Separate SonarCloud step to safely run it on PRs

2022-11-23 14:43:12 +01:00 · 2022-11-23 14:43:12 +01:00 · 1d3452cdb0
commit 1d3452cdb0
parent 7c7673f1c2
2 changed files with 70 additions and 19 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -10,23 +10,21 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - { node-version: 10.x, lint: false, static-analysis: false, tests: false }
-          - { node-version: 11.x, lint: false, static-analysis: false, tests: false }
-          - { node-version: 12.x, lint: false, static-analysis: false, tests: false }
-          - { node-version: 13.x, lint: false, static-analysis: false, tests: false }
-          - { node-version: 14.x, lint: true, static-analysis: false, tests: true }
-          - { node-version: 15.x, lint: false, static-analysis: false, tests: true }
-          - { node-version: 16.x, lint: true, static-analysis: false, tests: true }
-          - { node-version: 17.x, lint: true, static-analysis: false, tests: true }
-          - { node-version: 18.x, lint: true, static-analysis: true, tests: true }
-          - { node-version: 19.x, lint: true, static-analysis: false, tests: true }
+          - { node-version: 10.x, lint: false, tests: false }
+          - { node-version: 11.x, lint: false, tests: false }
+          - { node-version: 12.x, lint: false, tests: false }
+          - { node-version: 13.x, lint: false, tests: false }
+          - { node-version: 14.x, lint: true, tests: true }
+          - { node-version: 15.x, lint: false, tests: true }
+          - { node-version: 16.x, lint: true, tests: true }
+          - { node-version: 17.x, lint: true, tests: true }
+          - { node-version: 18.x, lint: true, tests: true }
+          - { node-version: 19.x, lint: true, tests: true }

-    name: Node.js ${{ matrix.node-version }}${{ matrix.lint && ', lint' || '' }}${{ matrix.tests && ', test' || '' }}${{ matrix.static-analysis && ', static analysis' || ''}}, build
+    name: nodejs ${{ matrix.node-version }} (${{ matrix.lint && 'lint → ' || '' }}${{ matrix.tests && 'test → ' || '' }}build)

    steps:
      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
@ -81,12 +79,12 @@ jobs:
        run: npm test
        if: ${{ matrix.tests }}

-      - name: SonarCloud scan
-        uses: SonarSource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        if: ${{ matrix.static-analysis }}
+      - name: Upload code coverage
+        uses: actions/upload-artifact@v3
+        with:
+          name: code-coverage
+          path: coverage/lcov.info
+        if: ${{ matrix.node-version == '18.x' }}

      - name: Build the project
        run: npm run build
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@ -0,0 +1,53 @@
+on:
+  workflow_run:
+    workflows: [Build]
+    types: [completed]
+
+jobs:
+  sonar:
+    name: Sonar
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+
+      - name: 'Download code coverage'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "code-coverage"
+            })[0];
+            let download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/code-coverage.zip`, Buffer.from(download.data));
+
+      - name: 'Unzip code coverage'
+        run: unzip code-coverage.zip -d coverage
+
+      - name: SonarCloud scan
+        uses: sonarsource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+            -Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }}
+            -Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }}
+            -Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}