ci: add sonar coverage

primer-io · Apr 24, 2024 · 4a46d47 · 4a46d47
1 parent f5cf22a
commit 4a46d47
Show file tree

Hide file tree

Showing 10 changed files with 317 additions and 124 deletions.
diff --git a/.github/actions/sdk-tests/action.yml b/.github/actions/sdk-tests/action.yml
@@ -0,0 +1,71 @@
+name: 'Run SDK tests'
+description: 'Test the SDK using SPM'
+inputs:
+  ssh-private-key:
+    description: SSH private key
+    required: true
+  known-hosts:
+    description: Known Hosts
+    required: true
+  match-password:
+    description: Match password
+    required: true
+  match-git-private-key:
+    description: Match git private key
+    required: true
+  fastlane-password:
+    description: Fastlane password
+    required: true
+  fastlane-session:
+    description: Fastlane session
+    required: true
+  match-keychain-name:
+    description: Match keychain name
+    required: true
+  match-keychain-password:
+    description: Match keychain password
+    required: true
+  source-branch:
+    description: Source branch
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Select Xcode Version
+      uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
+      with:
+        xcode-version: '15.2'
+    - name: Install SSH key
+      uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 #v2.7.0
+      with:
+        key: ${{ inputs.ssh-private-key }}
+        name: id_rsa_github_actions
+        known_hosts: ${{ inputs.known-hosts }}
+    - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      with:
+        ssh-private-key: ${{ inputs.ssh-private-key }}
+    - uses: ruby/setup-ruby@d4526a55538b775af234ba4af27118ed6f8f6677  # v1.172.0
+      with:
+        ruby-version: "3.2"
+        bundler-cache: true
+    - name: Build SPM App
+      shell: bash
+      run: |
+        bundle exec fastlane test_spm
+      env:
+        MATCH_PASSWORD: ${{ inputs.match-password }}
+        MATCH_GIT_PRIVATE_KEY: ${{ inputs.ssh-private-key }}
+        FASTLANE_PASSWORD: ${{ inputs.fastlane-password }}
+        FASTLANE_SESSION: ${{ inputs.fastlane-session }}
+        MATCH_KEYCHAIN_NAME: ${{ inputs.match-keychain-name }}
+        MATCH_KEYCHAIN_PASSWORD: ${{ inputs.match-password }}
+        SOURCE_BRANCH: ${{ inputs.source-branch }}
+    - name: Prepare coverage reports
+      shell: bash
+      run: |
+        bash Scripts/xccov-to-sonarqube-generic.sh fastlane/test_output/PrimerSDKTests.xcresult/ > coverage.xml
+        sed "s#$PWD/##g" coverage.xml > coverage_cleaned.xml
+    - uses: actions/upload-artifact@master
+      with:
+        name: coverage-file
+        path: coverage_cleaned.xml
diff --git a/.github/actions/sonar/action.yml b/.github/actions/sonar/action.yml
@@ -0,0 +1,37 @@
+name: 'Run Sonar tests'
+description: 'Upload code quality scans to Sonar'
+inputs:
+  github-token:
+    description: GitHub token
+    required: true
+  sonar-token:
+    description: Sonar token
+    required: true
+  sonar-host:
+    description: Sonar host URL
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/download-artifact@master
+      with:
+        name: coverage-file
+    - name: Update sonar-project.properties
+      shell: bash
+      run: |
+        echo "sonar.pullrequest.key=${{github.event.pull_request.number}}" >> sonar-project.properties
+        echo "sonar.pullrequest.branch=${{github.head_ref}}" >> sonar-project.properties
+        echo "sonar.pullrequest.base=${{github.base_ref}}" >> sonar-project.properties
+        echo "sonar.scm.revision=${{ github.event.pull_request.head.sha }}" >> sonar-project.properties
+    - name: SonarCloud Scan
+      uses: sonarsource/sonarqube-scan-action@master
+      env:
+        GITHUB_TOKEN: ${{ inputs.github-token }} # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ inputs.sonar-token }}
+        SONAR_HOST_URL: ${{ inputs.sonar-host }}
+    - name: SonarQube Quality Gate check
+      id: sonarqube-quality-gate-check
+      uses: sonarsource/sonarqube-quality-gate-action@master
+      env:
+        SONAR_TOKEN: ${{ inputs.sonar-token }}
+        SONAR_HOST_URL: ${{ inputs.sonar-host }}
diff --git a/.github/workflows/build_test_upload.yml → .github/workflows/build-test-upload.yml b/.github/workflows/build_test_upload.yml → .github/workflows/build-test-upload.yml
@@ -6,7 +6,7 @@ on:
       - opened
       - synchronize
 
-concurrency: 
+concurrency:
   group: ${{ github.ref }}-tests
   cancel-in-progress: true
 
@@ -21,7 +21,7 @@ jobs:
         with:
           ref: ${{ github.ref }}
       - name: Select Xcode Version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 
+        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
         with:
           xcode-version: '15.2'
       - name: Install SSH key
@@ -37,7 +37,7 @@ jobs:
         with:
           ruby-version: "3.2"
           bundler-cache: true
-      - name: Run Unit Tests 
+      - name: Run Unit Tests
         shell: bash
         run: |
           bundle exec fastlane tests
@@ -49,7 +49,6 @@ jobs:
           MATCH_KEYCHAIN_NAME: ${{ secrets.MATCH_KEYCHAIN_NAME }}
           MATCH_KEYCHAIN_PASSWORD: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
           SOURCE_BRANCH: ${{ github.head_ref }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   sdk-unit-tests:
     runs-on: macos-13-large
     timeout-minutes: 20
@@ -63,36 +62,46 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.ref }}
-      - name: Select Xcode Version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
-        with:
-          xcode-version: '15.2'
-      - name: Install SSH key
-        uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 #v2.7.0
-        with:
-          key: ${{ secrets.SSH_KEY }}
-          name: id_rsa_github_actions
-          known_hosts: ${{ secrets.KNOWN_HOSTS }}
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - name: Run SDK tests
+        uses: ./.github/actions/sdk-tests
         with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           ssh-private-key: ${{ secrets.SSH_KEY }}
-      - uses: ruby/setup-ruby@d4526a55538b775af234ba4af27118ed6f8f6677  # v1.172.0
+          known-hosts: ${{ secrets.KNOWN_HOSTS }}
+          match-password: ${{ secrets.MATCH_PASSWORD }}
+          match-git-private-key: ${{ secrets.FASTLANE_PASSWORD }}
+          fastlane-session: ${{ secrets.FASTLANE_SESSION }}
+          fastlane-password: ${{ secrets.FASTLANE_PASSWORD }}
+          match-keychain-name: ${{ secrets.MATCH_KEYCHAIN_NAME }}
+          match-keychain-password: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
+
+  sonarcloud:
+    needs:
+      - sdk-unit-tests
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
-          ruby-version: "3.2"
-          bundler-cache: true
-      - name: Build SPM App
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: actions/download-artifact@master
+        with:
+          name: coverage-file
+      - name: Update sonar-project.properties
         run: |
-          bundle exec fastlane test_spm
-        env:
-          MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
-          MATCH_GIT_PRIVATE_KEY: ${{ secrets.SSH_KEY }}
-          FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }}
-          FASTLANE_SESSION: ${{ secrets.FASTLANE_SESSION }}
-          MATCH_KEYCHAIN_NAME: ${{ secrets.MATCH_KEYCHAIN_NAME }}
-          MATCH_KEYCHAIN_PASSWORD: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
-          SOURCE_BRANCH: ${{ github.head_ref }}
+          echo "sonar.pullrequest.key=${{github.event.pull_request.number}}" >> sonar-project.properties
+          echo "sonar.pullrequest.branch=${{github.head_ref}}" >> sonar-project.properties
+          echo "sonar.pullrequest.base=${{github.base_ref}}" >> sonar-project.properties
+          echo "sonar.scm.revision=${{ github.event.pull_request.head.sha }}" >> sonar-project.properties
+      - name: SonarCloud Scan
+        uses: ./.github/actions/sonar
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          sonar-token: ${{ secrets.SONAR_TOKEN }}
+          sonar-host: https://sonarcloud.io./
+
   build-and-upload-to-appetize:
-    needs: 
+    needs:
       - debug-app-unit-tests
       - sdk-unit-tests
     runs-on: macos-13

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
diff --git a/.github/workflows/test-and-code-quality.yml b/.github/workflows/test-and-code-quality.yml
@@ -0,0 +1,62 @@
+name: Test SDK and upload Code Quality metrics
+
+on:
+  push:
+    branch:
+      - master
+
+concurrency:
+  group: ${{ github.ref }}-tests
+  cancel-in-progress: true
+
+jobs:
+  sdk-unit-tests:
+    runs-on: macos-13-large
+    timeout-minutes: 20
+    name: "SDK - Unit Tests"
+    steps:
+      - name: Cancel previous jobs
+        uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # v0.12.1
+        with:
+          access_token: ${{ github.token }}
+      - name: Git - Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: ${{ github.ref }}
+      - name: Run SDK tests
+        uses: ./.github/actions/sdk-tests
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          ssh-private-key: ${{ secrets.SSH_KEY }}
+          known-hosts: ${{ secrets.KNOWN_HOSTS }}
+          match-password: ${{ secrets.MATCH_PASSWORD }}
+          match-git-private-key: ${{ secrets.FASTLANE_PASSWORD }}
+          fastlane-session: ${{ secrets.FASTLANE_SESSION }}
+          fastlane-password: ${{ secrets.FASTLANE_PASSWORD }}
+          match-keychain-name: ${{ secrets.MATCH_KEYCHAIN_NAME }}
+          match-keychain-password: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
+
+  sonarcloud:
+    needs:
+      - sdk-unit-tests
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: actions/download-artifact@master
+        with:
+          name: coverage-file
+      - name: Update sonar-project.properties
+        run: |
+          echo "sonar.pullrequest.key=${{github.event.pull_request.number}}" >> sonar-project.properties
+          echo "sonar.pullrequest.branch=${{github.head_ref}}" >> sonar-project.properties
+          echo "sonar.pullrequest.base=${{github.base_ref}}" >> sonar-project.properties
+          echo "sonar.scm.revision=${{ github.event.pull_request.head.sha }}" >> sonar-project.properties
+      - name: SonarCloud Scan
+        uses: ./.github/actions/sonar
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          sonar-token: ${{ secrets.SONAR_TOKEN }}
+          sonar-host: https://sonarcloud.io./