-
Notifications
You must be signed in to change notification settings - Fork 2
/
action.yml
132 lines (120 loc) · 5.22 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: SonarCloud
description: Helper action to analyse repo with SonarCloud, pass correct PR details and upload coverage.
inputs:
is_pr:
type: boolean
required: false
description: Whether this workflow run related to a PR, if true then `repository` must be specified.
version_cmd:
type: string
required: true
description: The shell command to find the version to pass to Sonar as projectVersion
# We cannot use ${{ github.repository }} as in workflow runs from forks it'll be the upstream org
repository:
type: string
required: true
description: The full name of the head repo in org/repo format
# We cannot use ${{ github.ref_name }} as in workflow runs it'll just be the default branch (develop)
branch:
type: string
required: true
description: The name of the head branch
# We cannot use ${{ github.sha }} here as for pull requests it'll be a simulated merge commit instead
revision:
type: string
required: true
description: The git revision with which this sonar run should be associated
token:
type: string
required: true
description: The SONAR_TOKEN passed from secrets.
# Coverage specific parameters, assumes coverage reports live in a /coverage/ directory
coverage_run_id:
type: string
required: false
description: The run_id of the workflow which upload the coverage relevant to this run, if any
coverage_artifact_name:
type: string
required: false
description: The name of the coverage artifact
default: coverage
coverage_extract_path:
type: string
required: false
description: The path to which to extract the artifact, defaults to the checkout root `.`
default: '.'
skip_checkout:
type: boolean
required: false
description: Whether to skip the checkout step, sometimes some setup- action needs to run between checkout & analysis
default: false
runs:
using: composite
steps:
- name: "🧮 Checkout code"
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
# Inputs on composite actions are made of fail https://github.com/actions/runner/issues/1483
if: inputs.skip_checkout != 'true'
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ inputs.branch }} # checkout commit that triggered this workflow
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: "🔪 Extract owner from repository"
id: owner
# Inputs on composite actions are made of fail https://github.com/actions/runner/issues/1483
if: inputs.is_pr == 'true'
shell: bash
run: |
owner=$(echo "${{ inputs.repository }}" | cut -d'/' -f1)
echo "owner=$owner" >> $GITHUB_OUTPUT
- name: "🔍 Read PR details"
id: prdetails
# Inputs on composite actions are made of fail https://github.com/actions/runner/issues/1483
if: inputs.is_pr == 'true'
uses: matrix-org/pr-details-action@v1.3
with:
owner: ${{ steps.owner.outputs.owner }}
branch: ${{ inputs.branch }}
- name: "🔍 Read project version"
id: version
shell: bash
run: |
version=$(${{ inputs.version_cmd }} | tr -d '\r\n')
echo "sonar.projectVersion=${version//$'\n'/\\n}" >> sonar-project.properties
# Fetch base branch from the upstream repo so that Sonar can identify new code in PR builds
- name: "📕 Fetch base branch"
# workflow_call retains the github context of the caller, so `repository` will be upstream always due
# to it running on `workflow_run` which is called from the context of the target repo and not the fork.
if: steps.prdetails.outputs.base_branch
shell: bash
run: |
git remote add upstream https://github.com/${{ github.repository }}
git rev-parse HEAD
git fetch upstream ${{ steps.prdetails.outputs.base_branch }}:${{ steps.prdetails.outputs.base_branch }}
git status
git rev-parse HEAD
- name: "📥 Download Coverage Report"
uses: actions/download-artifact@v4
if: inputs.coverage_run_id
with:
github-token: ${{ github.token }}
run-id: ${{ inputs.coverage_run_id }}
name: ${{ inputs.coverage_artifact_name }}
path: ${{ inputs.coverage_extract_path }}
- name: "🔧 Load configuration"
shell: bash
run: |
echo "sonar.scm.revision=$REVISION" >> sonar-project.properties
echo "sonar.pullrequest.key=$PR_ID" >> sonar-project.properties
echo "sonar.pullrequest.branch=$HEAD_BRANCH" >> sonar-project.properties
echo "sonar.pullrequest.base=$BASE_BRANCH" >> sonar-project.properties
env:
REVISION: ${{ inputs.revision }}
PR_ID: ${{ steps.prdetails.outputs.pr_id }}
HEAD_BRANCH: ${{ steps.prdetails.outputs.pr_id && steps.prdetails.outputs.head_branch }}
BASE_BRANCH: ${{ steps.prdetails.outputs.pr_id && steps.prdetails.outputs.base_branch }}
- name: "🩻 SonarCloud Scan"
uses: SonarSource/sonarcloud-github-action@02ef91109b2d589e757aefcfb2854c2783fd7b19 # v4.0.0
env:
GITHUB_TOKEN: ${{ github.token }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ inputs.token }}