This is an automated email from the ASF dual-hosted git repository.
timoninmaxim pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 2dd234d52fe IGNITE-20466 Support Sonar checks for PRs from external
forks (#11452)
2dd234d52fe is described below
commit 2dd234d52fe80b6af46d5226f51bfd08fb0f8f50
Author: Sergey Korotkov <[email protected]>
AuthorDate: Mon Jul 29 19:20:13 2024 +0700
IGNITE-20466 Support Sonar checks for PRs from external forks (#11452)
---
.github/workflows/commit-check.yml | 12 +-
.github/workflows/sonar-branch.yml | 30 +++--
.github/workflows/sonar-pr-from-fork-build.yml | 91 +++++++++++++
.github/workflows/sonar-pr-from-fork-scan.yml | 175 +++++++++++++++++++++++++
.github/workflows/sonar-pr-from-fork.yml | 91 -------------
5 files changed, 293 insertions(+), 106 deletions(-)
diff --git a/.github/workflows/commit-check.yml
b/.github/workflows/commit-check.yml
index cb532850a93..36d6425e580 100644
--- a/.github/workflows/commit-check.yml
+++ b/.github/workflows/commit-check.yml
@@ -34,12 +34,12 @@ jobs:
java: [ '8', '11' ]
name: Check java code on JDK ${{ matrix.java }}
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
@@ -75,12 +75,12 @@ jobs:
name: Сheck .NET code
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup .NET SDK
- uses: actions/setup-dotnet@v3
+ uses: actions/setup-dotnet@v4
with:
dotnet-version: '6.0.x'
@@ -100,12 +100,12 @@ jobs:
- { python: "3.8", toxenv: "py38" }
- { python: "3.8", toxenv: "codestyle" }
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v4
+ uses: actions/setup-python@v5
with:
python-version: ${{ matrix.cfg.python}}
diff --git a/.github/workflows/sonar-branch.yml
b/.github/workflows/sonar-branch.yml
index f7a4c98914f..90463bb1369 100644
--- a/.github/workflows/sonar-branch.yml
+++ b/.github/workflows/sonar-branch.yml
@@ -23,34 +23,40 @@ on:
- master
- 'ignite-[0-9].[0-9]+.[0-9]+*'
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
jobs:
sonarcloud:
name: Sonar Analysis
if: github.repository == 'apache/ignite'
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
+ persist-credentials: false
+ # "fetch-depth: 0" is needed for Sonar's new code detection, blame
information and issue backdating
+ # see more details at
https://community.sonarsource.com/t/git-fetch-depth-implications/75260
- - name: Setup java
- uses: actions/setup-java@v3
+ - name: Setup JDK11
+ uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 11
- cache: 'maven'
- name: Cache SonarCloud packages
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
- path: ~/.m2
+ path: ~/.m2/repository
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
@@ -59,7 +65,13 @@ jobs:
- name: Build with Maven
run: |
- ./mvnw install -P all-java,lgpl,examples,skip-docs -DskipTests -B -V
+ ./mvnw install -P all-java,lgpl,examples,skip-docs -DskipTests -B -V
+
+ - name: Setup JDK17
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'temurin'
+ java-version: 17
- name: Sonar Analyze Upload
run: >
@@ -67,7 +79,7 @@ jobs:
-P all-java,lgpl,examples,skip-docs
-Dsonar.branch.name=${{ github.ref_name }}
-Dsonar.projectKey=apache_ignite
- -Dsonar.login=${SONARCLOUD_TOKEN}
+ -Dsonar.token=${SONARCLOUD_TOKEN}
-B -V
env:
MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
diff --git a/.github/workflows/sonar-pr-from-fork-build.yml
b/.github/workflows/sonar-pr-from-fork-build.yml
new file mode 100644
index 00000000000..a1c8fc4bc0b
--- /dev/null
+++ b/.github/workflows/sonar-pr-from-fork-build.yml
@@ -0,0 +1,91 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: SonarBuild
+
+on: pull_request
+
+permissions:
+ contents: read
+
+concurrency:
+ group: sonar-pr-workflow-${{ github.event.pull_request.head.repo.full_name
}}-${{ github.event.pull_request.head.ref }}
+ cancel-in-progress: true
+
+jobs:
+ build:
+ if: github.repository == 'apache/ignite'
+ name: Build artifacts for Sonar Analysis
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ ref: "refs/pull/${{ github.event.number }}/merge"
+ persist-credentials: false
+
+ - name: Set up JDK11
+ uses: actions/setup-java@v4
+ with:
+ distribution: 'temurin'
+ java-version: '11'
+
+ - name: Cache local Maven repository
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-m2
+
+ - name: Install Libnuma
+ run: sudo apt-get update && sudo apt-get install libnuma-dev
+
+ - name: Build with Maven
+ run: |
+ ./mvnw install -P all-java,lgpl,examples,skip-docs -DskipTests -B -V
+
+ - name: Prepare compiled classes artifact
+ shell: bash
+ run: find -iname "*target" -type d -exec tar -rf target.tar {} \+
+
+ - name: Upload compiled classes artifact
+ uses: actions/upload-artifact@v4
+ id: target-artifact-upload-step
+ with:
+ name: target-artifact
+ path: |
+ target.tar
+ if-no-files-found: error
+ retention-days: 1
+
+ - name: Prepare pull request artifact
+ shell: bash
+ run: |
+ echo ${{ github.event.pull_request.number }} >> pr-event.txt
+ echo ${{ github.event.pull_request.head.ref }} >> pr-event.txt
+ echo ${{ github.event.pull_request.base.ref }} >> pr-event.txt
+ echo ${{ github.event.pull_request.head.sha }} >> pr-event.txt
+ echo ${{ steps.target-artifact-upload-step.outputs.artifact-id }} >>
pr-event.txt
+
+ - name: Upload pull request event artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: pr-event-artifact
+ path: |
+ pr-event.txt
+ if-no-files-found: error
+ retention-days: 1
diff --git a/.github/workflows/sonar-pr-from-fork-scan.yml
b/.github/workflows/sonar-pr-from-fork-scan.yml
new file mode 100644
index 00000000000..f32fd998037
--- /dev/null
+++ b/.github/workflows/sonar-pr-from-fork-scan.yml
@@ -0,0 +1,175 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: Sonar Quality Pull Request Analysis
+
+on:
+ workflow_run:
+ workflows: [SonarBuild]
+ types: [completed]
+
+concurrency:
+ group: sonar-pr-workflow-${{
github.event.workflow_run.head_repository.full_name }}-${{
github.event.workflow_run.head_branch }}
+ cancel-in-progress: true
+
+jobs:
+ sonarcloud:
+ if: ${{ github.event.workflow_run.conclusion == 'success' &&
github.repository == 'apache/ignite' }}
+ name: Sonar Analysis
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ actions: write
+ checks: write
+ steps:
+ - name: Download pull request event artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: pr-event-artifact
+ run-id: ${{ github.event.workflow_run.id }}
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Read pull request event
+ shell: bash
+ run: |
+ echo "pr_number=$(sed '1q;d' pr-event.txt)" >> "$GITHUB_ENV"
+ echo "pr_head_ref=$(sed '2q;d' pr-event.txt)" >> "$GITHUB_ENV"
+ echo "pr_base_ref=$(sed '3q;d' pr-event.txt)" >> "$GITHUB_ENV"
+ echo "pr_head_sha=$(sed '4q;d' pr-event.txt)" >> "$GITHUB_ENV"
+ echo "target_artifact_id=$(sed '5q;d' pr-event.txt)" >> "$GITHUB_ENV"
+
+ - name: Create new PR check
+ uses: actions/github-script@v7
+ id: check
+ with:
+ script: |
+ const jobs_response = await
github.rest.actions.listJobsForWorkflowRunAttempt({
+ ...context.repo,
+ run_id: context.runId,
+ attempt_number: process.env.GITHUB_RUN_ATTEMPT,
+ });
+
+ const job_url = jobs_response.data.jobs[0].html_url;
+
+ const check_response = await github.rest.checks.create({
+ ...context.repo,
+ name: 'Sonar Quality Pull Request Analysis',
+ head_sha: process.env.pr_head_sha,
+ status: 'in_progress',
+ output: {
+ title: 'Sonar Quality Pull Request Analysis',
+ summary: '[Details ...](' + job_url + ')'
+ }
+ });
+
+ return check_response.data.id;
+ result-encoding: string
+
+ - name: Checkout PR head branch
+ uses: actions/checkout@v4
+ with:
+ repository: ${{ github.event.workflow_run.head_repository.full_name
}}
+ ref: ${{ github.event.workflow_run.head_branch }}
+ fetch-depth: 0
+ # "fetch-depth: 0" is needed for Sonar's new code detection, blame
information and issue backdating
+ # see more details at
https://community.sonarsource.com/t/git-fetch-depth-implications/75260
+
+ - name: Checkout PR base branch
+ run: |
+ git remote add upstream ${{ github.event.repository.clone_url }}
+ git fetch upstream
+ git checkout -B $pr_base_ref upstream/$pr_base_ref
+ git checkout ${{ github.event.workflow_run.head_branch }}
+ git clean -ffdx && git reset --hard HEAD
+
+ - name: Download compiled classes artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: target-artifact
+ run-id: ${{ github.event.workflow_run.id }}
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Delete compiled classes artifact
+ if: always()
+ uses: actions/github-script@v7
+ with:
+ script: |
+ await github.rest.actions.deleteArtifact({
+ ...context.repo,
+ artifact_id: process.env.target_artifact_id
+ });
+
+ - name: Extract compiled classes artifact
+ shell: bash
+ run: tar -xf target.tar
+
+ - name: Set up JDK17
+ uses: actions/setup-java@v4
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+
+ - name: Cache SonarCloud packages
+ uses: actions/cache@v4
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+
+ - name: Cache local Maven repository
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+ restore-keys: |
+ ${{ runner.os }}-m2
+
+ - name: Sonar Analyze Upload
+ shell: bash
+ run: >
+ ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+ -P all-java,lgpl,examples,skip-docs
+ -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
+ -Dsonar.pullrequest.branch=${{ env.pr_head_ref }}
+ -Dsonar.pullrequest.base=${{ env.pr_base_ref }}
+ -Dsonar.pullrequest.key=${{ env.pr_number }}
+ -Dsonar.pullrequest.github.repository=apache/ignite
+ -Dsonar.pullrequest.provider=GitHub
+ -Dsonar.pullrequest.github.summary_comment=true
+ -Dsonar.projectKey=apache_ignite
+ -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }}
+ -B -V
+ env:
+ MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
+ SONAR_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
+ JAVA_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
+
+ - name: Update status of PR check
+ uses: actions/github-script@v7
+ if: always()
+ env:
+ CHECK_ID: ${{ steps.check.outputs.result }}
+ JOB_STATUS: ${{ job.status }}
+ with:
+ script: |
+ const { CHECK_ID, JOB_STATUS } = process.env;
+
+ await github.rest.checks.update({
+ ...context.repo,
+ check_run_id: CHECK_ID,
+ status: 'completed',
+ conclusion: JOB_STATUS
+ });
diff --git a/.github/workflows/sonar-pr-from-fork.yml
b/.github/workflows/sonar-pr-from-fork.yml
deleted file mode 100644
index f4309f68ce6..00000000000
--- a/.github/workflows/sonar-pr-from-fork.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-name: Sonar Quality Pull Request Analysis
-
-# TODO IGNITE-20466 Investigate and fix the issue with running this workflow
on PRs from forks.
-on: pull_request
-
-permissions:
- contents: read
-
-concurrency:
- group: ${{ github.workflow }}-${{ github.event.pull_request.number ||
github.ref }}
- cancel-in-progress: true
-
-jobs:
- sonarcloud:
- if: github.repository == 'apache/ignite'
- name: Sonar Analysis
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- with:
- ref: "refs/pull/${{ github.event.number }}/merge"
- fetch-depth: 0
-
- - name: Set up JDK11
- uses: actions/setup-java@v3
- with:
- distribution: 'temurin'
- java-version: '11'
- cache: 'maven'
-
- - name: Cache SonarCloud packages
- uses: actions/cache@v3
- with:
- path: ~/.sonar/cache
- key: ${{ runner.os }}-sonar
- restore-keys: ${{ runner.os }}-sonar
-
- - name: Cache local Maven repository
- uses: actions/cache@v3
- with:
- path: ~/.m2/repository
- key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: |
- ${{ runner.os }}-m2
-
- - name: Install Libnuma
- run: sudo apt-get update && sudo apt-get install libnuma-dev
-
- - name: Build with Maven
- run: |
- ./mvnw clean install -P all-java,lgpl,examples,skip-docs -DskipTests
-B -V
-
- - name: Sonar Analyze Upload
- run: >
- ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- -P all-java,lgpl,examples,skip-docs
- -Dsonar.pullrequest.branch=${PULLREQUEST_BRANCH}
- -Dsonar.pullrequest.base=${PULLREQUEST_BASE}
- -Dsonar.pullrequest.key=${PULLREQUEST_KEY}
- -Dsonar.pullrequest.github.repository=apache/ignite
- -Dsonar.pullrequest.provider=GitHub
- -Dsonar.pullrequest.github.summary_comment=true
- -Dsonar.projectKey=apache_ignite
- -Dsonar.login=${SONARCLOUD_TOKEN}
- -B -V
- env:
- MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
- SONAR_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
- JAVA_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g
-XX:+UseStringDeduplication"
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- SONARCLOUD_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
- PULLREQUEST_BRANCH: ${{ github.head_ref }}
- PULLREQUEST_BASE: ${{ github.base_ref }}
- PULLREQUEST_KEY: ${{ github.event.pull_request.number }}