-
Notifications
You must be signed in to change notification settings - Fork 24
107 lines (99 loc) · 4.96 KB
/
pr-sonar.yml
File metadata and controls
107 lines (99 loc) · 4.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: PR Post-Build Sonar
on:
workflow_run:
workflows: [PR Build]
types: [completed]
jobs:
sonar:
runs-on: ubuntu-latest
timeout-minutes: 30
if: github.event.workflow_run.conclusion == 'success'
steps:
# Checkout the code from the PR
- name: Checkout PR code
uses: actions/checkout@v3
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
# Download the artifacts from the PR build
- name: Download artifacts 📥
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "rsc-pr-build-artifacts"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/rsc-pr-build-artifacts.zip`, Buffer.from(download.data));
- name: Unzip artifacts 📁
run: unzip rsc-pr-build-artifacts.zip
# Save the PR number, branch, and base branch to the environment
- name: Setup workflow variables 📝
run: |
# Load the PR number from the file
pr_number="$(<pr/pr_number)"
echo "PR_NUMBER: ${pr_number}"
pr_branch="$(<pr/pr_branch)"
echo "PR_BRANCH: ${pr_branch}"
pr_base="$(<pr/pr_base)"
echo "PR_BASE: ${pr_base}"
echo "PR_NUMBER=${pr_number}" >> $GITHUB_ENV
echo "PR_BRANCH=${pr_branch}" >> $GITHUB_ENV
echo "PR_BASE=${pr_base}" >> $GITHUB_ENV
# Checkout the base branch
# SonarCloud requires the base branch to be checked out to properly compare the PR for code coverage details
- name: Checkout base branch 🌳
run: |
git remote add upstream ${{ github.event.repository.clone_url }}
git fetch upstream
git checkout -B ${{ env.PR_BASE }} upstream/${{ env.PR_BASE }}
git checkout ${{ github.event.workflow_run.head_branch }}
git clean -ffdx && git reset --hard HEAD
# Download the artifacts from the PR build
# Have to do this again since checking out the base branch will remove the artifacts
# Need the coverage report for the sonar scan step
- name: Re-download artifacts 📥
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "rsc-pr-build-artifacts"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/rsc-pr-build-artifacts.zip`, Buffer.from(download.data));
- name: Re-unzip artifacts 📁
run: unzip rsc-pr-build-artifacts.zip
- name: SonarCloud Scan 🔍
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ env.PR_NUMBER }}
-Dsonar.pullrequest.branch=${{ env.PR_BRANCH }}
-Dsonar.pullrequest.base=${{ env.PR_BASE }}