Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature #2537 develop sonarqube_gha #2541

Merged
merged 4 commits into from
Apr 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions .github/jobs/configure_sonarqube.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#!/bin/bash

# Constants
SONAR_PROPERTIES_DIR=internal/scripts/sonarqube
SONAR_PROPERTIES=sonar-project.properties

# Check that this is being run from the top-level METplus directory
if [ ! -e $SONAR_PROPERTIES_DIR/$SONAR_PROPERTIES ]; then
echo "ERROR: ${0} -> must be run from the top-level METplus directory"
exit 1
fi

# Check required environment variables
if [ -z ${SOURCE_BRANCH+x} ]; then
echo "ERROR: ${0} -> \$SOURCE_BRANCH not defined!"
exit 1
fi
if [ -z ${WD_REFERENCE_BRANCH+x} ]; then
echo "ERROR: ${0} -> \$WD_REFERENCE_BRANCH not defined!"
exit 1
fi
if [ -z ${SONAR_HOST_URL+x} ]; then
echo "ERROR: ${0} -> \$SONAR_HOST_URL not defined!"
exit 1
fi
if [ -z ${SONAR_TOKEN+x} ]; then
echo "ERROR: ${0} -> \$SONAR_TOKEN not defined!"
exit 1
fi

# Define the version string
SONAR_PROJECT_VERSION=$(cat metplus/VERSION)

#
# Define the $SONAR_REFERENCE_BRANCH as the
# - Target of any requests
# - Manual setting for workflow dispatch
# - Source branch for any pushes (e.g. develop)
#
if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
export SONAR_REFERENCE_BRANCH=$GITHUB_BASE_REF
elif [ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]; then
export SONAR_REFERENCE_BRANCH=$WD_REFERENCE_BRANCH
else
export SONAR_REFERENCE_BRANCH=$SOURCE_BRANCH
fi

# Configure the sonar-project.properties
[ -e $SONAR_PROPERTIES ] && rm $SONAR_PROPERTIES
sed -e "s|SONAR_PROJECT_KEY|METplus-GHA|" \
-e "s|SONAR_PROJECT_NAME|METplus GHA|" \
-e "s|SONAR_PROJECT_VERSION|$SONAR_PROJECT_VERSION|" \
-e "s|SONAR_HOST_URL|$SONAR_HOST_URL|" \
-e "s|SONAR_TOKEN|$SONAR_TOKEN|" \
-e "s|SONAR_BRANCH_NAME|$SOURCE_BRANCH|" \
$SONAR_PROPERTIES_DIR/$SONAR_PROPERTIES > $SONAR_PROPERTIES

# Define new code when the source and reference branches differ
if [ "$SOURCE_BRANCH" != "$SONAR_REFERENCE_BRANCH" ]; then
echo "sonar.newCode.referenceBranch=${SONAR_REFERENCE_BRANCH}" >> $SONAR_PROPERTIES
fi

echo "Contents of the $SONAR_PROPERTIES file:"
cat $SONAR_PROPERTIES

3 changes: 3 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@
- [ ] Will this PR result in changes to the test suite? **[Yes or No]**</br>
If **yes**, describe the new output and/or changes to the existing output:</br>

- [ ] Do these changes introduce new SonarQube findings? **[Yes or No]**</br>
If **yes**, please describe:

- [ ] Please complete this pull request review by **[Fill in date]**.</br>

## Pull Request Checklist ##
Expand Down
82 changes: 82 additions & 0 deletions .github/workflows/sonarqube.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
name: SonarQube Scan

# Run SonarQube for Pull Requests and changes to the develop and main_vX.Y branches

on:

# Trigger analysis for pushes to develop and main_vX.Y branches
push:
branches:
- develop
- 'main_v**'
paths-ignore:
- 'docs/**'
- '.github/pull_request_template.md'
- '.github/ISSUE_TEMPLATE/**'
- '.github/labels/**'
- 'build_components/**'
- 'manage_externals/**'
- '**/README.md'
- '**/LICENSE.md'

# Trigger analysis for pull requests to develop and main_vX.Y branches
pull_request:
types: [opened, synchronize, reopened]
branches:
- develop
- 'main_v**'
paths-ignore:
- 'docs/**'
- '.github/pull_request_template.md'
- '.github/ISSUE_TEMPLATE/**'
- '.github/labels/**'
- 'build_components/**'
- 'manage_externals/**'
- '**/README.md'
- '**/LICENSE.md'

workflow_dispatch:
inputs:
reference_branch:
description: 'Reference Branch'
default: develop
type: string

jobs:
sonarqube:
name: SonarQube Scan
runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v4
with:
# Disable shallow clones for better analysis
fetch-depth: 0

- name: Get branch name
id: get_branch_name
run: echo branch_name=${GITHUB_REF#refs/heads/} >> $GITHUB_OUTPUT

- name: Configure SonarQube
run: .github/jobs/configure_sonarqube.sh
env:
SOURCE_BRANCH: ${{ steps.get_branch_name.outputs.branch_name }}
WD_REFERENCE_BRANCH: ${{ github.event.inputs.reference_branch }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

- name: SonarQube Quality Gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@master
# Force to fail step after specific time.
timeout-minutes: 5
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
10 changes: 0 additions & 10 deletions internal/scripts/sonarqube/environment/development.docker

This file was deleted.

7 changes: 2 additions & 5 deletions internal/scripts/sonarqube/run_nightly.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@
#=======================================================================

# Constants
#EMAIL_LIST="johnhg@ucar.edu hsoh@ucar.edu jpresto@ucar.edu linden@ucar.edu mccabe@ucar.edu"
EMAIL_LIST="johnhg@ucar.edu hsoh@ucar.edu mccabe@ucar.edu"
EMAIL_LIST="johnhg@ucar.edu hsoh@ucar.edu jpresto@ucar.edu mccabe@ucar.edu"
KEEP_DAYS=5

function usage {
Expand All @@ -39,7 +38,7 @@ SCRIPT_DIR=`dirname $0`
if [[ ${0:0:1} != "/" ]]; then SCRIPT_DIR=$(pwd)/${SCRIPT_DIR}; fi

# Define the development environment
ENV_FILE=${SCRIPT_DIR}/environment/development.`hostname`
ENV_FILE=${SCRIPT_DIR}/development.`hostname`
if [[ ! -e ${ENV_FILE} ]]; then
echo "$0: ERROR -> Development environment file missing: ${ENV_FILE}"
exit 1
Expand Down Expand Up @@ -71,6 +70,4 @@ if [[ $? -ne 0 ]]; then
exit 1
fi

# Convert SonarQube report from pdf to html

exit 0
49 changes: 33 additions & 16 deletions internal/scripts/sonarqube/run_sonarqube.sh
Original file line number Diff line number Diff line change
@@ -1,37 +1,48 @@
#!/bin/bash
#
# Run SonarQube Source Code Analyzer on a specified revision of MET
# Run SonarQube Source Code Analyzer for METplus
#=======================================================================
#
# This run_sonarqube.sh script will check out the specified version
# of MET and run the SonarQube Source Code Analyzer on it. First,
# of METplus and run the SonarQube Source Code Analyzer on it. First,
# go to the directory where you would like the SCA output written and
# then run:
#
# git clone https://github.com/dtcenter/METplus
# METplus/internal/scripts/sonarqube/run_sonarqube.sh name
# METplus/sonarqube/run_sonarqube.sh name
#
# Usage: run_sonarqube.sh name
# Test the specified branched version of MET:
# Test the specified branched version of METplus:
# run_sonarqube.sh {branch name}
# Test the specified tagged version of MET:
# Test the specified tagged version of METplus:
# run_sonarqube.sh {tag name}
#
#=======================================================================

# Constants
GIT_REPO="https://github.com/dtcenter/METplus"
GIT_REPO_NAME=METplus
GIT_REPO="https://github.com/dtcenter/${GIT_REPO_NAME}"

function usage {
echo
echo "USAGE: $(basename $0) name"
echo " where \"name\" specifies a branch, tag, or hash."
echo
echo
echo "USAGE: $(basename $0) name"
echo " where \"name\" specifies a branch, tag, or hash."
echo
}

# Check for arguments
if [[ $# -lt 1 ]]; then usage; exit; fi

# Check that SONAR_TOKEN and SONAR_HOST_URL are defined
if [ -z ${SONAR_TOKEN} ]; then
echo "ERROR: SONAR_TOKEN must be set"
exit 1
fi
if [ -z ${SONAR_HOST_URL} ]; then
echo "ERROR: SONAR_HOST_URL must be set"
exit 1
fi

# Check that SONARQUBE_WRAPPER_BIN is defined
if [ -z ${SONARQUBE_WRAPPER_BIN} ]; then
which build-wrapper-linux-x86-64 2> /dev/null
Expand Down Expand Up @@ -86,13 +97,12 @@ function run_command() {
return ${STATUS}
}


# Store the full path to the scripts directory
SCRIPT_DIR=`dirname $0`
if [[ ${0:0:1} != "/" ]]; then SCRIPT_DIR=$(pwd)/${SCRIPT_DIR}; fi

# Clone repo into a sub-directory and checkout the requested version
REPO_DIR="METplus-${1}"
REPO_DIR="${GIT_REPO_NAME}-${1}"

if [ -e ${REPO_DIR} ]; then
run_command "rm -rf ${REPO_DIR}"
Expand All @@ -101,14 +111,21 @@ run_command "git clone ${GIT_REPO} ${REPO_DIR}"
run_command "cd ${REPO_DIR}"
run_command "git checkout ${1}"

# Define the version string
SONAR_PROJECT_VERSION=$(cat metplus/VERSION)

SONAR_PROPERTIES=sonar-project.properties

# Copy sonar-project.properties for Python code
# Configure the sonar-project.properties
[ -e $SONAR_PROPERTIES ] && rm $SONAR_PROPERTIES
cp -p $SCRIPT_DIR/sonar-project.properties $SONAR_PROPERTIES
sed -e "s|SONAR_PROJECT_KEY|METplus_NB|" \
-e "s|SONAR_PROJECT_NAME|METplus Nightly Build|" \
-e "s|SONAR_PROJECT_VERSION|$SONAR_PROJECT_VERSION|" \
-e "s|SONAR_HOST_URL|$SONAR_HOST_URL|" \
-e "s|SONAR_TOKEN|$SONAR_TOKEN|" \
-e "s|SONAR_BRANCH_NAME|${1}|" \
$SCRIPT_DIR/$SONAR_PROPERTIES > $SONAR_PROPERTIES

# Run SonarQube scan for Python code
run_command "${SONARQUBE_SCANNER_BIN}/sonar-scanner"

# Run SonarQube report generator to make a PDF file
#TODAY=`date +%Y%m%d`
23 changes: 9 additions & 14 deletions internal/scripts/sonarqube/sonar-project.properties
Original file line number Diff line number Diff line change
@@ -1,17 +1,12 @@
sonar.projectKey=org.sonarqube:METplus_NB
sonar.projectName=METplus Nightly Build
sonar.projectVersion=1.0

# Project and source code settings
sonar.projectKey=SONAR_PROJECT_KEY
sonar.projectName=SONAR_PROJECT_NAME
sonar.projectVersion=SONAR_PROJECT_VERSION
sonar.branch.name=SONAR_BRANCH_NAME
sonar.sources=docs,internal,manage_externals,metplus,parm,produtil,ush

# The build-wrapper output dir

# Encoding of the source files
sonar.coverage.exclusions=internal/tests/**
sonar.sourceEncoding=UTF-8

#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
sonar.host.url=http://mandan:9000

sonar.login=met
sonar.password=met@sonar.ucar
# SonarQube server
sonar.host.url=SONAR_HOST_URL
sonar.token=SONAR_TOKEN