Skip to content

Code Analysis for Pull Request #7

Code Analysis for Pull Request

Code Analysis for Pull Request #7

name: Code Analysis for Pull Request
on:
workflow_run:
workflows: ["Code Analysis"]
types:
- completed
env:
BASE_IMAGE: ${{ vars.BASE_IMAGE || 'registry.fedoraproject.org/fedora:latest' }}
COPR_REPO: ${{ vars.COPR_REPO || '@pki/master' }}
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || 'dogtagpki' }}
jobs:
retrieve-pr:
if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.pr-artifact-script.outputs.result }}
pr-base: ${{ steps.pr-base-script.outputs.result }}
steps:
- name: 'Download PR artifact'
uses: actions/github-script@v6
id: download-pr
with:
result-encoding: string
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr"
})[0];
if (matchArtifact == null){
core.setFailed("No PR artifact");
return "False";
}
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
return "True";
- name: Unzip the pr
if: steps.download-pr.outputs.result == 'True'
run: unzip pr.zip
- name: Retrieve the pr number
if: success()
id: pr-artifact-script
uses: actions/github-script@v6
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_number = Number(fs.readFileSync('./NR'));
return pr_number;
- name: Retrieve the pr base
if: success()
id: pr-base-script
uses: actions/github-script@v6
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_base = fs.readFileSync('./BaseBranch');
return pr_base;
build:
name: Building LDAP SDK
needs: retrieve-pr
runs-on: ubuntu-latest
steps:
- name: Clone the repository
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add ldap-sdk ${{ github.event.repository.clone_url }}
git fetch ldap-sdk
git rebase ldap-sdk/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Update Dockerfile
run: |
# update registry namespace
sed -i "s/quay.io\/dogtagpki\//quay.io\/$NAMESPACE\//g" Dockerfile
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build runner image
uses: docker/build-push-action@v5
with:
context: .
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
COPR_REPO=${{ env.COPR_REPO }}
tags: ldapjdk-runner
target: ldapjdk-runner
outputs: type=docker,dest=sonar-runner.tar
- name: Store runner image
uses: actions/cache@v4
with:
key: sonar-runner-${{ github.event.workflow_run.id }}
path: sonar-runner.tar
sonarcloud:
name: SonarCloud
needs: [retrieve-pr, build]
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/ldapjdk
steps:
- name: Retrieve runner image
uses: actions/cache@v4
with:
key: sonar-runner-${{ github.event.workflow_run.id }}
path: sonar-runner.tar
- name: Load runner image
run: docker load --input sonar-runner.tar
- name: Clone the repository
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add ldap-sdk ${{ github.event.repository.clone_url }}
git fetch ldap-sdk
git rebase ldap-sdk/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Run container
run: |
tests/bin/runner-init.sh pki
- name: Copy builds in current folder
run: |
mkdir build
docker cp pki:/usr/share/java/ldapbeans.jar build/
docker cp pki:/usr/share/java/ldapfilt.jar build/
docker cp pki:/usr/share/java/ldapjdk.jar build/
docker cp pki:/usr/share/java/ldapsp.jar build/
- name: Remove maven configuration
run: rm -f pom.xml
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}