From d45221854e285ca785b58b60bba5f0d23aee544b Mon Sep 17 00:00:00 2001
From: Mourits de Beer <31511766+ff137@users.noreply.github.com>
Date: Thu, 12 Dec 2024 10:13:54 +0200
Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Upgrade=20deprecated=20Son?=
 =?UTF-8?q?arCloud=20action=20(#1228)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* :arrow_up: Upgrade deprecated `sonarcloud-github-action` to `sonarqube-scan-action`

* :wrench: Add coverage exclusion rule for test files

* :wrench: Update coverage omit setting

* :construction_worker: Configure test coverage for SonarCloud

* :construction_worker: Simplify and use mise for workflow

* :art: Use latest actions/checkout
---
 .github/workflows/sonarcloud.yml | 73 ++++++++++++++++++++++++++------
 pyproject.toml                   |  7 +--
 2 files changed, 60 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 77bcf8531..64cdc4a72 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -43,24 +43,69 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Analyze with SonarCloud
+      # Checkout the repository
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for proper blame data in SonarCloud
+
+      - name: Overwrite .mise.toml # Simplify mise in this workflow
+        run: |
+          cat <<EOF > .mise.toml
+          [tools]
+          python = "3.12"
+          "pipx:poetry" = "1.8"
+          uv = "0.4"
+
+          [settings]
+          experimental = true
+          jobs = 1
+          pipx_uvx = true
+          python_compile = false
 
-        uses: SonarSource/sonarcloud-github-action@v4.0.0
+          [env]
+          # Use Python/Mise managed virtual environment
+          POETRY_VIRTUALENVS_CREATE = "false"
+          # Setup Python Virtual Environment
+          _.python.venv = { path = ".venv", create = true }
+
+          [tasks."poetry:install"]
+          description = "Poetry Install dependencies for all submodules"
+          depends = ["poetry:install:*"]
+          EOF
+
+      - name: Install dependencies
+        uses: jdx/mise-action@v2
+        with:
+          cache: true
+          experimental: true
+          install: true
+
+      # Install dependencies
+      - name: Install dependencies with Poetry
+        run: mise run poetry:install
+
+      # Run tests and generate coverage report
+      - name: Run Tests with Coverage
+        run: |
+          source .venv/bin/activate
+          set +e
+
+          cp .env.example .env
+          source .env
+
+          poetry run pytest --cov --cov-report=xml --ignore=app/tests/e2e/ --ignore=trustregistry/tests/e2e/
+
+      # Analyze with SonarCloud
+      - name: Analyze with SonarCloud
+        uses: SonarSource/sonarqube-scan-action@v4.1.0
         env:
           GITHUB_TOKEN: ${{ github.token }} # Needed to get PR information
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
         with:
-          # Additional arguments for the sonarcloud scanner
-          args:
-            # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
-            # mandatory
+          # Additional arguments for the SonarCloud scanner
+          args: >
             -Dsonar.projectKey=didx-xyz_aries-cloudapi-python
             -Dsonar.organization=didx-xyz
-            # Comma-separated paths to directories containing main source files.
-            #-Dsonar.sources= # optional, default is project base directory
-            # When you need the analysis to take place in a directory other than the one from which it was launched
-            #-Dsonar.projectBaseDir= # optional, default is .
-            # Comma-separated paths to directories containing test source files.
-            #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
-            # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
-            #-Dsonar.verbose= # optional, default is false
+            -Dsonar.coverage.exclusions=**/tests/**
+            -Dsonar.python.coverage.reportPaths=coverage.xml
diff --git a/pyproject.toml b/pyproject.toml
index 4d07cd3ab..c0353eff8 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -6,12 +6,7 @@ authors = ["Mourits de Beer <ff137@proton.me>"]
 package-mode = false
 
 [tool.coverage.run]
-omit = [
-  "app/tests/*",
-  "endorser/tests/*",
-  "trustregistry/tests/*",
-  "waypoint/tests/*",
-]
+omit = ["*/tests/*"]
 
 [tool.isort]
 profile = "black"