifact_id=$(sed '5q;d' pr-event.txt)" >> "$GITHUB_ENV"
- name: Create new PR check
uses: actions/github-script@v7
id: check
with:
script: |
const jobs_response = await github.rest.actions.listJobsForWorkflowRunAttempt({
...context.repo,
run_id: context.runId,
attempt_number: process.env.GITHUB_RUN_ATTEMPT,
});
const job_url = jobs_response.data.jobs[0].html_url;
const check_response = await github.rest.checks.create({
...context.repo,
name: 'Sonar Quality Pull Request Analysis',
head_sha: process.env.pr_head_sha,
status: 'in_progress',
output: {
title: 'Sonar Quality Pull Request Analysis',
summary: '[Details ...](' + job_url + ')'
}
});
return check_response.data.id;
result-encoding: string
- name: Checkout PR head branch
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
# "fetch-depth: 0" is needed for Sonar's new code detection, blame information and issue backdating
# see more details at https://community.sonarsource.com/t/git-fetch-depth-implications/75260
- name: Checkout PR base branch
run: |
git remote add upstream https://github.com/apache/ignite
git fetch upstream
git checkout -B $pr_base_ref upstream/$pr_base_ref
git checkout ${{ github.event.workflow_run.head_sha }}
git clean -ffdx && git reset --hard HEAD
- name: Download compiled classes artifact
uses: actions/download-artifact@v4
with:
name: target-artifact
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Delete compiled classes artifact
if: always()
uses: actions/github-script@v7
with:
script: |
await github.rest.actions.deleteArtifact({
...context.repo,
artifact_id: process.env.target_artifact_id
});
- name: Extract compiled classes artifact
shell: bash
run: tar -xf target.tar
- name: Set up JDK17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-m2
- name: Sonar Analyze Upload
shell: bash
run: >
./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-P all-java,lgpl,examples,skip-docs
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.branch=${{ env.pr_head_ref }}
-Dsonar.pullrequest.base=${{ env.pr_base_ref }}
-Dsonar.pullrequest.key=${{ env.pr_number }}
-Dsonar.pullrequest.github.repository=apache/ignite
-Dsonar.pullrequest.provider=GitHub
-Dsonar.pullrequest.github.summary_comment=true
-Dsonar.projectKey=apache_ignite
-Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }}
-B -V
env:
MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication"
SONAR_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication"
JAVA_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication"
- name: Update status of PR check
uses: actions/github-script@v7
if: always()
env:
CHECK_ID: ${{ steps.check.outputs.result }}
JOB_STATUS: ${{ job.status }}
with:
script: |
const { CHECK_ID, JOB_STATUS } = process.env;
await github.rest.checks.update({
...context.repo,
check_run_id: CHECK_ID,
status: 'completed',
conclusion: JOB_STATUS
});