Sonarcloud-Pull #2686

Workflow file for this run

.github/workflows/sonarcloud-pull.yml at 1b7fd92

	name: Sonarcloud-Pull
	on:
	workflow_run:
	workflows: ["Code Analysis"]
	types:
	- completed

	env:
	BASE_IMAGE: ${{ vars.BASE_IMAGE \|\| 'registry.fedoraproject.org/fedora:latest' }}
	COPR_REPO: ${{ vars.COPR_REPO \|\| '@pki/master' }}
	NAMESPACE: ${{ vars.REGISTRY_NAMESPACE \|\| 'dogtagpki' }}

	jobs:
	retrieve-pr:
	if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
	runs-on: ubuntu-latest
	outputs:
	pr-number: ${{ steps.pr-artifact-script.outputs.result }}
	pr-base: ${{ steps.pr-base-script.outputs.result }}
	steps:
	- name: 'Download PR artifact'
	uses: actions/github-script@v7
	id: download-pr
	with:
	result-encoding: string
	script: \|
	var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: context.payload.workflow_run.id,
	});
	var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
	return artifact.name == "pr"
	})[0];
	if (matchArtifact == null){
	core.setFailed("No PR artifact");
	return "False";
	}
	var download = await github.rest.actions.downloadArtifact({
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: matchArtifact.id,
	archive_format: 'zip',
	});
	var fs = require('fs');
	fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
	return "True";

	- name: Unzip the pr
	if: steps.download-pr.outputs.result == 'True'
	run: unzip pr.zip

	- name: Retrieve the pr number
	if: success()
	id: pr-artifact-script
	uses: actions/github-script@v7
	with:
	result-encoding: string
	script: \|
	var fs = require('fs');
	var pr_number = Number(fs.readFileSync('./NR'));
	return pr_number;

	- name: Retrieve the pr base
	if: success()
	id: pr-base-script
	uses: actions/github-script@v7
	with:
	result-encoding: string
	script: \|
	var fs = require('fs');
	var pr_base = fs.readFileSync('./BaseBranch');
	return pr_base;

	build:
	name: Building PKI for Sonar
	needs: retrieve-pr
	runs-on: ubuntu-latest
	steps:
	- name: Clone repository
	uses: actions/checkout@v4
	with:
	repository: ${{ github.event.workflow_run.head_repository.full_name }}
	ref: ${{ github.event.workflow_run.head_branch }}
	fetch-depth: 0

	- name: Rebase to master
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"
	git config user.name "GitHub Workflow Action"
	git config user.email "[email protected]"
	git remote add pki ${{ github.event.repository.clone_url }}
	git fetch pki
	git rebase pki/${{ needs.retrieve-pr.outputs.pr-base }}

	- name: Update Dockerfile
	run: \|
	# update registry namespace
	sed -i "s/quay.io\/dogtagpki\//quay.io\/$NAMESPACE\//g" Dockerfile

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Cache Docker layers
	id: cache-buildx
	uses: actions/cache@v4
	with:
	key: buildx-${{ hashFiles('pki.spec') }}
	path: /tmp/.buildx-cache

	- name: Build pki-deps image
	uses: docker/build-push-action@v5
	with:
	context: .
	build-args: \|
	BASE_IMAGE=${{ env.BASE_IMAGE }}
	COPR_REPO=${{ env.COPR_REPO }}
	tags: pki-deps
	target: pki-deps
	cache-to: type=local,dest=/tmp/.buildx-cache
	if: steps.cache-buildx.outputs.cache-hit != 'true'

	- name: Build pki-builder-deps image
	uses: docker/build-push-action@v5
	with:
	context: .
	build-args: \|
	BASE_IMAGE=${{ env.BASE_IMAGE }}
	COPR_REPO=${{ env.COPR_REPO }}
	tags: pki-builder-deps
	target: pki-builder-deps
	cache-to: type=local,dest=/tmp/.buildx-cache
	if: steps.cache-buildx.outputs.cache-hit != 'true'

	- name: Build pki-runner image
	uses: docker/build-push-action@v5
	with:
	context: .
	build-args: \|
	BASE_IMAGE=${{ env.BASE_IMAGE }}
	COPR_REPO=${{ env.COPR_REPO }}
	tags: pki-runner
	target: pki-runner
	cache-from: type=local,src=/tmp/.buildx-cache
	outputs: type=docker,dest=pki-runner.tar

	- name: Store pki-runner image
	uses: actions/cache@v4
	with:
	key: pki-sonar-runner-${{ github.event.workflow_run.id }}
	path: pki-runner.tar

	sonarcloud:
	name: Sonar Cloud code analysis
	needs: [retrieve-pr, build]
	if: needs.retrieve-pr.outputs.pr-number != ''
	runs-on: ubuntu-latest
	env:
	SHARED: /tmp/workdir/pki
	steps:
	- name: Retrieve pki-runner image
	uses: actions/cache@v4
	with:
	key: pki-sonar-runner-${{ github.event.workflow_run.id }}
	path: pki-runner.tar

	- name: Load pki-runner image
	run: docker load --input pki-runner.tar

	- name: Checkout pulled branch
	uses: actions/checkout@v4
	with:
	repository: ${{ github.event.workflow_run.head_repository.full_name }}
	ref: ${{ github.event.workflow_run.head_branch }}
	fetch-depth: 0

	- name: Rebase to master
	run: \|
	git config user.name "GitHub Workflow Action"
	git remote add pki ${{ github.event.repository.clone_url }}
	git fetch pki
	git rebase pki/${{ needs.retrieve-pr.outputs.pr-base }}

	- name: Set up PKI container
	run: \|
	tests/bin/runner-init.sh pki

	- name: Copy build in current folder
	run: docker cp pki:/usr/share/java/pki ./build

	- name: Remove maven related file
	run: rm -f pom.xml

	- name: Start Sonar analysis
	uses: SonarSource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	with:
	args: >
	-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
	-Dsonar.pullrequest.key=${{ needs.retrieve-pr.outputs.pr-number }}
	-Dsonar.pullrequest.branch=${{ github.event.workflow_run.head_branch }}
	-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sonarcloud-Pull #2686

Workflow file

Sonarcloud-Pull #2686

Jobs

Run details

Workflow file for this run