Separate SonarCloud step to safely run it on PRs

This commit is contained in:
Lars Strojny 2022-11-23 14:43:12 +01:00
parent 7c7673f1c2
commit 1d3452cdb0
No known key found for this signature in database
GPG key ID: 887416A2AD3B0CA9
2 changed files with 70 additions and 19 deletions

View file

@ -10,23 +10,21 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
include: include:
- { node-version: 10.x, lint: false, static-analysis: false, tests: false } - { node-version: 10.x, lint: false, tests: false }
- { node-version: 11.x, lint: false, static-analysis: false, tests: false } - { node-version: 11.x, lint: false, tests: false }
- { node-version: 12.x, lint: false, static-analysis: false, tests: false } - { node-version: 12.x, lint: false, tests: false }
- { node-version: 13.x, lint: false, static-analysis: false, tests: false } - { node-version: 13.x, lint: false, tests: false }
- { node-version: 14.x, lint: true, static-analysis: false, tests: true } - { node-version: 14.x, lint: true, tests: true }
- { node-version: 15.x, lint: false, static-analysis: false, tests: true } - { node-version: 15.x, lint: false, tests: true }
- { node-version: 16.x, lint: true, static-analysis: false, tests: true } - { node-version: 16.x, lint: true, tests: true }
- { node-version: 17.x, lint: true, static-analysis: false, tests: true } - { node-version: 17.x, lint: true, tests: true }
- { node-version: 18.x, lint: true, static-analysis: true, tests: true } - { node-version: 18.x, lint: true, tests: true }
- { node-version: 19.x, lint: true, static-analysis: false, tests: true } - { node-version: 19.x, lint: true, tests: true }
name: Node.js ${{ matrix.node-version }}${{ matrix.lint && ', lint' || '' }}${{ matrix.tests && ', test' || '' }}${{ matrix.static-analysis && ', static analysis' || ''}}, build name: nodejs ${{ matrix.node-version }} (${{ matrix.lint && 'lint → ' || '' }}${{ matrix.tests && 'test → ' || '' }}build)
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use Node.js ${{ matrix.node-version }} - name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3 uses: actions/setup-node@v3
@ -81,12 +79,12 @@ jobs:
run: npm test run: npm test
if: ${{ matrix.tests }} if: ${{ matrix.tests }}
- name: SonarCloud scan - name: Upload code coverage
uses: SonarSource/sonarcloud-github-action@master uses: actions/upload-artifact@v3
env: with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} name: code-coverage
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} path: coverage/lcov.info
if: ${{ matrix.static-analysis }} if: ${{ matrix.node-version == '18.x' }}
- name: Build the project - name: Build the project
run: npm run build run: npm run build

53
.github/workflows/sonar.yml vendored Normal file
View file

@ -0,0 +1,53 @@
on:
workflow_run:
workflows: [Build]
types: [completed]
jobs:
sonar:
name: Sonar
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion == 'success'
steps:
- uses: actions/checkout@v3
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: 'Download code coverage'
uses: actions/github-script@v6
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "code-coverage"
})[0];
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/code-coverage.zip`, Buffer.from(download.data));
- name: 'Unzip code coverage'
run: unzip code-coverage.zip -d coverage
- name: SonarCloud scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}