From 2496971156a20a7961b2ee5bce5f3299ca197f6e Mon Sep 17 00:00:00 2001 From: abitmore Date: Tue, 2 Mar 2021 12:04:38 -0500 Subject: [PATCH] Integrate SonarScanner in Github Actions workflow --- .github/workflows/sonar-scan.yml | 107 +++++++++++++++++++++++++++++++ sonar-project.properties | 11 +++- 2 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/sonar-scan.yml diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml new file mode 100644 index 000000000..e029664ba --- /dev/null +++ b/.github/workflows/sonar-scan.yml @@ -0,0 +1,107 @@ +name: Scan with SonarScanner +on: [ push, pull_request ] +env: + CCACHE_COMPRESS: exists means true + CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros +jobs: + sonar-scan: + name: Scan with SonarScanner + strategy: + matrix: + os: [ ubuntu-latest ] + runs-on: ${{ matrix.os }} + steps: + - name: Download and install latest SonarScanner CLI tool + run: | + SONAR_SCANNER_VERSION=`curl https://github.com/SonarSource/sonar-scanner-cli/releases/latest \ + 2>/dev/null | cut -f2 -d'"' | cut -f8 -d'/'` + SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli + curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \ + $SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \ + https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip + unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ + SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux + echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV + echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV + echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV + echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH + echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH + - name: Install dependencies + run: | + sudo apt-get update + openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'` + libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'` + [ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \ + sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver} + sudo apt-get install -y \ + ccache \ + parallel \ + libboost-thread-dev \ + libboost-iostreams-dev \ + libboost-date-time-dev \ + libboost-system-dev \ + libboost-filesystem-dev \ + libboost-program-options-dev \ + libboost-chrono-dev \ + libboost-test-dev \ + libboost-context-dev \ + libboost-regex-dev \ + libboost-coroutine-dev + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + submodules: recursive + - name: Configure + run: | + mkdir -p _build + pushd _build + export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR + cmake -D CMAKE_BUILD_TYPE=Debug \ + -D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \ + -D CMAKE_C_COMPILER=gcc \ + -D CMAKE_C_COMPILER_LAUNCHER=ccache \ + -D CMAKE_CXX_COMPILER=g++ \ + -D CMAKE_CXX_COMPILER_LAUNCHER=ccache \ + -D CMAKE_C_FLAGS=--coverage \ + -D CMAKE_CXX_FLAGS=--coverage \ + -D Boost_USE_STATIC_LIBS=OFF \ + .. + popd + - name: Load Cache + uses: actions/cache@v2 + with: + path: | + ccache + sonar_cache + key: sonar-${{ github.ref }}-${{ github.sha }} + restore-keys: | + sonar-${{ github.ref }}- + sonar- + - name: Build + run: | + export CCACHE_DIR="$GITHUB_WORKSPACE/ccache" + mkdir -p "$CCACHE_DIR" + build-wrapper-linux-x86-64 --out-dir bw-output make -j 2 -C _build + - name: Test + run: | + parallel echo Running {}\; sh -c "./{}" <<_EOT_ + tests/run-parallel-tests.sh _build/tests/all_tests -l test_suite + _build/tests/bloom_test -- README.md + _build/tests/ecc_test README.md + _build/tests/hmac_test + _build/tests/task_cancel_test + _EOT_ + - name: Prepare for scanning with SonarScanner + run: | + mkdir -p sonar_cache + find _build/CMakeFiles/fc.dir -type d -print \ + | while read d; do gcov -o "$d" "${d/_build*.dir/.}"/*.cpp; done >/dev/null + - name: Scan with SonarScanner + env: + # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + sonar-scanner \ + -Dsonar.login=${{ secrets.SONAR_TOKEN }} diff --git a/sonar-project.properties b/sonar-project.properties index 9f95197d5..78943d026 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,8 +1,13 @@ -sonar.projectKey=BitShares-FC +sonar.organization=bitshares-on-github + +sonar.projectKey=bitshares_bitshares-fc sonar.projectName=BitShares-FC +sonar.projectDescription=Fast-compiling C++ library + +sonar.host.url=https://sonarcloud.io sonar.links.homepage=https://bitshares.org -sonar.links.ci=https://travis-ci.org/bitshares/bitshares-fc/ +sonar.links.ci=https://github.com/bitshares/bitshares-fc/actions sonar.links.issue=https://github.com/bitshares/bitshares-core/issues sonar.links.scm=https://github.com/bitshares/bitshares-fc/tree/master @@ -12,3 +17,5 @@ sonar.sources=src,include sonar.cfamily.build-wrapper-output=bw-output sonar.cfamily.gcov.reportsPath=. sonar.cfamily.threads=2 +sonar.cfamily.cache.enabled=true +sonar.cfamily.cache.path=sonar_cache