Merge pull request #274 from bostjan/fix-file-output-arg-parsing #434

Workflow file for this run

.github/workflows/code-qa-sonarcloud.yml at a898fe3

	name: Code QA - SonarCloud



	on:
	workflow_dispatch:

	push:
	branches:
	- master
	- sonarcloud-scan
	tags:
	- '*'
	paths-ignore:
	- '.github/**'
	- '.gitignore'
	- 'ChangeLog'
	- 'COPYING'
	- 'configure.scan'
	- 'packaging/**'
	- 'dev-tools/**'
	# - '!dev-tools/libexec/get-release-*.sh'
	- 'doc/**'
	- 'etc/**'
	- 'install/**'
	- 'lib/*/IMPORT.defs'
	- 'lib/*/LICENSE'
	- 'README.md'

	pull_request_target:
	types:
	- labeled
	- opened
	- synchronize
	branches:
	- master
	paths-ignore:
	- '.github/**'
	- '.gitignore'
	- 'ChangeLog'
	- 'COPYING'
	- 'configure.scan'
	- 'packaging/**'
	- 'dev-tools/**'
	# - '!dev-tools/libexec/get-release-*.sh'
	- 'doc/**'
	- 'etc/**'
	- 'install/**'
	- 'lib/*/IMPORT.defs'
	- 'lib/*/LICENSE'
	- 'README.md'



	jobs:
	code-qa-sonarcloud:

	name: Static code analysis submission
	runs-on: ubuntu-20.04
	container: ciready/ubuntu:20.04-ci-c

	# For PRs, start the execution only when a specific label is added
	if: \|
	(
	(github.event_name == 'workflow_dispatch')
	\|\|
	(github.event_name == 'push')
	\|\|
	(
	(github.event_name == 'pull_request_target')
	&&
	(
	((github.event.pull_request.action == 'labeled') && contains(github.event.pull_request.labels.*.name, '/ci run additional tests'))
	\|\|
	(github.actor == 'bostjan')
	)
	)
	)

	steps:



	- name: Check the SONAR_TOKEN value
	shell: bash
	run: \|
	if [[ "$SONAR_TOKEN" == "" ]]; then
	echo "ERROR: SONAR_TOKEN environmental variable not set or empty."
	echo "ERROR: If you're running this workflow locally with 'act', add the '--secret-file=...', like this"
	echo "ERROR:"
	echo "ERROR: act -j code-qa-sonarcloud --secret-file=dev-tools/submit-to-sonarcloud.conf"
	echo "ERROR:"
	exit 1
	fi
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}



	### Fetch the code
	#
	- name: Checkout branch ${{ github.ref }}
	uses: actions/checkout@v2
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	if: \|
	(
	(github.event_name == 'workflow_dispatch')
	\|\|
	(github.event_name == 'push')
	)

	# In the PR-related operation mode, unlike regular github's CI workflows (where
	# the workflow operates on a (preview) merge commit (as if PR was merged into the base
	# branch already), we're operating on PR's HEAD (last commit of the PR) itself here.
	- name: Checkout (preview) merge commit for PR ${{ github.event.pull_request.number }}
	uses: actions/checkout@v2
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	repository: ${{github.event.pull_request.head.repo.full_name}}
	ref: ${{github.event.pull_request.head.ref}}
	if: ${{ github.event_name == 'pull_request_target' }}

	# Work around the fix for CVE-2022-24765
	- run: git config --global --add safe.directory $GITHUB_WORKSPACE \|\| true



	### Install build environment tools + unzip
	#
	- run: ./dev-tools/install-dev-software.sh
	- run: DEBIAN_FRONTEND=noninteractive apt-get install -y unzip



	### Bootstrap & configure the code
	#
	- run: ./bootstrap.sh
	- run: ./configure --enable-option-checking=fatal --enable-everything --enable-code-coverage



	### Install SonarCloud build & scan tools
	#
	- name: Install SonarCloud build wrapper
	run: \|
	wget https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
	unzip build-wrapper-linux-x86.zip
	working-directory: /opt



	### Build with SonarCloud wrapper
	#
	- name: Build with SonarCloud build wrapper
	run: \|
	/opt/build-wrapper-linux-x86/build-wrapper-linux-x86-64 \
	--out-dir ../snoopy-sonarcloud-build-wrapper-output \
	make -j4



	### Generate coverage info
	#
	# No need to run `make check`, as the test suite is started by
	# the `coverage` target in Makefile.
	#
	- name: Run tests and generate coverage information
	run: make coverage



	### Install SonarCloud scanner
	#
	# The installation of the scanner is deferred to this point for security reasons,
	# as the build is done on a PR code that can easily mess with the scanner
	# installation to reveal the tokens.
	#
	- name: Install SonarClound scanner
	run: \|
	rm -rf sonar-scanner*

	# Temporarily disabling using the latest SonarScanner version (5.0.0.2966),
	# as it is producing the following error:
	# java.io.IOException: Cannot run program ".../.scannerwork/.sonartmp/5786710878849275698/subprocess" (in directory "..."): error=13, Permission denied
	#
	#LATEST_SONAR_SCANNER_VERSION=`wget -q -O - --header "Accept: application/vnd.github.v3+json" https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest \| grep '"tag_name"' \| head -n1 \| cut -d '"' -f4`
	#
	# Replacing it with this static definition for now:
	LATEST_SONAR_SCANNER_VERSION="6.1.0.4477"

	echo "Got the latest Sonar Scanner version: $LATEST_SONAR_SCANNER_VERSION"
	LATEST_SONAR_SCANNER_ZIP="sonar-scanner-cli-$LATEST_SONAR_SCANNER_VERSION-linux-x64.zip"
	LATEST_SONAR_SCANNER_DIR="sonar-scanner-$LATEST_SONAR_SCANNER_VERSION-linux-x64"
	wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/$LATEST_SONAR_SCANNER_ZIP
	unzip $LATEST_SONAR_SCANNER_ZIP
	ln -s $LATEST_SONAR_SCANNER_DIR/bin/sonar-scanner /opt/sonar-scanner
	working-directory: /opt



	### Trigger the SonarCloudscan and submission
	#
	- name: Scan and submit to SonarCloud - on push
	run: \|
	CURRENT_BRANCH_NAME=`git branch --show-current`
	SONARCLOUD_TAG=`./dev-tools/libexec/get-sonarcloud-tag.sh`
	/opt/sonar-scanner \
	-Dsonar.organization=a2o \
	-Dsonar.projectKey=snoopy \
	-Dsonar.sources=. \
	-Dsonar.coverage.exclusions=tests/*/,src/entrypoint/execve-wrapper* \
	-Dsonar.cpd.exclusions=tests/*/,src/entrypoint/* \
	-Dsonar.branch.name=$CURRENT_BRANCH_NAME \
	-Dsonar.projectVersion=$SONARCLOUD_TAG \
	-Dsonar.cfamily.build-wrapper-output=../snoopy-sonarcloud-build-wrapper-output \
	-Dsonar.cfamily.gcov.reportsPath=. \
	-Dsonar.host.url=https://sonarcloud.io
	echo "Submission tag: $SONARCLOUD_TAG (branch: $CURRENT_BRANCH_NAME)"
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	if: ${{ github.event_name == 'push' }}


	- name: Scan and submit to SonarCloud - on PR
	run: \|
	CURRENT_BRANCH_NAME=`git branch --show-current`
	SONARCLOUD_TAG=`./dev-tools/libexec/get-sonarcloud-tag.sh`
	/opt/sonar-scanner \
	-Dsonar.organization=a2o \
	-Dsonar.projectKey=snoopy \
	-Dsonar.sources=. \
	-Dsonar.coverage.exclusions=tests/*/,src/entrypoint/execve-wrapper* \
	-Dsonar.cpd.exclusions=tests/*/,src/entrypoint/* \
	-Dsonar.pullrequest.provider=github \
	-Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \
	-Dsonar.pullrequest.branch=${{github.event.pull_request.head.repo.owner.login}}:$PR_HEAD_REF \
	-Dsonar.pullrequest.github.repository=${{ github.event.pull_request.base.repo.full_name }} \
	-Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} \
	-Dsonar.cfamily.build-wrapper-output=../snoopy-sonarcloud-build-wrapper-output \
	-Dsonar.cfamily.gcov.reportsPath=. \
	-Dsonar.host.url=https://sonarcloud.io
	echo "Submission tag: $SONARCLOUD_TAG (branch: $CURRENT_BRANCH_NAME)"
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
	if: ${{ github.event_name == 'pull_request_target' }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #274 from bostjan/fix-file-output-arg-parsing #434

Workflow file

Merge pull request #274 from bostjan/fix-file-output-arg-parsing #434

Jobs

Run details

Workflow file for this run