Test external pull request check with Sonar Scanner workflow #537
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Static code analysis workflow for Sonar Cloud, results are published to projects: | |
| # - Windows: https://sonarcloud.io/project/overview?id=methane-powered-kit-windows | |
| # - Linux: https://sonarcloud.io/project/overview?id=methane-powered-kit-linux | |
| # - MacOS: https://sonarcloud.io/project/overview?id=methane-powered-kit-macos | |
| name: '🎯 CI Sonar Scan' | |
| on: | |
| push: | |
| branches: [ master, develop ] | |
| paths: | |
| - '.github/**/*sonar*.yml' | |
| - 'sonar-project.properties' | |
| - 'Apps/**' | |
| - 'Modules/**' | |
| - 'Tests/**' | |
| - 'Externals/**' | |
| - 'CMake/**' | |
| - 'Build/*/CI/**' | |
| - 'CMakeLists.txt' | |
| - 'CMakePresets.json' | |
| # Pull request event runs in context of the target repository branch, but remote repos do not have access to secrets, | |
| # so it is used only for internal PRs from origin repository branches according to job condition below. | |
| pull_request: | |
| branches: [ master ] | |
| types: [opened, synchronize, reopened] | |
| paths: | |
| - '.github/**/*sonar*.yml' | |
| - 'sonar-project.properties' | |
| - 'Apps/**' | |
| - 'Modules/**' | |
| - 'Tests/**' | |
| - 'Externals/**' | |
| - 'CMake/**' | |
| - 'Build/*/CI/**' | |
| - 'CMakeLists.txt' | |
| - 'CMakePresets.json' | |
| # "Pull request target" event runs in context of the base repository and has access to secrets, | |
| # it is used only for external PRs from forked repositories to origin according to job condition below. | |
| pull_request_target: | |
| branches: [ master ] | |
| types: [ opened, synchronize, reopened ] | |
| paths: | |
| - 'Apps/**' | |
| - 'Modules/**' | |
| - 'Tests/**' | |
| - 'Externals/**' | |
| - 'CMake/**' | |
| - 'Build/*/CI/**' | |
| - 'CMakeLists.txt' | |
| - 'CMakePresets.json' | |
| schedule: | |
| - cron: '20 23 * * 3' # Scheduled workflow will not run in GitHub forks by default | |
| env: | |
| METHANE_VERSION_MAJOR: 0 | |
| METHANE_VERSION_MINOR: 7 | |
| METHANE_VERSION_PATCH: 3 | |
| METHANE_VERSION_BUILD: ${{ github.run_number }} | |
| jobs: | |
| sonar_scan: | |
| name: ${{ matrix.name }} | |
| # Run sonar scan job only in context of the origin repository: | |
| # - Trigger on either "push" or "pull request" event for the origin repository owned branches | |
| # - Or trigger on "pull request target" event for external repositories to have access to secrets from origin repo context | |
| # see https://github.com/orgs/community/discussions/26829 | |
| if: ${{ github.repository == 'MethanePowered/MethaneKit' && | |
| (github.event_name != 'pull_request_target' || | |
| github.event.pull_request.head.repo.full_name != github.repository) }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| os_name: windows | |
| name: "Win64_DX_SonarScan" | |
| named_logo: Windows | |
| config_preset: "Ninja-Win-DX-Scan" | |
| build_preset: "Ninja-Win-DX-Scan" | |
| sonar_project_key: "methane-powered-kit-windows" | |
| tests_coverage_reports: "Build/Output/Ninja-Win-DX-Scan/Install/Tests/Coverage/*.xml" | |
| - os: ubuntu-latest | |
| os_name: linux | |
| name: "Ubuntu_VK_SonarScan" | |
| named_logo: Linux | |
| config_preset: "Ninja-Lin-VK-Scan" | |
| build_preset: "Ninja-Lin-VK-Scan" | |
| sonar_project_key: "methane-powered-kit-linux" | |
| tests_coverage_reports: "Build/Output/Ninja-Lin-VK-Scan/Build/MethaneTestCoverage.info" | |
| - os: macos-latest | |
| os_name: macosx | |
| name: "MacOS_MTL_SonarScan" | |
| named_logo: Apple | |
| config_preset: "Ninja-Mac-MTL-Scan" | |
| build_preset: "Ninja-Mac-MTL-Scan" | |
| sonar_project_key: "methane-powered-kit-macos" | |
| tests_coverage_reports: "Build/Output/Ninja-Mac-MTL-Scan/Install/Tests/Coverage/*.lcov" | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| BUILD_DIR: Build/Output/${{ matrix.config_preset }}/Build | |
| INSTALL_DIR: Build/Output/${{ matrix.config_preset }}/Install | |
| BUILD_LOG_FILE: Build/Output/${{ matrix.config_preset }}/Install/Build.log | |
| COVERAGE_LOG_FILE: Build/Output/${{ matrix.config_preset }}/Install/Coverage.log | |
| SCAN_LOG_FILE: Build/Output/${{ matrix.config_preset }}/Install/SonarScan.log | |
| COMPILE_COMMANDS_FILE: Build/Output/${{ matrix.config_preset }}/Build/compile_commands.json | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Linux prerequisites | |
| if: ${{ matrix.os_name == 'linux' }} | |
| run: ./Build/Unix/CI/InstallLinuxPrerequisites.sh lcov | |
| - name: Install Testspace | |
| uses: testspace-com/setup-testspace@v1 | |
| with: | |
| domain: ${{ github.repository_owner }} | |
| # .NET Core is required by ReportGenerator | |
| - name: Install .NET Core | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: 6.0.400 | |
| - name: Install Sonar-Scanner | |
| uses: sonarsource/sonarcloud-github-c-cpp@v2 | |
| # Ninja build is required to generate compile commands file used by Sonar-Scanner | |
| - name: Install Ninja | |
| uses: MethanePowered/gha-setup-ninja@master | |
| with: | |
| version: 1.11.1 | |
| - name: Initialize Externals Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: Build/Output/ExternalsCache | |
| key: ExternalsCache-${{ matrix.config_preset }}-${{ hashFiles('Externals/*.cmake') }} | |
| - name: Setup Developer Command Prompt for MSVC (VS2022 x64) to build with Ninja | |
| if: ${{ matrix.os_name == 'windows' }} | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| with: | |
| arch: x64 | |
| - name: CMake Configure Preset ${{ matrix.config_preset }} | |
| shell: bash | |
| env: | |
| # Set BUILD version to zero to benefit from SonarCloud analysis cache (version change invalidates cache at each run) | |
| METHANE_VERSION_BUILD: 0 | |
| run: | | |
| ./Build/Unix/CI/CMakeConfigurePreset.sh "${{ matrix.config_preset }}" | |
| if [ -f $COMPILE_COMMANDS_FILE ]; then | |
| cp "$COMPILE_COMMANDS_FILE" "$INSTALL_DIR" | |
| else | |
| echo "Compile commands file was not found!" | |
| fi | |
| - name: CMake Build Preset ${{ matrix.build_preset }} | |
| shell: bash | |
| run: ./Build/Unix/CI/CMakeBuildPreset.sh "${{ matrix.build_preset }}" | |
| - name: Download OpenCppCoverage | |
| if: ${{ matrix.os_name == 'windows' }} | |
| shell: powershell | |
| working-directory: 'Build/Output/${{ matrix.config_preset }}/Install/Tests' | |
| run: ${{ github.workspace }}\Build\Windows\CI\DownloadOpenCppCoverageRelease.ps1 | |
| - name: Run all unit-tests with OpenCppCoverage code coverage on Windows | |
| if: ${{ matrix.os_name == 'windows' }} | |
| shell: cmd | |
| working-directory: 'Build\Output\${{ matrix.config_preset }}\Install\Tests' | |
| run: | | |
| ${{ github.workspace }}\Build\Windows\CI\RunUnitTestsWithCoverage.bat ^ | |
| "${{ github.workspace }}\Modules" ^ | |
| "Build/Output/${{ matrix.config_preset }}/Install/Tests" | |
| - name: Run all unit-tests to collect SonarQube test results on Linux | |
| if: ${{ matrix.os_name == 'linux' }} | |
| working-directory: 'Build/Output/${{ matrix.config_preset }}/Install/Tests' | |
| run: ${{ github.workspace }}/Build/Unix/CI/RunUnitTests.sh sonarqube | |
| - name: Run all unit-tests with code coverage using CTest and GCov on Linux | |
| if: ${{ matrix.os_name == 'linux' && (success() || failure()) }} | |
| run: ./Build/Unix/CI/CMakeBuildPreset.sh "${{ matrix.build_preset }}" MethaneTestCoverage "$COVERAGE_LOG_FILE" | |
| - name: Run all unit-tests with LCov code coverage on MacOS | |
| if: ${{ matrix.os_name == 'macosx' }} | |
| working-directory: 'Build/Output/${{ matrix.config_preset }}/Install/Tests' | |
| run: ${{ github.workspace }}/Build/Unix/CI/RunUnitTestsWithCoverage.sh | |
| - name: Generate Code Coverage Reports | |
| if: ${{ success() || failure() }} | |
| uses: danielpalme/[email protected] | |
| with: | |
| reports: ${{ matrix.tests_coverage_reports }} | |
| targetdir: 'Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report' | |
| reporttypes: 'Cobertura;SonarQube' | |
| title: 'Methane Tests Code Coverage for ${{ matrix.build_preset }}' | |
| tag: '${{ env.METHANE_VERSION_MAJOR }}.${{ env.METHANE_VERSION_MINOR }}.${{ env.METHANE_VERSION_PATCH }}.${{ env.METHANE_VERSION_BUILD }}' | |
| - name: Upload Code Coverage Cobertura Report | |
| if: ${{ success() || failure() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: MethaneKit_${{ matrix.name }}_CoverageResults | |
| path: Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml | |
| - name: Upload Build Log and Code Coverage to Testspace server | |
| if: ${{ success() || failure() }} | |
| shell: bash | |
| run: | | |
| testspace \ | |
| "[ ${{ matrix.name }} ]Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml" \ | |
| "[ ${{ matrix.name }} ]${{ env.BUILD_LOG_FILE }}" | |
| - name: Upload Code Coverage to CodeCov server | |
| if: ${{ success() || failure() }} | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml | |
| flags: unittests,${{ matrix.os_name }} | |
| name: ${{ matrix.name }} | |
| - name: Run Sonar Scanner | |
| if: ${{ success() || failure() }} | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_ORGANIZATION: methane-powered | |
| GITHUB_EVENT_NAME: ${{ github.event_name }} | |
| GITHUB_COMMIT_SHA: ${{ github.sha }} | |
| GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}" | |
| GITHUB_PR_BRANCH: ${{ github.event.pull_request.head.ref }}" | |
| GITHUB_PR_BASE: ${{ github.event.pull_request.base.ref }}" | |
| run: | | |
| ./Build/Unix/CI/RunSonarScanner.sh \ | |
| "${{ matrix.sonar_project_key }}" \ | |
| "Build/Output/${{ matrix.config_preset }}/Build" \ | |
| "Build/Output/${{ matrix.config_preset }}/Install/Tests" | |
| - name: Archive Scan Artifacts | |
| if: ${{ success() || failure() }} | |
| shell: bash | |
| working-directory: Build/Output/${{ matrix.config_preset }}/Install | |
| run: 7z a -t7z -mx=9 MethaneKit_${{ matrix.name }}.7z * | |
| - name: Upload Archived Scan Artifacts | |
| if: ${{ success() || failure() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: MethaneKit_${{ matrix.name }}_${{ env.METHANE_VERSION_MAJOR }}.${{ env.METHANE_VERSION_MINOR }}.${{ env.METHANE_VERSION_PATCH }}.${{ env.METHANE_VERSION_BUILD }} | |
| path: Build/Output/${{ matrix.config_preset }}/Install/MethaneKit_${{ matrix.name }}.7z | |
| - name: Update Badge Parameters | |
| if: ${{ github.event_name == 'push' && always() }} | |
| shell: bash | |
| run: ./Build/Unix/CI/UpdateBadgeParameters.sh "${{ job.status }}" | |
| - name: Update Badge JSON | |
| if: ${{ github.event_name == 'push' && always() }} | |
| uses: schneegans/[email protected] | |
| with: | |
| auth: ${{ secrets.GIST_TOKEN }} | |
| gistID: 96d788046ccd52b45b3354a99f8569c3 | |
| filename: MethaneKit_${{ matrix.name }}_${{ github.ref_name }}.json | |
| namedLogo: ${{ matrix.named_logo }} # https://simpleicons.org | |
| label: ${{ matrix.name }} | |
| labelColor: #f5f5f5 | |
| logoColor: #f5f5f5 | |
| message: ${{ env.badge_message }} | |
| color: ${{ env.badge_color }} |