ci: sonar coverage

.github/actions/sdk-tests/action.yml

@@ -0,0 +1,74 @@
+name: 'Run SDK tests'
+description: 'Test the SDK using SPM'
+inputs:
+  ssh-private-key:
+    description: SSH private key
+    required: true
+  known-hosts:
+    description: Known Hosts
+    required: true
+  match-password:
+    description: Match password
+    required: true
+  match-git-private-key:
+    description: Match git private key
+    required: true
+  fastlane-password:
+    description: Fastlane password
+    required: true
+  fastlane-session:
+    description: Fastlane session
+    required: true
+  match-keychain-name:
+    description: Match keychain name
+    required: true
+  match-keychain-password:
+    description: Match keychain password
+    required: true
+  source-branch:
+    description: Source branch
+    required: true
+  coverage-file-name:
+    description: Name of the generic coverage file
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Select Xcode Version
+      uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
+      with:
+        xcode-version: '15.2'
+    - name: Install SSH key
+      uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 #v2.7.0
+      with:
+        key: ${{ inputs.ssh-private-key }}
+        name: id_rsa_github_actions
+        known_hosts: ${{ inputs.known-hosts }}
+    - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      with:
+        ssh-private-key: ${{ inputs.ssh-private-key }}
+    - uses: ruby/setup-ruby@d4526a55538b775af234ba4af27118ed6f8f6677  # v1.172.0
+      with:
+        ruby-version: "3.2"
+        bundler-cache: true
+    - name: Build SPM App
+      shell: bash
+      run: |
+        bundle exec fastlane test_spm
+      env:
+        MATCH_PASSWORD: ${{ inputs.match-password }}
+        MATCH_GIT_PRIVATE_KEY: ${{ inputs.ssh-private-key }}
+        FASTLANE_PASSWORD: ${{ inputs.fastlane-password }}
+        FASTLANE_SESSION: ${{ inputs.fastlane-session }}
+        MATCH_KEYCHAIN_NAME: ${{ inputs.match-keychain-name }}
+        MATCH_KEYCHAIN_PASSWORD: ${{ inputs.match-password }}
+        SOURCE_BRANCH: ${{ inputs.source-branch }}
+    - name: Prepare coverage reports
+      shell: bash
+      run: |
+        bash Scripts/xccov-to-sonarqube-generic.sh fastlane/test_output/PrimerSDKTests.xcresult/ > coverage.xml
+        sed "s#$PWD/##g" coverage.xml > ${{ inputs.coverage-file-name }}
+    - uses: actions/upload-artifact@master
+      with:
+        name: coverage-file
+        path: ${{ inputs.coverage-file-name }}

.github/actions/sonar/action.yml

@@ -0,0 +1,55 @@
+name: 'Run Sonar tests'
+description: 'Upload code quality scans to Sonar'
+inputs:
+  github-token:
+    description: GitHub token
+    required: true
+  sonar-token:
+    description: Sonar token
+    required: true
+  sonar-host:
+    description: Sonar host URL
+    required: true
+  coverage-file-name:
+    description: Name of the generic coverage file
+    required: true
+  branch:
+    description: Branch
+    required: true
+  pull-request-number:
+    description: PR number
+    required: false
+  base-branch:
+    description: PR target branch
+    required: false
+  pull-request-sha:
+    description: PR commit SHA
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/download-artifact@master
+      with:
+        name: coverage-file
+    - name: Update sonar-project.properties
+      shell: bash
+      run: |
+        echo "sonar.pullrequest.key=${{ inputs.pull-request-number }}" >> sonar-project.properties
+        echo "sonar.pullrequest.branch=${{ inputs.branch }}" >> sonar-project.properties
+        echo "sonar.pullrequest.base=${{ inputs.base-branch }}" >> sonar-project.properties
+        echo "sonar.scm.revision=${{ inputs.pull-request-sha }}" >> sonar-project.properties
+        echo "sonar.coverageReportPaths=${{ inputs.coverage-file-name }}" >> sonar-project.properties
+        cat sonar-project.properties
+    - name: SonarCloud Scan
+      uses: sonarsource/sonarqube-scan-action@master
+      env:
+        GITHUB_TOKEN: ${{ inputs.github-token }} # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ inputs.sonar-token }}
+        SONAR_HOST_URL: ${{ inputs.sonar-host }}
+    - name: SonarQube Quality Gate check
+      id: sonarqube-quality-gate-check
+      uses: sonarsource/sonarqube-quality-gate-action@master
+      env:
+        SONAR_TOKEN: ${{ inputs.sonar-token }}
+        SONAR_HOST_URL: ${{ inputs.sonar-host }}

.github/workflows/build_test_upload.yml → .github/workflows/build-test-upload.yml

@@ -6,7 +6,7 @@ on:
       - opened
       - synchronize
 
-concurrency: 
+concurrency:
   group: ${{ github.ref }}-tests
   cancel-in-progress: true
 
@@ -21,7 +21,7 @@ jobs:
         with:
           ref: ${{ github.ref }}
       - name: Select Xcode Version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 
+        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
         with:
           xcode-version: '15.2'
       - name: Install SSH key
@@ -37,7 +37,7 @@ jobs:
         with:
           ruby-version: "3.2"
           bundler-cache: true
-      - name: Run Unit Tests 
+      - name: Run Unit Tests
         shell: bash
         run: |
           bundle exec fastlane tests
@@ -62,36 +62,45 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.ref }}
-      - name: Select Xcode Version
-        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
-        with:
-          xcode-version: '15.2'
-      - name: Install SSH key
-        uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 #v2.7.0
-        with:
-          key: ${{ secrets.SSH_KEY }}
-          name: id_rsa_github_actions
-          known_hosts: ${{ secrets.KNOWN_HOSTS }}
-      - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+      - name: Run SDK tests
+        uses: ./.github/actions/sdk-tests
         with:
           ssh-private-key: ${{ secrets.SSH_KEY }}
-      - uses: ruby/setup-ruby@d4526a55538b775af234ba4af27118ed6f8f6677  # v1.172.0
-        with:
-          ruby-version: "3.2"
-          bundler-cache: true
-      - name: Build SPM App
-        run: |
-          bundle exec fastlane test_spm
-        env:
-          MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
-          MATCH_GIT_PRIVATE_KEY: ${{ secrets.SSH_KEY }}
-          FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }}
-          FASTLANE_SESSION: ${{ secrets.FASTLANE_SESSION }}
-          MATCH_KEYCHAIN_NAME: ${{ secrets.MATCH_KEYCHAIN_NAME }}
-          MATCH_KEYCHAIN_PASSWORD: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
-          SOURCE_BRANCH: ${{ github.head_ref }}
+          known-hosts: ${{ secrets.KNOWN_HOSTS }}
+          match-password: ${{ secrets.MATCH_PASSWORD }}
+          match-git-private-key: ${{ secrets.FASTLANE_PASSWORD }}
+          fastlane-session: ${{ secrets.FASTLANE_SESSION }}
+          fastlane-password: ${{ secrets.FASTLANE_PASSWORD }}
+          match-keychain-name: ${{ secrets.MATCH_KEYCHAIN_NAME }}
+          match-keychain-password: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
+          coverage-file-name: sonar-coverage.xml
+
+  sonarcloud:
+    needs:
+      - sdk-unit-tests
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: actions/download-artifact@master
+        with:
+          name: coverage-file
+      - name: SonarCloud Scan
+        uses: ./.github/actions/sonar
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          sonar-token: ${{ secrets.SONAR_TOKEN }}
+          sonar-host: https://sonarcloud.io.
+          pull-request-number: ${{ github.event.pull_request.number }}
+          branch: ${{ github.head_ref }}
+          base-branch: ${{ github.base_ref }}
+          pull-request-sha: ${{ github.event.pull_request.head.sha }}
+          coverage-file-name: sonar-coverage.xml
+
   build-and-upload-to-appetize:
-    needs: 
+    needs:
       - debug-app-unit-tests
       - sdk-unit-tests
     runs-on: macos-13

.github/workflows/test-and-code-quality.yml

@@ -0,0 +1,58 @@
+name: Test SDK and upload Code Quality metrics
+
+on:
+  push:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.ref }}-tests
+  cancel-in-progress: true
+
+jobs:
+  sdk-unit-tests:
+    runs-on: macos-13-large
+    timeout-minutes: 20
+    name: "SDK - Unit Tests"
+    steps:
+      - name: Cancel previous jobs
+        uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # v0.12.1
+        with:
+          access_token: ${{ github.token }}
+      - name: Git - Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: ${{ github.ref }}
+      - name: Run SDK tests
+        uses: ./.github/actions/sdk-tests
+        with:
+          ssh-private-key: ${{ secrets.SSH_KEY }}
+          known-hosts: ${{ secrets.KNOWN_HOSTS }}
+          match-password: ${{ secrets.MATCH_PASSWORD }}
+          match-git-private-key: ${{ secrets.FASTLANE_PASSWORD }}
+          fastlane-session: ${{ secrets.FASTLANE_SESSION }}
+          fastlane-password: ${{ secrets.FASTLANE_PASSWORD }}
+          match-keychain-name: ${{ secrets.MATCH_KEYCHAIN_NAME }}
+          match-keychain-password: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }}
+          coverage-file-name: sonar-coverage.xml
+
+  sonarcloud:
+    needs:
+      - sdk-unit-tests
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: actions/download-artifact@master
+        with:
+          name: coverage-file
+      - name: SonarCloud Scan
+        uses: ./.github/actions/sonar
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          sonar-token: ${{ secrets.SONAR_TOKEN }}
+          sonar-host: https://sonarcloud.io./
+          branch: ${{ github.head_ref }}
+          coverage-file-name: sonar-coverage.xml