Skip to content

Commit

Permalink
Integrate SonarScanner in Github Actions workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
abitmore committed Mar 1, 2021
1 parent f386832 commit 4e5670b
Show file tree
Hide file tree
Showing 3 changed files with 230 additions and 4 deletions.
138 changes: 138 additions & 0 deletions .github/workflows/sonar-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
name: Scan with SonarScanner
on: [ push, pull_request ]
env:
CCACHE_COMPRESS: exists means true
CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros
jobs:
sonar-scan:
name: Scan with SonarScanner
strategy:
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
services:
elasticsearch:
image: docker://elasticsearch:7.4.2
options: --env discovery.type=single-node --publish 9200:9200 --publish 9300:9300
steps:
- name: Download and install latest SonarScanner CLI tool
run: |
SONAR_SCANNER_VERSION=`curl https://github.com/SonarSource/sonar-scanner-cli/releases/latest \
2>/dev/null | cut -f2 -d'"' | cut -f8 -d'/'`
SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \
$SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV
echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
- name: Install dependencies
run: |
df -h
sudo apt-get update
openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'`
libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'`
[ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \
sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver}
sudo apt-get install -y \
ccache \
parallel \
libboost-thread-dev \
libboost-iostreams-dev \
libboost-date-time-dev \
libboost-system-dev \
libboost-filesystem-dev \
libboost-program-options-dev \
libboost-chrono-dev \
libboost-test-dev \
libboost-context-dev \
libboost-regex-dev \
libboost-coroutine-dev \
libcurl4-openssl-dev
sudo apt-get auto-remove -y
sudo apt-get clean -y
df -h
sudo du -hs /mnt/*
sudo ls -alr /mnt/
- uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: recursive
- name: Configure
run: |
pwd
df -h .
mkdir -p _build
sudo mkdir -p /_build/libraries /_build/programs /mnt/_build/tests
sudo chmod a+rwx /_build/libraries /_build/programs /mnt/_build/tests
ln -s /_build/libraries _build/libraries
ln -s /_build/programs _build/programs
ln -s /mnt/_build/tests _build/tests
sudo ln -s /_build/libraries /mnt/_build/libraries
sudo ln -s /_build/programs /mnt/_build/programs
sudo ln -s /mnt/_build/tests /_build/tests
ls -al _build
sed -i '/tests/d' libraries/fc/CMakeLists.txt
pushd _build
export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR
cmake -D CMAKE_BUILD_TYPE=Debug \
-D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \
-D CMAKE_C_COMPILER=gcc \
-D CMAKE_C_COMPILER_LAUNCHER=ccache \
-D CMAKE_CXX_COMPILER=g++ \
-D CMAKE_CXX_COMPILER_LAUNCHER=ccache \
-D CMAKE_C_FLAGS=--coverage \
-D CMAKE_CXX_FLAGS=--coverage \
-D Boost_USE_STATIC_LIBS=OFF \
..
popd
- name: Load Cache
uses: actions/cache@v2
with:
path: |
ccache
sonar_cache
key: sonar-${{ github.ref }}-${{ github.sha }}
restore-keys: |
sonar-${{ github.ref }}-
sonar-
- name: Build
run: |
export CCACHE_DIR="$GITHUB_WORKSPACE/ccache"
mkdir -p "$CCACHE_DIR"
df -h
programs/build_helpers/make_with_sonar bw-output -j 2 -C _build \
witness_node cli_wallet js_operation_serializer get_dev_key network_mapper \
app_test chain_test cli_test es_test
df -h
du -hs _build/libraries/* _build/programs/* _build/tests/*
du -hs _build/*
du -hs /_build/*
- name: Unit-Tests
run: |
_build/tests/app_test -l test_suite
df -h
_build/tests/es_test -l test_suite
df -h
libraries/fc/tests/run-parallel-tests.sh _build/tests/chain_test -l test_suite
_build/tests/cli_test -l test_suite
df -h
- name: Prepare for scanning with SonarScanner
run: |
mkdir -p sonar_cache
find _build/libraries/[acdenptuw]*/CMakeFiles/*.dir _build/programs/[cdgjsw]*/CMakeFiles/*.dir -type d -print \
| while read d; do srcd="${d:7}"; gcov -o "$d" "${srcd/CMakeFiles*.dir//}"/*.cpp; done >/dev/null
programs/build_helpers/set_sonar_branch_for_github_actions sonar-project.properties
- name: Scan with SonarScanner
env:
# to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
sonar-scanner \
-Dsonar.login=${{ secrets.SONAR_TOKEN }}
82 changes: 82 additions & 0 deletions programs/build_helpers/set_sonar_branch_for_github_actions
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/bin/bash

# Relevant variables set by Github Actions:
# GITHUB_HEAD_REF: Only set for pull request events.
# The name of the head branch.
# GITHUB_BASE_REF: Only set for pull request events.
# The name of the base branch.
# GITHUB_REF: The branch or tag ref that triggered the workflow.
# For example, refs/heads/feature-branch-1.
# If neither a branch or tag is available for the event type,
# the variable will not exist.

if [ "$#" != 1 ]; then
echo "Usage: $0 <sonar-properties-file>" 1>&2
exit 1
fi

clear_branch () {
sed -i '/sonar\.branch/d' "$1"
}

if [ -n "$GITHUB_HEAD_REF" ]; then
# PRs work per default, remove sonar.branch.* and add sonar.pullrequest.*
echo "Detected PR '$GITHUB_REF' from '$GITHUB_HEAD_REF' to '$GITHUB_BASE_REF'"
PULLREF=${GITHUB_REF#refs/pull/}
PULLKEY=${PULLREF%/merge}
clear_branch "$1"
echo "sonar.pullrequest.key=$PULLKEY" >>"$1"
echo "sonar.pullrequest.base=$GITHUB_BASE_REF" >>"$1"
echo "sonar.pullrequest.branch=$GITHUB_HEAD_REF" >>"$1"
else
ORIGINAL_TARGET="$( grep 'sonar\.branch\.target' "$1" | sed 's=^.*[:=] *==' )"
TARGET="$ORIGINAL_TARGET"

if [[ ${GITHUB_REF} == "refs/tags/"* ]]; then
# Tag build is either master or testnet
echo "Detected tag '${GITHUB_REF}'"
BRANCH="${GITHUB_REF#refs/}"
case "$BRANCH" in
*test*) TARGET=testnet; ;;
*) TARGET=master; ;;
esac
else
BRANCH="${GITHUB_REF#refs/heads/}"
case "$BRANCH" in
master|develop|testnet|hardfork)
# Long-lived branches stand for themselves, no target
echo "Detected long-lived branch '$BRANCH'"
TARGET=
;;
*test*release*)
# Testnet release branch will be merged into testnet
echo "Detected testnet release branch '$BRANCH'"
TARGET=testnet
;;
*release*)
# Release branch will be merged into default (master)
echo "Detected release branch '$BRANCH'"
TARGET=master
;;
*)
# All other branches should have sonar.branch.target in their
# sonar.properties, leave it unchanged
echo "Detected normal branch '$BRANCH'"
esac
fi

echo "Branch '$BRANCH', target '$TARGET'"

if [ "x$TARGET" != "x$ORIGINAL_TARGET" ]; then
clear_branch "$1"
if [ -n "$TARGET" ]; then
echo "sonar.branch.target=$TARGET" >>"$1"
fi
fi
if [ -n "$BRANCH" ]; then
echo "sonar.branch.name=$BRANCH" >>"$1"
fi

fi

exit 0
14 changes: 10 additions & 4 deletions sonar-project.properties
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
sonar.projectKey=BitShares_Core
sonar.projectName=BitShares Core
sonar.organization=bitshares-on-github

sonar.projectKey=bitshares_bitshares-core
sonar.projectName=BitShares-Core
sonar.projectDescription=BitShares Blockchain implementation and command-line interface
sonar.projectVersion=5.2.0

sonar.host.url=https://sonarcloud.io

sonar.links.homepage=https://bitshares.org
sonar.links.ci=https://travis-ci.org/bitshares/bitshares-core/
sonar.links.ci=https://github.com/bitshares/bitshares-core/actions
sonar.links.issue=https://github.com/bitshares/bitshares-core/issues
sonar.links.scm=https://github.com/bitshares/bitshares-core/tree/master

Expand All @@ -19,5 +25,5 @@ sonar.cfamily.cache.enabled=true
sonar.cfamily.cache.path=sonar_cache

# Decide which tree the current build belongs to in SonarCloud.
# Managed by the `set_sonar_branch` script when building with Travis CI.
# Managed by the `set_sonar_branch*` script when building with CI.
sonar.branch.target=develop

0 comments on commit 4e5670b

Please sign in to comment.