fix: sonarqube scan workflow

smartcontractkit · Jan 17, 2024 · 0e17aaa · 0e17aaa
1 parent b97fc1a
commit 0e17aaa
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 94 deletions.
diff --git a/.github/workflows/ci-lint.yml b/.github/workflows/ci-lint.yml
@@ -0,0 +1,25 @@
+name: CI Lint
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  ci-lint:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      actions: read
+    steps:
+      - name: ci-lint
+        uses: smartcontractkit/.github/actions/ci-lint-go@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # ci-lint-go@0.1.0
+        with:
+          metrics-job-name: ci-lint
+          golangci-lint-version: v1.55.2
+          golangci-lint-args: --enable=gofmt --tests=false --exclude-use-default --timeout=5m0s --out-format checkstyle:golangci-lint-report.xml
+          gc-basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
+          gc-host: ${{ secrets.GRAFANA_CLOUD_HOST }}
+
diff --git a/.github/workflows/push-main.yml → .github/workflows/ci-test.yml b/.github/workflows/push-main.yml → .github/workflows/ci-test.yml
@@ -1,30 +1,13 @@
-name: push-main
+name: CI Test
 
 on:
   push:
     branches:
       - main
+  pull_request:
 
 jobs:
-  ci-lint:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      actions: read
-    steps:
-      - name: ci-lint
-        uses: smartcontractkit/.github/actions/ci-lint-go@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # ci-lint-go@0.1.0
-        with:
-          metrics-job-name: ci-lint
-          golangci-lint-version: v1.55.2
-          golangci-lint-args: --enable=gofmt --tests=false --exclude-use-default --timeout=5m0s --out-format checkstyle:golangci-lint-report.xml
-          # TODO: Setup Grafana secrets for repository
-          # gc-basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
-          # gc-host: ${{ secrets.GRAFANA_CLOUD_HOST }}
-
   ci-test:
-    name: CI Tests
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repo
@@ -58,7 +41,15 @@ jobs:
         with:
           name: go-test-results
           path: |
-            ./output.txt
             ./coverage.txt
             ./race_coverage.txt
 
+      - name: Collect Metrics
+        if: always()
+        id: collect-gha-metrics
+        uses: smartcontractkit/push-gha-metrics-action@v2.0.2
+        with:
+          basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
+          hostname: ${{ secrets.GRAFANA_CLOUD_HOST }}
+          this-job-name: ci-test
+        continue-on-error: true
diff --git a/.github/workflows/pull-request-main.yml b/.github/workflows/pull-request-main.yml
diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml
@@ -1,6 +1,10 @@
 name: SonarQube Scan
 
-on: [push]
+on:
+  push:
+    branches:
+      - main
+  pull_request:
 
 jobs:
   wait_for_workflows:
@@ -11,7 +15,7 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
-          ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }}
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Wait for workflows
         uses: smartcontractkit/chainlink-github-actions/utils/wait-for-workflows@main
@@ -28,6 +32,8 @@ jobs:
     name: SonarQube Scan
     needs: [wait_for_workflows]
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
     if: always()
     steps:
       - name: Checkout the repo
@@ -39,29 +45,35 @@ jobs:
         if: always()
         uses: dawidd6/action-download-artifact@v2.27.0
         with:
-          workflow: golangci_lint.yml
+          workflow: ci-lint.yml
+          name: golangci-lint-report
           workflow_conclusion: ""
           name_is_regexp: true
-          name: golangci-lint-report
           if_no_artifact_found: warn
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Download Go PKG test reports
+      - name: Download go unit test coverage reports
         if: always()
         uses: dawidd6/action-download-artifact@v2.27.0
         with:
-          workflow: pkg.yml
+          workflow: ci-test.yml
+          name: go-test-results
           workflow_conclusion: ""
           name_is_regexp: true
-          name: go-test-results
           if_no_artifact_found: warn
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set SonarQube Report Paths
         if: always()
         id: sonarqube_report_paths
         shell: bash
         run: |
-          echo "sonarqube_coverage_report_paths=$(find -type f -name '*coverage.out' -printf "%p,")" >> $GITHUB_OUTPUT
-          echo "sonarqube_golangci_report_paths=$(find -type f -name 'golangci-lint-report.xml' -printf "%p,")" >> $GITHUB_OUTPUT
+          COVERAGE_REPORT_PATHS=$(find -type f -name '*coverage.txt' -printf '%p,')
+          GOLANGCI_REPORT_PATHS=$(find -type f -name 'golangci-lint-report.xml' -printf '%p,')
+          echo "COVERAGE_REPORT_PATHS=$COVERAGE_REPORT_PATHS"
+          echo "GOLANGCI_REPORT_PATHS=$GOLANGCI_REPORT_PATHS"
+          echo "sonarqube_coverage_report_paths=$COVERAGE_REPORT_PATHS" >> $GITHUB_OUTPUT
+          echo "sonarqube_golangci_report_paths=$GOLANGCI_REPORT_PATHS" >> $GITHUB_OUTPUT
 
       - name: SonarQube Scan
         if: always()
@@ -72,4 +84,5 @@ jobs:
             -Dsonar.go.golangci-lint.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_golangci_report_paths }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+