This is an automated email from the ASF dual-hosted git repository.

timoninmaxim pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git


The following commit(s) were added to refs/heads/master by this push:
     new 2dd234d52fe IGNITE-20466 Support Sonar checks for PRs from external 
forks (#11452)
2dd234d52fe is described below

commit 2dd234d52fe80b6af46d5226f51bfd08fb0f8f50
Author: Sergey Korotkov <[email protected]>
AuthorDate: Mon Jul 29 19:20:13 2024 +0700

    IGNITE-20466 Support Sonar checks for PRs from external forks (#11452)
---
 .github/workflows/commit-check.yml             |  12 +-
 .github/workflows/sonar-branch.yml             |  30 +++--
 .github/workflows/sonar-pr-from-fork-build.yml |  91 +++++++++++++
 .github/workflows/sonar-pr-from-fork-scan.yml  | 175 +++++++++++++++++++++++++
 .github/workflows/sonar-pr-from-fork.yml       |  91 -------------
 5 files changed, 293 insertions(+), 106 deletions(-)

diff --git a/.github/workflows/commit-check.yml 
b/.github/workflows/commit-check.yml
index cb532850a93..36d6425e580 100644
--- a/.github/workflows/commit-check.yml
+++ b/.github/workflows/commit-check.yml
@@ -34,12 +34,12 @@ jobs:
         java: [ '8', '11' ]
     name: Check java code on JDK ${{ matrix.java }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
@@ -75,12 +75,12 @@ jobs:
     name: Сheck .NET code
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup .NET SDK
-        uses: actions/setup-dotnet@v3
+        uses: actions/setup-dotnet@v4
         with:
           dotnet-version: '6.0.x'
 
@@ -100,12 +100,12 @@ jobs:
           - { python: "3.8", toxenv: "py38" }
           - { python: "3.8", toxenv: "codestyle" }
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.cfg.python}}
 
diff --git a/.github/workflows/sonar-branch.yml 
b/.github/workflows/sonar-branch.yml
index f7a4c98914f..90463bb1369 100644
--- a/.github/workflows/sonar-branch.yml
+++ b/.github/workflows/sonar-branch.yml
@@ -23,34 +23,40 @@ on:
       - master
       - 'ignite-[0-9].[0-9]+.[0-9]+*'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   sonarcloud:
     name: Sonar Analysis
     if: github.repository == 'apache/ignite'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
+            # "fetch-depth: 0" is needed for Sonar's new code detection, blame 
information and issue backdating
+            # see more details at 
https://community.sonarsource.com/t/git-fetch-depth-implications/75260
 
-      - name: Setup java
-        uses: actions/setup-java@v3
+      - name: Setup JDK11
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: 11
-          cache: 'maven'
 
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
 
       - name: Cache Maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
-          path: ~/.m2
+          path: ~/.m2/repository
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
@@ -59,7 +65,13 @@ jobs:
 
       - name: Build with Maven
         run: |
-          ./mvnw install -P all-java,lgpl,examples,skip-docs -DskipTests -B -V 
         
+          ./mvnw install -P all-java,lgpl,examples,skip-docs -DskipTests -B -V
+
+      - name: Setup JDK17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: 17
 
       - name: Sonar Analyze Upload
         run: >
@@ -67,7 +79,7 @@ jobs:
           -P all-java,lgpl,examples,skip-docs
           -Dsonar.branch.name=${{ github.ref_name }}
           -Dsonar.projectKey=apache_ignite
-          -Dsonar.login=${SONARCLOUD_TOKEN}
+          -Dsonar.token=${SONARCLOUD_TOKEN}
           -B -V
         env:
           MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
diff --git a/.github/workflows/sonar-pr-from-fork-build.yml 
b/.github/workflows/sonar-pr-from-fork-build.yml
new file mode 100644
index 00000000000..a1c8fc4bc0b
--- /dev/null
+++ b/.github/workflows/sonar-pr-from-fork-build.yml
@@ -0,0 +1,91 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: SonarBuild
+
+on: pull_request
+
+permissions:
+  contents: read
+
+concurrency:
+  group: sonar-pr-workflow-${{ github.event.pull_request.head.repo.full_name 
}}-${{ github.event.pull_request.head.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    if: github.repository == 'apache/ignite'
+    name: Build artifacts for Sonar Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: "refs/pull/${{ github.event.number }}/merge"
+          persist-credentials: false
+
+      - name: Set up JDK11
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '11'
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-m2
+
+      - name: Install Libnuma
+        run: sudo apt-get update && sudo apt-get install libnuma-dev
+
+      - name: Build with Maven
+        run: |
+          ./mvnw install -P all-java,lgpl,examples,skip-docs -DskipTests -B -V
+
+      - name: Prepare compiled classes artifact
+        shell: bash
+        run: find -iname "*target" -type d -exec tar -rf target.tar {} \+
+
+      - name: Upload compiled classes artifact
+        uses: actions/upload-artifact@v4
+        id: target-artifact-upload-step
+        with:
+          name: target-artifact
+          path: |
+            target.tar
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Prepare pull request artifact
+        shell: bash
+        run: |
+          echo ${{ github.event.pull_request.number }} >> pr-event.txt
+          echo ${{ github.event.pull_request.head.ref }} >> pr-event.txt
+          echo ${{ github.event.pull_request.base.ref }} >> pr-event.txt
+          echo ${{ github.event.pull_request.head.sha }} >> pr-event.txt
+          echo ${{ steps.target-artifact-upload-step.outputs.artifact-id }} >> 
pr-event.txt
+
+      - name: Upload pull request event artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pr-event-artifact
+          path: |
+            pr-event.txt
+          if-no-files-found: error
+          retention-days: 1
diff --git a/.github/workflows/sonar-pr-from-fork-scan.yml 
b/.github/workflows/sonar-pr-from-fork-scan.yml
new file mode 100644
index 00000000000..f32fd998037
--- /dev/null
+++ b/.github/workflows/sonar-pr-from-fork-scan.yml
@@ -0,0 +1,175 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: Sonar Quality Pull Request Analysis
+
+on:
+  workflow_run:
+    workflows: [SonarBuild]
+    types: [completed]
+
+concurrency:
+  group: sonar-pr-workflow-${{ 
github.event.workflow_run.head_repository.full_name }}-${{ 
github.event.workflow_run.head_branch }}
+  cancel-in-progress: true
+
+jobs:
+  sonarcloud:
+    if: ${{ github.event.workflow_run.conclusion == 'success' && 
github.repository == 'apache/ignite' }}
+    name: Sonar Analysis
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: write
+      checks: write
+    steps:
+      - name: Download pull request event artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: pr-event-artifact
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Read pull request event
+        shell: bash
+        run: |
+          echo "pr_number=$(sed '1q;d' pr-event.txt)" >> "$GITHUB_ENV"
+          echo "pr_head_ref=$(sed '2q;d' pr-event.txt)" >> "$GITHUB_ENV"
+          echo "pr_base_ref=$(sed '3q;d' pr-event.txt)" >> "$GITHUB_ENV"
+          echo "pr_head_sha=$(sed '4q;d' pr-event.txt)" >> "$GITHUB_ENV"
+          echo "target_artifact_id=$(sed '5q;d' pr-event.txt)" >> "$GITHUB_ENV"
+
+      - name: Create new PR check
+        uses: actions/github-script@v7
+        id: check
+        with:
+          script: |
+            const jobs_response = await 
github.rest.actions.listJobsForWorkflowRunAttempt({
+              ...context.repo,
+              run_id: context.runId,
+              attempt_number: process.env.GITHUB_RUN_ATTEMPT,
+            });
+
+            const job_url = jobs_response.data.jobs[0].html_url;
+
+            const check_response = await github.rest.checks.create({
+              ...context.repo,
+              name: 'Sonar Quality Pull Request Analysis',
+              head_sha: process.env.pr_head_sha,
+              status: 'in_progress',
+              output: {
+                title: 'Sonar Quality Pull Request Analysis',
+                summary: '[Details ...](' + job_url + ')'
+              }
+            });
+
+            return check_response.data.id;
+          result-encoding: string
+
+      - name: Checkout PR head branch
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name 
}}
+          ref: ${{ github.event.workflow_run.head_branch }}
+          fetch-depth: 0
+            # "fetch-depth: 0" is needed for Sonar's new code detection, blame 
information and issue backdating
+            # see more details at 
https://community.sonarsource.com/t/git-fetch-depth-implications/75260
+
+      - name: Checkout PR base branch
+        run: |
+          git remote add upstream ${{ github.event.repository.clone_url }}
+          git fetch upstream
+          git checkout -B $pr_base_ref upstream/$pr_base_ref
+          git checkout ${{ github.event.workflow_run.head_branch }}
+          git clean -ffdx && git reset --hard HEAD
+
+      - name: Download compiled classes artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: target-artifact
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Delete compiled classes artifact
+        if: always()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.actions.deleteArtifact({
+              ...context.repo,
+              artifact_id: process.env.target_artifact_id
+            });
+
+      - name: Extract compiled classes artifact
+        shell: bash
+        run: tar -xf target.tar
+
+      - name: Set up JDK17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-m2
+
+      - name: Sonar Analyze Upload
+        shell: bash
+        run: >
+          ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          -P all-java,lgpl,examples,skip-docs
+          -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+          -Dsonar.pullrequest.branch=${{ env.pr_head_ref }}
+          -Dsonar.pullrequest.base=${{ env.pr_base_ref }}
+          -Dsonar.pullrequest.key=${{ env.pr_number }}
+          -Dsonar.pullrequest.github.repository=apache/ignite
+          -Dsonar.pullrequest.provider=GitHub
+          -Dsonar.pullrequest.github.summary_comment=true
+          -Dsonar.projectKey=apache_ignite
+          -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }}
+          -B -V
+        env:
+          MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
+          SONAR_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
+          JAVA_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
+
+      - name: Update status of PR check
+        uses: actions/github-script@v7
+        if: always()
+        env:
+          CHECK_ID: ${{ steps.check.outputs.result }}
+          JOB_STATUS: ${{ job.status }}
+        with:
+          script: |
+            const { CHECK_ID, JOB_STATUS } = process.env;
+
+            await github.rest.checks.update({
+              ...context.repo,
+              check_run_id: CHECK_ID,
+              status: 'completed',
+              conclusion: JOB_STATUS
+            });
diff --git a/.github/workflows/sonar-pr-from-fork.yml 
b/.github/workflows/sonar-pr-from-fork.yml
deleted file mode 100644
index f4309f68ce6..00000000000
--- a/.github/workflows/sonar-pr-from-fork.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-name: Sonar Quality Pull Request Analysis
-
-# TODO IGNITE-20466 Investigate and fix the issue with running this workflow 
on PRs from forks.
-on: pull_request
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || 
github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sonarcloud:
-    if: github.repository == 'apache/ignite'
-    name: Sonar Analysis
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: "refs/pull/${{ github.event.number }}/merge"
-          fetch-depth: 0
-
-      - name: Set up JDK11
-        uses: actions/setup-java@v3
-        with:
-          distribution: 'temurin'
-          java-version: '11'
-          cache: 'maven'
-
-      - name: Cache SonarCloud packages
-        uses: actions/cache@v3
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-
-      - name: Cache local Maven repository
-        uses: actions/cache@v3
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-m2
-
-      - name: Install Libnuma
-        run: sudo apt-get update && sudo apt-get install libnuma-dev
-
-      - name: Build with Maven
-        run: |
-          ./mvnw clean install -P all-java,lgpl,examples,skip-docs -DskipTests 
-B -V          
-
-      - name: Sonar Analyze Upload
-        run: >
-          ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar 
-          -P all-java,lgpl,examples,skip-docs
-          -Dsonar.pullrequest.branch=${PULLREQUEST_BRANCH}
-          -Dsonar.pullrequest.base=${PULLREQUEST_BASE}
-          -Dsonar.pullrequest.key=${PULLREQUEST_KEY}
-          -Dsonar.pullrequest.github.repository=apache/ignite
-          -Dsonar.pullrequest.provider=GitHub 
-          -Dsonar.pullrequest.github.summary_comment=true
-          -Dsonar.projectKey=apache_ignite
-          -Dsonar.login=${SONARCLOUD_TOKEN}
-          -B -V
-        env:
-          MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
-          SONAR_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
-          JAVA_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g 
-XX:+UseStringDeduplication"
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONARCLOUD_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
-          PULLREQUEST_BRANCH: ${{ github.head_ref }}
-          PULLREQUEST_BASE: ${{ github.base_ref }}
-          PULLREQUEST_KEY: ${{ github.event.pull_request.number }}

Reply via email to