.github/workflows/sonar-scan.yml

name: Scan with SonarScanner
on: [ push, pull_request ]
env:
  CCACHE_COMPRESS: exists means true
  CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros
jobs:
  sonar-scan:
    name: Scan with SonarScanner
    strategy:
      matrix:
        os: [ ubuntu-latest ]
    runs-on: ${{ matrix.os }}
    services:
      elasticsearch:
        image: docker://elasticsearch:7.10.1
        options: --env discovery.type=single-node --publish 9200:9200 --publish 9300:9300
    steps:
    - name: Download and install latest SonarScanner CLI tool
      run: |
        SONAR_SCANNER_VERSION=`curl https://github.com/SonarSource/sonar-scanner-cli/releases/latest \
                                    2>/dev/null | cut -f2 -d'"' | cut -f8 -d'/'`
        SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
        curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \
             $SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
        unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
        curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \
             https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
        unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
        SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
        echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV
        echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV
        echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
        echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH
        echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
    - name: Install dependencies
      run: |
        df -h
        sudo apt-get update
        openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'`
        libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'`
        [ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \
          sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver}
        sudo apt-get install -y \
                     ccache \
                     parallel \
                     libboost-thread-dev \
                     libboost-iostreams-dev \
                     libboost-date-time-dev \
                     libboost-system-dev \
                     libboost-filesystem-dev \
                     libboost-program-options-dev \
                     libboost-chrono-dev \
                     libboost-test-dev \
                     libboost-context-dev \
                     libboost-regex-dev \
                     libboost-coroutine-dev \
                     libcurl4-openssl-dev
        sudo apt-get auto-remove -y
        sudo apt-get clean -y
        df -h
        sudo du -hs /mnt/*
        sudo ls -alr /mnt/
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0
        submodules: recursive
    - name: Configure
      run: |
        pwd
        df -h .
        mkdir -p _build
        sudo mkdir -p /_build/libraries /_build/programs /mnt/_build/tests
        sudo chmod a+rwx /_build/libraries /_build/programs /mnt/_build/tests
        ln -s /_build/libraries _build/libraries
        ln -s /_build/programs _build/programs
        ln -s /mnt/_build/tests _build/tests
        sudo ln -s /_build/libraries /mnt/_build/libraries
        sudo ln -s /_build/programs /mnt/_build/programs
        sudo ln -s /mnt/_build/tests /_build/tests
        ls -al _build
        sed -i '/tests/d' libraries/fc/CMakeLists.txt
        pushd _build
        export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR
        cmake -D CMAKE_BUILD_TYPE=Debug \
              -D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \
              -D CMAKE_C_COMPILER=gcc \
              -D CMAKE_C_COMPILER_LAUNCHER=ccache \
              -D CMAKE_CXX_COMPILER=g++ \
              -D CMAKE_CXX_COMPILER_LAUNCHER=ccache \
              -D CMAKE_C_FLAGS=--coverage \
              -D CMAKE_CXX_FLAGS=--coverage \
              -D Boost_USE_STATIC_LIBS=OFF \
              ..
        popd
    - name: Load Cache
      uses: actions/cache@v2
      with:
        path: |
          ccache
          sonar_cache
        key: sonar-${{ github.ref }}-${{ github.sha }}
        restore-keys: |
          sonar-${{ github.ref }}-
          sonar-
    - name: Build
      run: |
        export CCACHE_DIR="$GITHUB_WORKSPACE/ccache"
        mkdir -p "$CCACHE_DIR"
        df -h
        programs/build_helpers/make_with_sonar bw-output -j 2 -C _build \
          witness_node cli_wallet js_operation_serializer get_dev_key network_mapper \
          app_test chain_test cli_test es_test
        df -h
        du -hs _build/libraries/* _build/programs/* _build/tests/*
        du -hs _build/*
        du -hs /_build/*
    - name: Unit-Tests
      run: |
        _build/tests/app_test -l test_suite
        df -h
        curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_cluster/settings \
          -d '{ "transient": { "cluster.routing.allocation.disk.threshold_enabled": false } }'
        echo
        _build/tests/es_test -l test_suite
        df -h
        libraries/fc/tests/run-parallel-tests.sh _build/tests/chain_test -l test_suite
        _build/tests/cli_test -l test_suite
        df -h
        echo "Cleanup"
        rm -rf /tmp/graphene*
        df -h
    - name: Quick test for program arguments
      run: |
        _build/programs/witness_node/witness_node --version
        _build/programs/witness_node/witness_node --help
        if _build/programs/witness_node/witness_node --bad-arg ; then \
          echo "Fail: did not get expected error."; false; \
        else \
          echo "Pass: got expected error."; \
        fi
        if _build/programs/witness_node/witness_node --plugins "account_history elasticsearch" ; then \
          echo "Fail: did not get expected error."; false; \
        else \
          echo "Pass: got expected error."; \
        fi
        if _build/programs/witness_node/witness_node --rpc-endpoint --plugins "witness"; then \
          echo "Fail: did not get expected error."; false; \
        else \
          echo "Pass: got expected error."; \
        fi
        _build/programs/cli_wallet/cli_wallet --version
        _build/programs/cli_wallet/cli_wallet --help
        _build/programs/cli_wallet/cli_wallet --suggest-brain-key
        if _build/programs/cli_wallet/cli_wallet --bad-arg ; then \
          echo "Fail: did not get expected error."; false; \
        else \
          echo "Pass: got expected error."; \
        fi
    - name: Prepare for scanning with SonarScanner
      run: |
        mkdir -p sonar_cache
        find _build/libraries/[acdenptuw]*/CMakeFiles/*.dir \
             _build/libraries/plugins/*/CMakeFiles/*.dir \
             -type d -print \
          | while read d; do \
              tmpd="${d:7}"; \
              srcd="${tmpd/CMakeFiles*.dir/.}"; \
              gcov -o "$d" "${srcd}"/*.[ch][px][px] \
                           "${srcd}"/include/graphene/*/*.[ch][px][px] ; \
            done >/dev/null
        find _build/programs/[cdgjsw]*/CMakeFiles/*.dir \
             -type d -print \
          | while read d; do \
              tmpd="${d:7}"; \
              srcd="${tmpd/CMakeFiles*.dir/.}"; \
              gcov -o "$d" "${srcd}"/*.[ch][px][px] ; \
            done >/dev/null
        programs/build_helpers/set_sonar_branch_for_github_actions sonar-project.properties
    - name: Scan with SonarScanner
      env:
        # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: |
        sonar-scanner \
           -Dsonar.login=${{ secrets.SONAR_TOKEN }}