From fd8b962719813cf58f9ca119ed19db24213ea34a Mon Sep 17 00:00:00 2001 From: Maximilian Linhoff Date: Tue, 9 Jul 2024 10:31:09 +0200 Subject: [PATCH 1/2] Run sonar in separate step to enable PRs from forks again --- .github/workflows/ci.yml | 9 +++--- .github/workflows/sonar.yml | 63 +++++++++++++++++++++++++++++++++++++ sonar-project.properties | 2 +- 3 files changed, 69 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/sonar.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7654d368dfe..116b69a391b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -146,11 +146,12 @@ jobs: ctapipe-info --version - # check code quality and coverage with SonarScanner - - uses: SonarSource/sonarqube-scan-action@v2 + # upload coverage report for sonar workflow + - uses: actions/upload-artifact@v4 if: contains(matrix.extra-args, 'codecov') && contains(github.event.pull_request.labels.*.name, 'documentation-only') == false - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + name: ctapipe-coverage-report + path: coverage.xml docs: runs-on: ubuntu-latest diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 00000000000..3ab5ba379b1 --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,63 @@ +# This workflow is triggered by the completion of our CI workflow +# It then checks out the pull request repository / branch, runs the +# sonar scanner, downloads the coverage report and uploads the report +# to the sonarqube server. This is necessary as forks don't have access +# to secrets and SONAR_TOKEN is required to upload reports. +# +# Adapted from https://github.com/medplum/medplum/ + +name: Sonar +on: + workflow_run: + workflows: [CI] + types: [completed] +jobs: + sonar: + name: Sonar + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' + steps: + - uses: actions/checkout@v4 + with: + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} + fetch-depth: 0 + + - name: 'Download code coverage' + uses: actions/github-script@v7 + with: + script: | + let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id, + }); + let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { + return artifact.name == "ctapipe-coverage-report" + })[0]; + let download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + let fs = require('fs'); + fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/medplum-code-coverage.zip`, Buffer.from(download.data)); + + - name: 'Unzip code coverage' + run: unzip ctapipe-coverage-report.zip -d coverage + + - name: Check artifact + run: ls -l coverage + + - name: SonarCloud Scan + uses: sonarsource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + args: > + -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} + -Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }} + -Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }} + -Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }} diff --git a/sonar-project.properties b/sonar-project.properties index f9ff842667d..12d5055665e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,6 +1,6 @@ sonar.projectKey=cta-observatory_ctapipe_AY52EYhuvuGcMFidNyUs sonar.language=python -sonar.python.coverage.reportPaths=coverage.xml +sonar.python.coverage.reportPaths=coverage/coverage.xml sonar.python.version=3.10 # ignore examples for coverage and issues, these are sphinx-gallery notebook scripts From 5bc87eb9d9af7b6910cc117392910451016eec4b Mon Sep 17 00:00:00 2001 From: Maximilian Linhoff Date: Tue, 9 Jul 2024 11:02:09 +0200 Subject: [PATCH 2/2] Add info step --- .github/workflows/sonar.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 3ab5ba379b1..d3fbe87052f 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -7,16 +7,27 @@ # Adapted from https://github.com/medplum/medplum/ name: Sonar + on: workflow_run: workflows: [CI] types: [completed] + jobs: sonar: name: Sonar runs-on: ubuntu-latest if: github.event.workflow_run.conclusion == 'success' steps: + - name: Info + run: | + echo "Running Sonarqube action for PR ${PR_NUMBER} of ${REPOSITORY}:${PR_BRANCH} to ${PR_TARGET}" + env: + REPOSITORY: ${{ github.event.workflow_run.head_repository.full_name }} + PR_NUMBER: ${{ github.event.workflow_run.pull_requests[0].number }} + PR_BRANCH: ${{ github.event.workflow_run.pull_requests[0].head.ref }} + PR_TARGET: ${{ github.event.workflow_run.pull_requests[0].base.ref }} + - uses: actions/checkout@v4 with: repository: ${{ github.event.workflow_run.head_repository.full_name }}