Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate SonarScanner in Github Actions workflow #2367

Merged
merged 3 commits into from
Mar 4, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 138 additions & 0 deletions .github/workflows/sonar-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
name: Scan with SonarScanner
on: [ push, pull_request ]
env:
CCACHE_COMPRESS: exists means true
CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros
jobs:
sonar-scan:
name: Scan with SonarScanner
strategy:
matrix:
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
services:
elasticsearch:
image: docker://elasticsearch:7.4.2
options: --env discovery.type=single-node --publish 9200:9200 --publish 9300:9300
steps:
- name: Download and install latest SonarScanner CLI tool
run: |
SONAR_SCANNER_VERSION=`curl https://github.com/SonarSource/sonar-scanner-cli/releases/latest \
2>/dev/null | cut -f2 -d'"' | cut -f8 -d'/'`
SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \
$SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV
echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
- name: Install dependencies
run: |
df -h
sudo apt-get update
openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'`
libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'`
[ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \
sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver}
sudo apt-get install -y \
ccache \
parallel \
libboost-thread-dev \
libboost-iostreams-dev \
libboost-date-time-dev \
libboost-system-dev \
libboost-filesystem-dev \
libboost-program-options-dev \
libboost-chrono-dev \
libboost-test-dev \
libboost-context-dev \
libboost-regex-dev \
libboost-coroutine-dev \
libcurl4-openssl-dev
sudo apt-get auto-remove -y
sudo apt-get clean -y
df -h
sudo du -hs /mnt/*
sudo ls -alr /mnt/
- uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: recursive
- name: Configure
run: |
pwd
df -h .
mkdir -p _build
sudo mkdir -p /_build/libraries /_build/programs /mnt/_build/tests
sudo chmod a+rwx /_build/libraries /_build/programs /mnt/_build/tests
ln -s /_build/libraries _build/libraries
ln -s /_build/programs _build/programs
ln -s /mnt/_build/tests _build/tests
sudo ln -s /_build/libraries /mnt/_build/libraries
sudo ln -s /_build/programs /mnt/_build/programs
sudo ln -s /mnt/_build/tests /_build/tests
ls -al _build
sed -i '/tests/d' libraries/fc/CMakeLists.txt
pushd _build
export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR
cmake -D CMAKE_BUILD_TYPE=Debug \
-D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \
-D CMAKE_C_COMPILER=gcc \
-D CMAKE_C_COMPILER_LAUNCHER=ccache \
-D CMAKE_CXX_COMPILER=g++ \
-D CMAKE_CXX_COMPILER_LAUNCHER=ccache \
-D CMAKE_C_FLAGS=--coverage \
-D CMAKE_CXX_FLAGS=--coverage \
-D Boost_USE_STATIC_LIBS=OFF \
..
popd
- name: Load Cache
uses: actions/cache@v2
with:
path: |
ccache
sonar_cache
key: sonar-${{ github.ref }}-${{ github.sha }}
restore-keys: |
sonar-${{ github.ref }}-
sonar-
- name: Build
run: |
export CCACHE_DIR="$GITHUB_WORKSPACE/ccache"
mkdir -p "$CCACHE_DIR"
df -h
programs/build_helpers/make_with_sonar bw-output -j 2 -C _build \
witness_node cli_wallet js_operation_serializer get_dev_key network_mapper \
app_test chain_test cli_test es_test
df -h
du -hs _build/libraries/* _build/programs/* _build/tests/*
du -hs _build/*
du -hs /_build/*
- name: Unit-Tests
run: |
_build/tests/app_test -l test_suite
df -h
_build/tests/es_test -l test_suite
df -h
libraries/fc/tests/run-parallel-tests.sh _build/tests/chain_test -l test_suite
_build/tests/cli_test -l test_suite
df -h
- name: Prepare for scanning with SonarScanner
run: |
mkdir -p sonar_cache
find _build/libraries/[acdenptuw]*/CMakeFiles/*.dir _build/programs/[cdgjsw]*/CMakeFiles/*.dir -type d -print \
| while read d; do srcd="${d:7}"; gcov -o "$d" "${srcd/CMakeFiles*.dir/.}"/*.cpp; done >/dev/null
programs/build_helpers/set_sonar_branch_for_github_actions sonar-project.properties
- name: Scan with SonarScanner
env:
# to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
sonar-scanner \
-Dsonar.login=${{ secrets.SONAR_TOKEN }}
82 changes: 82 additions & 0 deletions programs/build_helpers/set_sonar_branch_for_github_actions
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
#!/bin/bash

# Relevant variables set by Github Actions:
# GITHUB_HEAD_REF: Only set for pull request events.
# The name of the head branch.
# GITHUB_BASE_REF: Only set for pull request events.
# The name of the base branch.
# GITHUB_REF: The branch or tag ref that triggered the workflow.
# For example, refs/heads/feature-branch-1.
# If neither a branch or tag is available for the event type,
# the variable will not exist.

if [ "$#" != 1 ]; then
echo "Usage: $0 <sonar-properties-file>" 1>&2
exit 1
fi

clear_branch () {
sed -i '/sonar\.branch/d' "$1"
}

if [ -n "$GITHUB_HEAD_REF" ]; then
# PRs work per default, remove sonar.branch.* and add sonar.pullrequest.*
echo "Detected PR '$GITHUB_REF' from '$GITHUB_HEAD_REF' to '$GITHUB_BASE_REF'"
PULLREF=${GITHUB_REF#refs/pull/}
PULLKEY=${PULLREF%/merge}
clear_branch "$1"
echo "sonar.pullrequest.key=$PULLKEY" >>"$1"
echo "sonar.pullrequest.base=$GITHUB_BASE_REF" >>"$1"
echo "sonar.pullrequest.branch=$GITHUB_HEAD_REF" >>"$1"
else
ORIGINAL_TARGET="$( grep 'sonar\.branch\.target' "$1" | sed 's=^.*[:=] *==' )"
TARGET="$ORIGINAL_TARGET"

if [[ ${GITHUB_REF} == "refs/tags/"* ]]; then
# Tag build is either master or testnet
echo "Detected tag '${GITHUB_REF}'"
BRANCH="${GITHUB_REF#refs/}"
case "$BRANCH" in
*test*) TARGET=testnet; ;;
*) TARGET=master; ;;
esac
else
BRANCH="${GITHUB_REF#refs/heads/}"
case "$BRANCH" in
master|develop|testnet|hardfork)
# Long-lived branches stand for themselves, no target
echo "Detected long-lived branch '$BRANCH'"
TARGET=
;;
*test*release*)
# Testnet release branch will be merged into testnet
echo "Detected testnet release branch '$BRANCH'"
TARGET=testnet
;;
*release*)
# Release branch will be merged into default (master)
echo "Detected release branch '$BRANCH'"
TARGET=master
;;
*)
# All other branches should have sonar.branch.target in their
# sonar.properties, leave it unchanged
echo "Detected normal branch '$BRANCH'"
esac
fi

echo "Branch '$BRANCH', target '$TARGET'"

if [ "x$TARGET" != "x$ORIGINAL_TARGET" ]; then
clear_branch "$1"
if [ -n "$TARGET" ]; then
echo "sonar.branch.target=$TARGET" >>"$1"
fi
fi
if [ -n "$BRANCH" ]; then
echo "sonar.branch.name=$BRANCH" >>"$1"
fi

fi

exit 0
14 changes: 10 additions & 4 deletions sonar-project.properties
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
sonar.projectKey=BitShares_Core
sonar.projectName=BitShares Core
sonar.organization=bitshares-on-github

sonar.projectKey=bitshares_bitshares-core
sonar.projectName=BitShares-Core
sonar.projectDescription=BitShares Blockchain implementation and command-line interface
sonar.projectVersion=5.2.0

sonar.host.url=https://sonarcloud.io

sonar.links.homepage=https://bitshares.org
sonar.links.ci=https://travis-ci.org/bitshares/bitshares-core/
sonar.links.ci=https://github.com/bitshares/bitshares-core/actions
sonar.links.issue=https://github.com/bitshares/bitshares-core/issues
sonar.links.scm=https://github.com/bitshares/bitshares-core/tree/master

Expand All @@ -19,5 +25,5 @@ sonar.cfamily.cache.enabled=true
sonar.cfamily.cache.path=sonar_cache

# Decide which tree the current build belongs to in SonarCloud.
# Managed by the `set_sonar_branch` script when building with Travis CI.
# Managed by the `set_sonar_branch*` script when building with CI.
sonar.branch.target=develop