Skip to content

Sonarcloud-Pull

Sonarcloud-Pull #2555

name: Sonarcloud-Pull
on:
workflow_run:
workflows: ["Code Analysis"]
types:
- completed
env:
BASE_IMAGE: ${{ vars.BASE_IMAGE || 'registry.fedoraproject.org/fedora:latest' }}
COPR_REPO: ${{ vars.COPR_REPO || '@pki/master' }}
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || 'dogtagpki' }}
jobs:
retrieve-pr:
if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.pr-artifact-script.outputs.result }}
pr-base: ${{ steps.pr-base-script.outputs.result }}
steps:
- name: 'Download PR artifact'
uses: actions/github-script@v7
id: download-pr
with:
result-encoding: string
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr"
})[0];
if (matchArtifact == null){
core.setFailed("No PR artifact");
return "False";
}
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
return "True";
- name: Unzip the pr
if: steps.download-pr.outputs.result == 'True'
run: unzip pr.zip
- name: Retrieve the pr number
if: success()
id: pr-artifact-script
uses: actions/github-script@v7
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_number = Number(fs.readFileSync('./NR'));
return pr_number;
- name: Retrieve the pr base
if: success()
id: pr-base-script
uses: actions/github-script@v7
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_base = fs.readFileSync('./BaseBranch');
return pr_base;
build:
name: Building PKI for Sonar
needs: retrieve-pr
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config user.name "GitHub Workflow Action"
git config user.email "[email protected]"
git remote add pki ${{ github.event.repository.clone_url }}
git fetch pki
git rebase pki/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Update Dockerfile
run: |
# update registry namespace
sed -i "s/quay.io\/dogtagpki\//quay.io\/$NAMESPACE\//g" Dockerfile
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
id: cache-buildx
uses: actions/cache@v4
with:
key: buildx-${{ hashFiles('pki.spec') }}
path: /tmp/.buildx-cache
- name: Build pki-deps image
uses: docker/build-push-action@v5
with:
context: .
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
COPR_REPO=${{ env.COPR_REPO }}
tags: pki-deps
target: pki-deps
cache-to: type=local,dest=/tmp/.buildx-cache
if: steps.cache-buildx.outputs.cache-hit != 'true'
- name: Build pki-builder-deps image
uses: docker/build-push-action@v5
with:
context: .
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
COPR_REPO=${{ env.COPR_REPO }}
tags: pki-builder-deps
target: pki-builder-deps
cache-to: type=local,dest=/tmp/.buildx-cache
if: steps.cache-buildx.outputs.cache-hit != 'true'
- name: Build pki-runner image
uses: docker/build-push-action@v5
with:
context: .
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
COPR_REPO=${{ env.COPR_REPO }}
tags: pki-runner
target: pki-runner
cache-from: type=local,src=/tmp/.buildx-cache
outputs: type=docker,dest=pki-runner.tar
- name: Store pki-runner image
uses: actions/cache@v4
with:
key: pki-sonar-runner-${{ github.event.workflow_run.id }}
path: pki-runner.tar
sonarcloud:
name: Sonar Cloud code analysis
needs: [retrieve-pr, build]
if: needs.retrieve-pr.outputs.pr-number != ''
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/pki
steps:
- name: Retrieve pki-runner image
uses: actions/cache@v4
with:
key: pki-sonar-runner-${{ github.event.workflow_run.id }}
path: pki-runner.tar
- name: Load pki-runner image
run: docker load --input pki-runner.tar
- name: Checkout pulled branch
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add pki ${{ github.event.repository.clone_url }}
git fetch pki
git rebase pki/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Set up PKI container
run: |
tests/bin/runner-init.sh pki
- name: Copy build in current folder
run: docker cp pki:/usr/share/java/pki ./build
- name: Remove maven related file
run: rm -f pom.xml
- name: Start Sonar analysis
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}