Kraken on debian11 #3105
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SonarCloud | |
on: | |
push: | |
branches: [ dev ] | |
pull_request: | |
branches: [ dev ] | |
env: | |
SONAR_SCANNER_VERSION: 5.0.1.3006 | |
REGION: eu-west-1 | |
jobs: | |
aws_creds: | |
name: Get ECR Access | |
runs-on: [ self-hosted, corefront, sandbox ] | |
outputs: | |
token: ${{ steps.ecr_token.outputs.token }} | |
steps: | |
- id: ecr_token | |
name: Get ECR Token | |
run: | | |
echo token=$(aws ecr get-login-password --region $REGION) >> $GITHUB_OUTPUT | |
static_analysis: | |
runs-on: [self-hosted, corefront, sandbox] | |
needs: aws_creds | |
container: | |
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-debian11_dev:latest | |
credentials: | |
username: AWS | |
password: ${{ needs.aws_creds.outputs.token }} | |
volumes: | |
- /usr/share/dotnet:/usr/share/dotnet | |
# Mount /dotnet so we can delete files from docker and free up space (>20GB) | |
services: | |
rabbitmq: | |
image: rabbitmq:3-alpine | |
ports: | |
- 5672:5672 | |
redis: | |
image: redis:6-alpine | |
ports: | |
- 6379:6379 | |
steps: | |
- name: force chown to avoid errors | |
run: chown -R $USER:$USER . | |
- name: Git config | |
run: git config --global --add safe.directory /__w/navitia/navitia | |
- name: Free up space | |
run: rm -rf /usr/share/dotnet/* | |
- name: Display remaining space | |
run: df -h | |
- name: Generate github private access token | |
id: ci-core-app-token | |
uses: getsentry/[email protected] | |
with: | |
app_id: ${{ secrets.CI_CORE_APP_ID }} | |
private_key: ${{ secrets.CI_CORE_APP_PEM }} | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
token: ${{ steps.ci-core-app-token.outputs.token }} | |
- name: Install Gcov and SonarCloud's dependencies for C++ analysis | |
run : | | |
rm -rf "$AGENT_TOOLSDIRECTORY" | |
apt update -y | |
pip install gcovr | |
apt install -y unzip wget | |
wget https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip | |
unzip -u build-wrapper-linux-x86.zip | |
unzip -u sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip | |
- name: Cache Sonar | |
id: cache-sonar | |
uses: actions/cache@v3 | |
with: | |
path: sonar_cache | |
key: sonar-cache-${{ github.event.head_commit.id }} | |
restore-keys: | | |
sonar-cache- | |
- name: Configure | |
run: cmake -DCMAKE_BUILD_TYPE=Profile -DSTRIP_SYMBOLS=ON source | |
- name: Build | |
run: build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir build-wrapper-output-dir make -j $(nproc) | |
- name: Tests python3 | |
run: | | |
virtualenv -p python3.9 navitia_py3 | |
. navitia_py3/bin/activate | |
pip install -r source/jormungandr/requirements_dev.txt | |
export JORMUNGANDR_BROKER_URL='amqp://guest:guest@rabbitmq:5672//' | |
export KRAKEN_RABBITMQ_HOST='rabbitmq' | |
ctest --output-on-failure | |
deactivate | |
- name: docker_test python3 | |
run: | | |
. navitia_py3/bin/activate | |
pip install -r source/jormungandr/requirements_dev.txt | |
pip install -r source/tyr/requirements_dev.txt | |
pip install -r source/sql/requirements.txt | |
export NAVITIA_CHAOS_DUMP_PATH=$(echo $GITHUB_WORKSPACE/source/tests/chaos/chaos_loading.sql.gz | sed -e 's#__w#/opt/actions-runner/_work#') | |
echo $NAVITIA_CHAOS_DUMP_PATH | |
make docker_test | |
deactivate | |
rm -rf navitia_py3 | |
env: | |
NAVITIA_DOCKER_NETWORK: ${{ job.container.network }} | |
TYR_CELERY_BROKER_URL: 'amqp://guest:guest@rabbitmq:5672//' | |
TYR_REDIS_HOST: 'redis' | |
- name: Coverage | |
run: gcovr -k -r . -f source -e source/third_party --sonarqube cov.xml | |
- name: SonarCloud Scan | |
# We only want 1 scan as it would bloat sonarcube otherwise | |
# And only on an internal merge (to dev/master) as SonarCloud's token uses Secrets that not available from a fork :( (eg. https://docs.github.com/en/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow) | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
sonar-scanner-$SONAR_SCANNER_VERSION-linux/bin/sonar-scanner \ | |
-Dsonar.cfamily.threads=$(nproc) | |
- name: clean up workspace | |
if: ${{ always() }} | |
run: | | |
rm -rf ./* | |
rm -rf ./.??* | |