RCheesley
July 18, 2022, 10:04am
34
May not be entirely the ‘right’ way but I managed to get it mostly working as follows:
I had to make the coverage report from Codecov readable by Sonar and then upload it as an archive so that we can access it in the next step.
Did the same with the PR number as suggested by @nixel2007 above:
Then grab the PR number per the example above:
Download the code coverage artifact and extract it:
ref: ${{ github.event.workflow_run.head_branch }}
fetch-depth: 0
- name: Checkout base branch
if: github.event.workflow_run.event == 'pull_request'
run: |
git remote add upstream ${{ github.event.repository.clone_url }}
git fetch upstream
git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
git checkout ${{ github.event.workflow_run.head_branch }}
git clean -ffdx && git reset --hard HEAD
- name: 'Download code coverage'
uses: actions/github-script@v5
with:
script: |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "code-coverage-report"
Make sure that the file can be accessed within the container (hat tip to @sylfabre in this post )
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/artifact.zip`, Buffer.from(download.data));
- name: 'Unzip code coverage'
run: unzip artifact.zip
- name: SonarCloud Scan on PR
if: github.event.workflow_run.event == 'pull_request'
uses: sonarsource/sonarcloud-github-action@master
with:
projectBaseDir: '.'
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} -Dproject.settings=sonar-project.properties
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarCloud Scan on push
Scan on PR:
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/artifact.zip`, Buffer.from(download.data));
- name: 'Unzip code coverage'
run: unzip artifact.zip
- name: SonarCloud Scan on PR
if: github.event.workflow_run.event == 'pull_request'
uses: sonarsource/sonarcloud-github-action@master
with:
projectBaseDir: '.'
args: >
-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }} -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} -Dproject.settings=sonar-project.properties
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: SonarCloud Scan on push
We use a project properties file so I included that in the args , the file is here:
sonar.projectKey=RCheesley_mautic
sonar.organization=rcheesley
sonar.projectName=mautic
sonar.projectVersion=1.0
sonar.modules=phpmodule
sonar.sourceEncoding=UTF-8
phpmodule.sonar.sources=app,plugins
phpmodule.sonar.projectBaseDir=.
phpmodule.sonar.inclusions=app/*.php,app/**/*.php,plugins/*.php,plugins/**/*.php
phpmodule.sonar.exclusions=app/migrations/**/*,app/bundles/*Bundle/Config/**/*,app/bundles/*Bundle/DataFixtures/**/*,app/bundles/*Bundle/Tests/**/*,app/bundles/*Bundle/Translations/**/*,app/bundles/*Bundle/Views/**/*,app/middlewares/Test/**/*,app/bundles/CoreBundle/Test/**/*,plugins/*Bundle/Config/**/*,plugins/*Bundle/Tests/**/*,plugins/*Bundle/Translations/**/*,plugins/*Bundle/Views/**/*
phpmodule.sonar.cpd.exclusions=**/*
phpmodule.sonar.tests=tests
sonar.php.coverage.reportPaths=clover.xml
sonar.scm.disabled=true
Obvs as this is running on my own fork I had to make quite some tweaks to some of the files as we restrict our actions to running only on our main repo and our private security repo, and had to hard-code a couple of path changes to work on my own fork while I figured it out.
Thanks to everyone for the help so far!