From de6776b0675c7afbfdb8df94328dc1714a45a5f7 Mon Sep 17 00:00:00 2001 From: Pearl Dsilva Date: Tue, 2 Jun 2026 15:04:50 -0400 Subject: [PATCH 1/2] Deduplicate sonal CI github workflow --- .github/workflows/main-sonar-check.yml | 49 +++--------- .github/workflows/sonar-check.yml | 53 +++---------- .github/workflows/sonar-reusable.yml | 100 +++++++++++++++++++++++++ 3 files changed, 118 insertions(+), 84 deletions(-) create mode 100644 .github/workflows/sonar-reusable.yml diff --git a/.github/workflows/main-sonar-check.yml b/.github/workflows/main-sonar-check.yml index 7ccd6600ab97..5aa3b7c0f49b 100644 --- a/.github/workflows/main-sonar-check.yml +++ b/.github/workflows/main-sonar-check.yml @@ -23,46 +23,15 @@ on: - main permissions: - contents: read # to fetch code (actions/checkout) - pull-requests: write # for sonar to comment on pull-request + contents: read + pull-requests: write jobs: - build: + sonar: if: github.repository == 'apache/cloudstack' - name: Main Sonar JaCoCo Build - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - name: Set up JDK17 - uses: actions/setup-java@v5 - with: - distribution: 'temurin' - java-version: '17' - cache: 'maven' - - - name: Cache SonarCloud packages - uses: actions/cache@v5 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Cache local Maven repository - uses: actions/cache@v5 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }} - restore-keys: | - ${{ runner.os }}-m2 - - - name: Run Tests with Coverage - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss - cd nonoss && bash -x install-non-oss.sh && cd .. - mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack + uses: ./.github/workflows/sonar-reusable.yml + with: + is_pr: false + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/sonar-check.yml b/.github/workflows/sonar-check.yml index 9f5c3a194bc7..673c15ecad4f 100644 --- a/.github/workflows/sonar-check.yml +++ b/.github/workflows/sonar-check.yml @@ -20,54 +20,19 @@ name: Sonar Quality Check on: [pull_request] permissions: - contents: read # to fetch code (actions/checkout) - pull-requests: write # for sonar to comment on pull-request + contents: read + pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - build: + sonar: if: github.repository == 'apache/cloudstack' && github.event.pull_request.head.repo.full_name == github.repository - name: Sonar JaCoCo Coverage - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v6 - with: - ref: "refs/pull/${{ github.event.number }}/merge" - fetch-depth: 0 - - - name: Set up JDK17 - uses: actions/setup-java@v5 - with: - distribution: 'temurin' - java-version: '17' - cache: 'maven' - - - name: Cache SonarCloud packages - uses: actions/cache@v5 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Cache local Maven repository - uses: actions/cache@v5 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }} - restore-keys: | - ${{ runner.os }}-m2 - - - name: Run Build and Tests with Coverage - id: coverage - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - PR_ID: ${{ github.event.pull_request.number }} - HEADREF: ${{ github.event.pull_request.head.ref }} - run: | - git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss - cd nonoss && bash -x install-non-oss.sh && cd .. - mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID" -Dsonar.pullrequest.branch="$HEADREF" -Dsonar.pullrequest.github.repository=apache/cloudstack -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.summary_comment=true + uses: ./.github/workflows/sonar-reusable.yml + with: + is_pr: true + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/sonar-reusable.yml b/.github/workflows/sonar-reusable.yml new file mode 100644 index 000000000000..5dd806ce260e --- /dev/null +++ b/.github/workflows/sonar-reusable.yml @@ -0,0 +1,100 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +name: Sonar Quality Check (Reusable) + +on: + workflow_call: + inputs: + is_pr: + description: 'true when called from a pull_request trigger' + type: boolean + required: true + secrets: + GITHUB_TOKEN: + required: true + SONAR_TOKEN: + required: false + +permissions: + contents: read + pull-requests: write + +jobs: + build: + name: Sonar JaCoCo Coverage + runs-on: ubuntu-22.04 + steps: + # PR callers check out the merge commit; branch callers use the pushed SHA. + - uses: actions/checkout@v6 + with: + ref: ${{ inputs.is_pr && format('refs/pull/{0}/merge', github.event.number) || github.sha }} + fetch-depth: 0 + + - name: Set up JDK17 + uses: actions/setup-java@v5 + with: + distribution: 'temurin' + java-version: '17' + cache: 'maven' + + - name: Cache SonarCloud packages + uses: actions/cache@v5 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache local Maven repository + uses: actions/cache@v5 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }} + restore-keys: | + ${{ runner.os }}-m2 + + - name: Install Non-OSS + run: | + git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss + cd nonoss && bash -x install-non-oss.sh && cd .. + + - name: Run Build and Tests with Coverage (PR) + if: inputs.is_pr + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + PR_ID: ${{ github.event.pull_request.number }} + HEADREF: ${{ github.event.pull_request.head.ref }} + run: > + mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install + org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + -Dsonar.projectKey=apache_cloudstack + -Dsonar.pullrequest.key="$PR_ID" + -Dsonar.pullrequest.branch="$HEADREF" + -Dsonar.pullrequest.github.repository=apache/cloudstack + -Dsonar.pullrequest.provider=GitHub + -Dsonar.pullrequest.github.summary_comment=true + + - name: Run Tests with Coverage (Main) + if: "!inputs.is_pr" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: > + mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install + org.sonarsource.scanner.maven:sonar-maven-plugin:sonar + -Dsonar.projectKey=apache_cloudstack From abacb6f3f242caff5319c420915aefdcb77d484f Mon Sep 17 00:00:00 2001 From: Pearl Dsilva Date: Tue, 2 Jun 2026 16:44:12 -0400 Subject: [PATCH 2/2] address comments --- .github/workflows/main-sonar-check.yml | 1 + .github/workflows/sonar-check.yml | 2 +- .github/workflows/sonar-reusable.yml | 59 +++++++++++++------------- 3 files changed, 32 insertions(+), 30 deletions(-) diff --git a/.github/workflows/main-sonar-check.yml b/.github/workflows/main-sonar-check.yml index fe4fa18100a9..ee2da1900227 100644 --- a/.github/workflows/main-sonar-check.yml +++ b/.github/workflows/main-sonar-check.yml @@ -38,3 +38,4 @@ jobs: is_pr: false secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/sonar-check.yml b/.github/workflows/sonar-check.yml index 5ea1f66ee92f..3d4b29abc80b 100644 --- a/.github/workflows/sonar-check.yml +++ b/.github/workflows/sonar-check.yml @@ -29,9 +29,9 @@ concurrency: jobs: sonar: - if: github.repository == 'apache/cloudstack' && github.event.pull_request.head.repo.full_name == github.repository uses: ./.github/workflows/sonar-reusable.yml with: is_pr: true secrets: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/sonar-reusable.yml b/.github/workflows/sonar-reusable.yml index d2af89974f90..264ec7a705b4 100644 --- a/.github/workflows/sonar-reusable.yml +++ b/.github/workflows/sonar-reusable.yml @@ -27,6 +27,8 @@ on: secrets: SONAR_TOKEN: required: false + CODECOV_TOKEN: + required: false permissions: contents: read @@ -35,30 +37,29 @@ permissions: jobs: build: name: Sonar JaCoCo Coverage - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - # PR callers check out the merge commit; branch callers use the pushed SHA. - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.is_pr && format('refs/pull/{0}/merge', github.event.number) || github.sha }} fetch-depth: 0 + persist-credentials: false - - name: Set up JDK17 - uses: actions/setup-java@v5 + - name: Setup Environment + uses: ./.github/actions/setup-env with: - distribution: 'temurin' - java-version: '17' - cache: 'maven' + install-python: 'true' + install-apt-deps: 'true' - name: Cache SonarCloud packages - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: Cache local Maven repository - uses: actions/cache@v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.m2/repository key: ${{ runner.os }}-m2-${{ hashFiles('pom.xml', '*/pom.xml', '*/*/pom.xml', '*/*/*/pom.xml') }} @@ -66,33 +67,33 @@ jobs: ${{ runner.os }}-m2 - name: Install Non-OSS - run: | - git clone https://github.com/shapeblue/cloudstack-nonoss.git nonoss - cd nonoss && bash -x install-non-oss.sh && cd .. + uses: ./.github/actions/install-nonoss + + - name: Run Build and Tests with Coverage + run: mvn -B -T$(nproc) -P developer,systemvm,quality -Dsimulator -Dnoredist clean install - - name: Run Build and Tests with Coverage (PR) - if: inputs.is_pr + - name: Upload to SonarQube + if: inputs.is_pr && github.repository == 'apache/cloudstack' && github.event.pull_request.head.repo.full_name == github.repository env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} PR_ID: ${{ github.event.pull_request.number }} HEADREF: ${{ github.event.pull_request.head.ref }} - run: > - mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install - org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - -Dsonar.projectKey=apache_cloudstack - -Dsonar.pullrequest.key="$PR_ID" - -Dsonar.pullrequest.branch="$HEADREF" - -Dsonar.pullrequest.github.repository=apache/cloudstack - -Dsonar.pullrequest.provider=GitHub - -Dsonar.pullrequest.github.summary_comment=true + run: | + mvn -B -P quality org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.pullrequest.key="$PR_ID" -Dsonar.pullrequest.branch="$HEADREF" -Dsonar.pullrequest.github.repository=apache/cloudstack -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.summary_comment=true - - name: Run Tests with Coverage (Main) + - name: Upload to SonarQube if: "!inputs.is_pr" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: > - mvn -T$(nproc) -P quality -Dsimulator -Dnoredist clean install - org.sonarsource.scanner.maven:sonar-maven-plugin:sonar - -Dsonar.projectKey=apache_cloudstack + run: mvn -B -P quality org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_cloudstack -Dsonar.branch.name=${{ github.ref_name }} + + - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 + with: + files: ./client/target/site/jacoco-aggregate/jacoco.xml + fail_ci_if_error: true + flags: unittests + verbose: true + name: codecov + token: ${{ secrets.CODECOV_TOKEN }}