-
Notifications
You must be signed in to change notification settings - Fork 126
130 lines (121 loc) · 4.48 KB
/
sonarcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: SonarCloud
on:
push:
branches: [ dev ]
pull_request:
branches: [ dev ]
env:
SONAR_SCANNER_VERSION: 5.0.1.3006
REGION: eu-west-1
jobs:
aws_creds:
name: Get ECR Access
runs-on: [ self-hosted, corefront, sandbox ]
outputs:
token: ${{ steps.ecr_token.outputs.token }}
steps:
- id: ecr_token
name: Get ECR Token
run: |
echo token=$(aws ecr get-login-password --region $REGION) >> $GITHUB_OUTPUT
static_analysis:
runs-on: [self-hosted, corefront, sandbox]
needs: aws_creds
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-debian11_dev:latest
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
volumes:
- /usr/share/dotnet:/usr/share/dotnet
# Mount /dotnet so we can delete files from docker and free up space (>20GB)
services:
rabbitmq:
image: rabbitmq:3-alpine
ports:
- 5672:5672
redis:
image: redis:6-alpine
ports:
- 6379:6379
steps:
- name: force chown to avoid errors
run: chown -R $USER:$USER .
- name: Git config
run: git config --global --add safe.directory /__w/navitia/navitia
- name: Free up space
run: rm -rf /usr/share/dotnet/*
- name: Display remaining space
run: df -h
- name: Generate github private access token
id: ci-core-app-token
uses: getsentry/[email protected]
with:
app_id: ${{ secrets.CI_CORE_APP_ID }}
private_key: ${{ secrets.CI_CORE_APP_PEM }}
- uses: actions/checkout@v3
with:
submodules: recursive
token: ${{ steps.ci-core-app-token.outputs.token }}
- name: Install Gcov and SonarCloud's dependencies for C++ analysis
run : |
rm -rf "$AGENT_TOOLSDIRECTORY"
apt update -y
pip install gcovr
apt install -y unzip wget
wget https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -u build-wrapper-linux-x86.zip
unzip -u sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
- name: Cache Sonar
id: cache-sonar
uses: actions/cache@v3
with:
path: sonar_cache
key: sonar-cache-${{ github.event.head_commit.id }}
restore-keys: |
sonar-cache-
- name: Configure
run: cmake -DCMAKE_BUILD_TYPE=Profile -DSTRIP_SYMBOLS=ON source
- name: Build
run: build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir build-wrapper-output-dir make -j $(nproc)
- name: Tests python3
run: |
virtualenv -p python3.9 navitia_py3
. navitia_py3/bin/activate
pip install -r source/jormungandr/requirements_dev.txt
export JORMUNGANDR_BROKER_URL='amqp://guest:guest@rabbitmq:5672//'
export KRAKEN_RABBITMQ_HOST='rabbitmq'
ctest --output-on-failure
deactivate
- name: docker_test python3
run: |
. navitia_py3/bin/activate
pip install -r source/jormungandr/requirements_dev.txt
pip install -r source/tyr/requirements_dev.txt
pip install -r source/sql/requirements.txt
export NAVITIA_CHAOS_DUMP_PATH=$(echo $GITHUB_WORKSPACE/source/tests/chaos/chaos_loading.sql.gz | sed -e 's#__w#/opt/actions-runner/_work#')
echo $NAVITIA_CHAOS_DUMP_PATH
make docker_test
deactivate
rm -rf navitia_py3
env:
NAVITIA_DOCKER_NETWORK: ${{ job.container.network }}
TYR_CELERY_BROKER_URL: 'amqp://guest:guest@rabbitmq:5672//'
TYR_REDIS_HOST: 'redis'
- name: Coverage
run: gcovr -k -r . -f source -e source/third_party --sonarqube cov.xml
- name: SonarCloud Scan
# We only want 1 scan as it would bloat sonarcube otherwise
# And only on an internal merge (to dev/master) as SonarCloud's token uses Secrets that not available from a fork :( (eg. https://docs.github.com/en/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner-$SONAR_SCANNER_VERSION-linux/bin/sonar-scanner \
-Dsonar.token=$SONAR_TOKEN \
-Dsonar.cfamily.threads=$(nproc)
- name: clean up workspace
if: ${{ always() }}
run: |
rm -rf ./*
rm -rf ./.??*