From a06cbe371b908191c967069216b022f985db60f0 Mon Sep 17 00:00:00 2001 From: Jk Date: Tue, 11 Oct 2022 09:00:58 +0200 Subject: [PATCH] Create new GH action to allow sonar analysis on fork - After the maven verify action, the ID of the PR is saved to a file. - A new action checkout the PR's branch to run the analysis. --- .github/workflows/build_sonar_verify.yml | 79 ++++++++++++++++++++---- .github/workflows/maven-verify.yml | 9 +++ 2 files changed, 76 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build_sonar_verify.yml b/.github/workflows/build_sonar_verify.yml index 3e8d9a3d..4cac9e2d 100644 --- a/.github/workflows/build_sonar_verify.yml +++ b/.github/workflows/build_sonar_verify.yml @@ -1,20 +1,52 @@ # This action launches an analysis on sonarcloud only for PR made from the repository and on master branch. name: Sonar verify on: - push: - branches: - - master - pull_request: - types: [opened, synchronize, reopened] + workflow_run: + workflows: [Maven verify] + types: [completed] jobs: - build: - if: ${{ github.repository == 'mivek/MetarParser' && github.actor != 'dependabot[bot]' }} # Sonar build needs secrets in the repository - name: Build + sonar_pr: + if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' }} runs-on: ubuntu-latest steps: + - name: Download PR artifact + uses: dawidd6/action-download-artifact@v2 + with: + workflow: Maven verify + run_id: ${{ github.event.workflow_run.id }} + name: PR_NUMBER + + - name: Read PR_NUMBER.txt + id: pr_number + uses: juliangruber/read-file-action@v1 + with: + path: ./PR_NUMBER.txt + + - name: Request GitHub API for PR data + uses: octokit/request-action@v2.x + id: get_pr_data + with: + route: GET /repos/{full_name}/pulls/{number} + number: ${{ steps.pr_number.outputs.content }} + full_name: ${{ github.event.repository.full_name }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@v3 with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + fetch-depth: 0 + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} + + - name: Checkout base branch + if: github.event.workflow_run.event == 'pull_request' + run: | + git remote add upstream ${{ github.event.repository.clone_url }} + git fetch upstream + git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} + git checkout ${{ github.event.workflow_run.head_branch }} + git clean -ffdx && git reset --hard HEAD + - name: Set up JDK 17 uses: actions/setup-java@v3 with: @@ -33,8 +65,31 @@ jobs: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - - name: Build and analyze + - name: Sonar analysis + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} -Dsonar.projectKey=io.github.mivek:metarParser + + sonar_push: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.event.repository.full_name }} + steps: + - uses: actions/checkout@v3 + with: + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} + fetch-depth: 0 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'adopt' + cache: 'maven' + + - name: Sonar analysis env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=io.github.mivek:metarParser -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }} diff --git a/.github/workflows/maven-verify.yml b/.github/workflows/maven-verify.yml index 190da467..1f8d6e58 100644 --- a/.github/workflows/maven-verify.yml +++ b/.github/workflows/maven-verify.yml @@ -24,3 +24,12 @@ jobs: restore-keys: ${{ runner.os }}-m2 - name: Run the maven verify run: mvn --batch-mode --update-snapshots clean verify + + - name: Save the PR number in a file + run: echo ${{ github.event.number }} > PR_NUMBER.txt + + - name: Upload the PR number as an artifact + uses: action/upload-artifact@v3 + with: + name: PR_NUMBER + path: PR_NUMBER.txt