Hi,
I’m happy to report that we were able to use SonarCloud with GitHub Actions for Windows and MSBuild.
It was a tad tricky but I wanted to share with the community since the official GitHub Action for Sonar points users to Travis CI which is not necessary.
I’m sharing a simplified version of our .github/workflows/ci.yml
file:
name: CI Checks
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
# Allow manual trigger for debugging the workflow.
env:
SONAR_WRAPPER_URL: https://sonarcloud.io/static/cpp/build-wrapper-win-x86.zip
SONAR_SCANNER_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-windows.zip
jobs:
CIChecks:
runs-on: windows-latest
steps:
- name: Checkout branch
uses: actions/checkout@master
with:
# Disabling shallow clone is required to report the correct blame information.
fetch-depth: 0
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v1.0.2
- name: Environment
shell: bash
run: |
mkdir -p build
org="$(cut -d/ -f1 <<< "$GITHUB_REPOSITORY")"
repo="$(cut -d/ -f2 <<< "$GITHUB_REPOSITORY")"
echo "SONAR_ORGANIZATION=${org}" >> "$GITHUB_ENV"
echo "SONAR_PROJECT_KEY=${org}_${repo}" >> "$GITHUB_ENV"
- name: Install Sonar Scanner
run: |
Invoke-WebRequest -Uri "${{ env.SONAR_WRAPPER_URL }}" -OutFile build/build-wrapper.zip
Invoke-WebRequest -Uri "${{ env.SONAR_SCANNER_URL }}" -OutFile build/sonar-scanner.zip
Expand-Archive -LiteralPath build/build-wrapper.zip -DestinationPath build
Expand-Archive -LiteralPath build/sonar-scanner.zip -DestinationPath build
- name: Build with Sonar Wrapper
shell: cmd
run: |
SET PATH=%PATH%;%cd%\build\build-wrapper-win-x86
build-wrapper-win-x86-64 --out-dir build\bw_output build-all.bat
- name: Prepare Sonar Scanner
shell: bash
run: |
set -x
cd build
ls -la bw_output
mv sonar-scanner-*-windows sonar-scanner
- name: Sonar Scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
shell: cmd
run: |
SET PATH=%PATH%;%cd%\build\sonar-scanner\bin
ECHO PATH=%PATH%
ECHO DIR %cd%\build\bw_output\
DIR %cd%\build\bw_output\
sonar-scanner.bat -Dsonar.cfamily.build-wrapper-output=%cd%\build\bw_output
Note that we have a build-all.bat
script that calls multiple msbuild
commands for our various binaries. This was necessary since calling build-wrapper msbuild
multiple times overwrites the output json.
Our sonar property files then uses the SONAR_ORGANIZATION and SONAR_PROJECT_KEY environment variables.
Note that when using Windows targets the default shell is Powershell, which makes it a bit more verbose to execute some commands, but it can download and extract zip archives. The cmd shell is the classic Windows shell, with the classic limitations. There is cygwin with bash available but it is very limited to basics (no wget or curl), however it makes it easier to perform some file and environment variables manipulations. An other thing to consider is how backslashes are escaped, or not, in YAML. This gave us quite a bit of trouble.
I’m sure the yaml could be simplified with pure PowerShell, but I personally never use Windows and the PowerShell that is available for Docker does not behave exactly the same way than on Windows (echo is slightly different for example).
The repository is private so I cannot share more details. We have not integrated the unittest coverage reports yet but that should not be too complicated.
You will have to configure SONAR_TOKEN as a repository secret obviously. The GITHUB_TOKEN secret is always available and managed by GitHub directly, it might not be required but I have not tested that yet.