diff --git a/.github/workflows/main-sonar-check.yml b/.github/workflows/main-sonar-check.yml index ad58d07a9894..ee2da1900227 100644 --- a/.github/workflows/main-sonar-check.yml +++ b/.github/workflows/main-sonar-check.yml @@ -16,50 +16,26 @@ # under the License. name: Sonar Quality Check (Main) -permissions: - contents: read + on: push: branches: - main + +permissions: + contents: read + pull-requests: write + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + jobs: - build: + sonar: if: github.repository == 'apache/cloudstack' - name: Sonar JaCoCo Coverage - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - persist-credentials: false - - name: Setup Environment - uses: ./.github/actions/setup-env - with: - install-python: 'true' - install-apt-deps: 'true' - - name: Cache SonarCloud packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Install Non-OSS - uses: ./.github/actions/install-nonoss - - name: Run Build and Tests with Coverage - run: mvn -B -T$(nproc) -P developer,systemvm,quality -Dsimulator -Dnoredist clean install - - name: Upload to SonarQube - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: mvn -B -P quality org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.branch.name=${{ github.ref_name }} - - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 - with: - files: ./client/target/site/jacoco-aggregate/jacoco.xml - fail_ci_if_error: true - flags: unittests - verbose: true - name: codecov - token: ${{ secrets.CODECOV_TOKEN }} + uses: ./.github/workflows/sonar-reusable.yml + with: + is_pr: false + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/sonar-check.yml b/.github/workflows/sonar-check.yml index 49a49d009580..3d4b29abc80b 100644 --- a/.github/workflows/sonar-check.yml +++ b/.github/workflows/sonar-check.yml @@ -16,52 +16,22 @@ # under the License. name: Sonar Quality Check + +on: [pull_request] + permissions: contents: read pull-requests: write -on: - pull_request: + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + jobs: - build: - name: Sonar JaCoCo Coverage - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 0 - persist-credentials: false - - name: Setup Environment - uses: ./.github/actions/setup-env - with: - install-python: 'true' - install-apt-deps: 'true' - - name: Cache SonarCloud packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Install Non-OSS - uses: ./.github/actions/install-nonoss - - name: Run Build and Tests with Coverage - run: mvn -B -T$(nproc) -P developer,systemvm,quality -Dsimulator -Dnoredist clean install - - name: Upload to SonarQube - if: github.repository == 'apache/cloudstack' && github.event.pull_request.head.repo.full_name == github.repository - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - PR_ID: ${{ github.event.pull_request.number }} - HEADREF: ${{ github.event.pull_request.head.ref }} - run: | - mvn -B -P quality org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID" -Dsonar.pullrequest.branch="$HEADREF" -Dsonar.pullrequest.github.repository=apache/cloudstack -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.summary_comment=true - - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 - with: - files: ./client/target/site/jacoco-aggregate/jacoco.xml - fail_ci_if_error: true - flags: unittests - verbose: true - name: codecov - token: ${{ secrets.CODECOV_TOKEN }} + sonar: + uses: ./.github/workflows/sonar-reusable.yml + with: + is_pr: true + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/sonar-reusable.yml b/.github/workflows/sonar-reusable.yml new file mode 100644 index 000000000000..264ec7a705b4 --- /dev/null +++ b/.github/workflows/sonar-reusable.yml @@ -0,0 +1,99 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: Sonar Quality Check (Reusable) + +on: + workflow_call: + inputs: + is_pr: + description: 'true when called from a pull_request trigger' + type: boolean + required: true + secrets: + SONAR_TOKEN: + required: false + CODECOV_TOKEN: + required: false + +permissions: + contents: read + pull-requests: write + +jobs: + build: + name: Sonar JaCoCo Coverage + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ inputs.is_pr && format('refs/pull/{0}/merge', github.event.number) || github.sha }} + fetch-depth: 0 + persist-credentials: false + + - name: Setup Environment + uses: ./.github/actions/setup-env + with: + install-python: 'true' + install-apt-deps: 'true' + + - name: Cache SonarCloud packages + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache local Maven repository + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }} + restore-keys: | + ${{ runner.os }}-m2 + + - name: Install Non-OSS + uses: ./.github/actions/install-nonoss + + - name: Run Build and Tests with Coverage + run: mvn -B -T$(nproc) -P developer,systemvm,quality -Dsimulator -Dnoredist clean install + + - name: Upload to SonarQube + if: inputs.is_pr && github.repository == 'apache/cloudstack' && github.event.pull_request.head.repo.full_name == github.repository + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + PR_ID: ${{ github.event.pull_request.number }} + HEADREF: ${{ github.event.pull_request.head.ref }} + run: | + mvn -B -P quality org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID" -Dsonar.pullrequest.branch="$HEADREF" -Dsonar.pullrequest.github.repository=apache/cloudstack -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.summary_comment=true + + - name: Upload to SonarQube + if: "!inputs.is_pr" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B -P quality org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.branch.name=${{ github.ref_name }} + + - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 + with: + files: ./client/target/site/jacoco-aggregate/jacoco.xml + fail_ci_if_error: true + flags: unittests + verbose: true + name: codecov + token: ${{ secrets.CODECOV_TOKEN }}