diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index e9a3f74..374455e 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -4,82 +4,106 @@ name: SonarCloud Analysis -on: - push: - branches: - - '**' - pull_request: - branches: - - 'main' - - 'develop' - pull_request_target: - branches: - - 'main' - - 'develop' +on: + workflow_run: + workflows: [SonarCloud Build] + types: [completed] jobs: sonar-check: - name: Sonar Check runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' timeout-minutes: 15 - - if: ${{ (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }} steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Cache SonarCloud packages - uses: actions/cache@v3 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Cache Maven packages - uses: actions/cache@v3 - with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 + - name: echo event + run: cat $GITHUB_EVENT_PATH + - name: Download PR number artifact + if: github.event.workflow_run.event == 'pull_request' + uses: dawidd6/action-download-artifact@v2 + with: + workflow: SonarCloud Build + run_id: ${{ github.event.workflow_run.id }} + name: PR_NUMBER + - name: Read PR_NUMBER.txt + if: github.event.workflow_run.event == 'pull_request' + id: pr_number + uses: juliangruber/read-file-action@v1 + with: + path: ./PR_NUMBER.txt + - name: Request GitHub API for PR data + if: github.event.workflow_run.event == 'pull_request' + uses: octokit/request-action@v2.x + id: get_pr_data + with: + route: GET /repos/{full_name}/pulls/{number} + number: ${{ steps.pr_number.outputs.content }} + full_name: ${{ github.event.repository.full_name }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/checkout@v3 + with: + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} + fetch-depth: 0 + - name: Checkout base branch + if: github.event.workflow_run.event == 'pull_request' + run: | + git remote add upstream ${{ github.event.repository.clone_url }} + git fetch upstream + git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} + git checkout ${{ github.event.workflow_run.head_branch }} + git clean -ffdx && git reset --hard HEAD + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - distribution: 'zulu' - java-version: '17' + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: '17' - - name: Set Common Sonar Variables - id: sonar_env - run: | - echo "##[set-output name=sonar_opts;]$(echo -Dsonar.host.url=https://sonarcloud.io \ - -Dsonar.projectKey=com-pas_compas-sitipe-service \ - -Dsonar.organization=com-pas )" - - name: Create custom Maven Settings.xml - uses: whelk-io/maven-settings-xml-action@v21 - with: - output_file: custom_maven_settings.xml - servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]' - - name: Build and analyze (Pull Request) - if: ${{ github.event_name == 'pull_request' || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - ./mvnw -B -s custom_maven_settings.xml -Psonar \ - ${{ steps.sonar_env.outputs.sonar_opts }} \ - -Dsonar.pullrequest.branch=${{ github.ref_name }} \ - -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \ - -Dsonar.pullrequest.base=${{ github.base_ref }} \ - -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \ - clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - - name: Build and analyze (Push) - if: ${{ github.event_name == 'push' }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - ./mvnw -B -s custom_maven_settings.xml -Psonar \ - ${{ steps.sonar_env.outputs.sonar_opts }} \ - -Dsonar.branch.name=${{ github.ref_name }} \ - clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + - name: Set Common Sonar Variables + id: sonar_env + run: | + echo "##[set-output name=sonar_opts;]$(echo -Dsonar.host.url=https://sonarcloud.io \ + -Dsonar.projectKey=com-pas_compas-sitipe-service \ + -Dsonar.organization=com-pas )" + - name: Create custom Maven Settings.xml + uses: whelk-io/maven-settings-xml-action@v21 + with: + output_file: custom_maven_settings.xml + servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]' + - name: Build and analyze (Pull Request) + if: ${{ github.event.workflow_run.event == 'pull_request' || (github.event.workflow_run.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request_target') }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + ./mvnw -B -s custom_maven_settings.xml -Psonar \ + ${{ steps.sonar_env.outputs.sonar_opts }} \ + -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} \ + -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} \ + -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} \ + -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \ + clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + - name: Build and analyze (Push) + if: ${{ github.event.workflow_run.event == 'push' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + ./mvnw -B -s custom_maven_settings.xml -Psonar \ + ${{ steps.sonar_env.outputs.sonar_opts }} \ + -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \ + -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }} \ + clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar diff --git a/.github/workflows/sonarcloud-build.yml b/.github/workflows/sonarcloud-build.yml new file mode 100644 index 0000000..58e78fc --- /dev/null +++ b/.github/workflows/sonarcloud-build.yml @@ -0,0 +1,77 @@ +# SPDX-FileCopyrightText: 2022 Alliander N.V. +# +# SPDX-License-Identifier: Apache-2.0 + +name: SonarCloud Build + +on: + push: + branches: + - '**' + pull_request: + branches: + - 'main' + - 'develop' + pull_request_target: + branches: + - 'main' + - 'develop' + +jobs: + precheck-build: + name: Pre Check Build + runs-on: ubuntu-latest + timeout-minutes: 30 + + if: ${{ (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven packages + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'zulu' + java-version: '17' + + - name: Create custom Maven Settings.xml + uses: whelk-io/maven-settings-xml-action@v21 + with: + output_file: custom_maven_settings.xml + servers: '[{ "id": "github-packages-compas", "username": "OWNER", "password": "${{ secrets.GITHUB_TOKEN }}" }]' + - name: Build and analyze (Pull Request) + if: ${{ github.event_name == 'pull_request' || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + ./mvnw -B -s custom_maven_settings.xml clean verify + - name: Build and analyze (Push) + if: ${{ github.event_name == 'push' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + ./mvnw -B -s custom_maven_settings.xml clean verify + - name: Save PR number to file + if: github.event_name == 'pull_request' + run: echo ${{ github.event.number }} > PR_NUMBER.txt + - name: Archive PR number + if: github.event_name == 'pull_request' + uses: actions/upload-artifact@v3 + with: + name: PR_NUMBER + path: PR_NUMBER.txt