-
Notifications
You must be signed in to change notification settings - Fork 13
175 lines (155 loc) · 5.72 KB
/
code-analysis-pull.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
name: Code Analysis for Pull Request
on:
workflow_run:
workflows: ["Code Analysis"]
types:
- completed
env:
BASE_IMAGE: ${{ vars.BASE_IMAGE || 'registry.fedoraproject.org/fedora:latest' }}
COPR_REPO: ${{ vars.COPR_REPO || '@pki/master' }}
NAMESPACE: ${{ vars.REGISTRY_NAMESPACE || 'dogtagpki' }}
jobs:
retrieve-pr:
if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
pr-number: ${{ steps.pr-artifact-script.outputs.result }}
pr-base: ${{ steps.pr-base-script.outputs.result }}
steps:
- name: 'Download PR artifact'
uses: actions/github-script@v6
id: download-pr
with:
result-encoding: string
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr"
})[0];
if (matchArtifact == null){
core.setFailed("No PR artifact");
return "False";
}
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
return "True";
- name: Unzip the pr
if: steps.download-pr.outputs.result == 'True'
run: unzip pr.zip
- name: Retrieve the pr number
if: success()
id: pr-artifact-script
uses: actions/github-script@v6
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_number = Number(fs.readFileSync('./NR'));
return pr_number;
- name: Retrieve the pr base
if: success()
id: pr-base-script
uses: actions/github-script@v6
with:
result-encoding: string
script: |
var fs = require('fs');
var pr_base = fs.readFileSync('./BaseBranch');
return pr_base;
build:
name: Building LDAP SDK
needs: retrieve-pr
runs-on: ubuntu-latest
steps:
- name: Clone the repository
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add ldap-sdk ${{ github.event.repository.clone_url }}
git fetch ldap-sdk
git rebase ldap-sdk/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Update Dockerfile
run: |
# update registry namespace
sed -i "s/quay.io\/dogtagpki\//quay.io\/$NAMESPACE\//g" Dockerfile
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build runner image
uses: docker/build-push-action@v5
with:
context: .
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
COPR_REPO=${{ env.COPR_REPO }}
tags: ldapjdk-runner
target: ldapjdk-runner
outputs: type=docker,dest=sonar-runner.tar
- name: Store runner image
uses: actions/cache@v4
with:
key: sonar-runner-${{ github.event.workflow_run.id }}
path: sonar-runner.tar
sonarcloud:
name: SonarCloud
needs: [retrieve-pr, build]
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/ldapjdk
steps:
- name: Retrieve runner image
uses: actions/cache@v4
with:
key: sonar-runner-${{ github.event.workflow_run.id }}
path: sonar-runner.tar
- name: Load runner image
run: docker load --input sonar-runner.tar
- name: Clone the repository
uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Rebase to master
run: |
git config user.name "GitHub Workflow Action"
git remote add ldap-sdk ${{ github.event.repository.clone_url }}
git fetch ldap-sdk
git rebase ldap-sdk/${{ needs.retrieve-pr.outputs.pr-base }}
- name: Run container
run: |
tests/bin/runner-init.sh pki
- name: Copy builds in current folder
run: |
mkdir build
docker cp pki:/usr/share/java/ldapbeans.jar build/
docker cp pki:/usr/share/java/ldapfilt.jar build/
docker cp pki:/usr/share/java/ldapjdk.jar build/
docker cp pki:/usr/share/java/ldapsp.jar build/
- name: Remove maven configuration
run: rm -f pom.xml
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}