Sonar Quality Pull Request Analysis #228

Workflow file for this run

.github/workflows/sonar-pr-from-fork-scan.yml at 2fff615

	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	name: Sonar Quality Pull Request Analysis

	on:
	workflow_run:
	workflows: [SonarBuild]
	types: [completed]

	concurrency:
	group: sonar-pr-workflow-${{ github.event.workflow_run.head_repository.full_name }}-${{ github.event.workflow_run.head_branch }}
	cancel-in-progress: true

	jobs:
	sonarcloud:
	if: ${{ github.event.workflow_run.conclusion == 'success' && github.repository == 'apache/ignite' }}
	name: Sonar Analysis
	runs-on: ubuntu-latest
	permissions:
	contents: read
	actions: write
	checks: write
	steps:
	- name: Download pull request event artifact
	uses: actions/download-artifact@v4
	with:
	name: pr-event-artifact
	run-id: ${{ github.event.workflow_run.id }}
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Read pull request event
	shell: bash
	run: \|
	echo "pr_number=$(sed '1q;d' pr-event.txt)" >> "$GITHUB_ENV"
	echo "pr_head_ref=$(sed '2q;d' pr-event.txt)" >> "$GITHUB_ENV"
	echo "pr_base_ref=$(sed '3q;d' pr-event.txt)" >> "$GITHUB_ENV"
	echo "pr_head_sha=$(sed '4q;d' pr-event.txt)" >> "$GITHUB_ENV"
	echo "target_artifact_id=$(sed '5q;d' pr-event.txt)" >> "$GITHUB_ENV"

	- name: Create new PR check
	uses: actions/github-script@v7
	id: check
	with:
	script: \|
	const jobs_response = await github.rest.actions.listJobsForWorkflowRunAttempt({
	...context.repo,
	run_id: context.runId,
	attempt_number: process.env.GITHUB_RUN_ATTEMPT,
	});

	const job_url = jobs_response.data.jobs[0].html_url;

	const check_response = await github.rest.checks.create({
	...context.repo,
	name: 'Sonar Quality Pull Request Analysis',
	head_sha: process.env.pr_head_sha,
	status: 'in_progress',
	output: {
	title: 'Sonar Quality Pull Request Analysis',
	summary: '[Details ...](' + job_url + ')'
	}
	});

	return check_response.data.id;
	result-encoding: string

	- name: Checkout PR head branch
	uses: actions/checkout@v4
	with:
	repository: ${{ github.event.workflow_run.head_repository.full_name }}
	ref: ${{ github.event.workflow_run.head_branch }}
	fetch-depth: 0
	# "fetch-depth: 0" is needed for Sonar's new code detection, blame information and issue backdating
	# see more details at https://community.sonarsource.com/t/git-fetch-depth-implications/75260

	- name: Checkout PR base branch
	run: \|
	git remote add upstream ${{ github.event.repository.clone_url }}
	git fetch upstream
	git checkout -B $pr_base_ref upstream/$pr_base_ref
	git checkout ${{ github.event.workflow_run.head_branch }}
	git clean -ffdx && git reset --hard HEAD

	- name: Download compiled classes artifact
	uses: actions/download-artifact@v4
	with:
	name: target-artifact
	run-id: ${{ github.event.workflow_run.id }}
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Delete compiled classes artifact
	if: always()
	uses: actions/github-script@v7
	with:
	script: \|
	await github.rest.actions.deleteArtifact({
	...context.repo,
	artifact_id: process.env.target_artifact_id
	});

	- name: Extract compiled classes artifact
	shell: bash
	run: tar -xf target.tar

	- name: Set up JDK17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'

	- name: Cache SonarCloud packages
	uses: actions/cache@v4
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar

	- name: Cache local Maven repository
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: \|
	${{ runner.os }}-m2

	- name: Sonar Analyze Upload
	shell: bash
	run: >
	./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
	-P all-java,lgpl,examples,skip-docs
	-Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
	-Dsonar.pullrequest.branch=${{ env.pr_head_ref }}
	-Dsonar.pullrequest.base=${{ env.pr_base_ref }}
	-Dsonar.pullrequest.key=${{ env.pr_number }}
	-Dsonar.pullrequest.github.repository=apache/ignite
	-Dsonar.pullrequest.provider=GitHub
	-Dsonar.pullrequest.github.summary_comment=true
	-Dsonar.projectKey=apache_ignite
	-Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }}
	-B -V
	env:
	MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication"
	SONAR_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication"
	JAVA_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication"

	- name: Update status of PR check
	uses: actions/github-script@v7
	if: always()
	env:
	CHECK_ID: ${{ steps.check.outputs.result }}
	JOB_STATUS: ${{ job.status }}
	with:
	script: \|
	const { CHECK_ID, JOB_STATUS } = process.env;

	await github.rest.checks.update({
	...context.repo,
	check_run_id: CHECK_ID,
	status: 'completed',
	conclusion: JOB_STATUS
	});

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sonar Quality Pull Request Analysis #228

Workflow file

Sonar Quality Pull Request Analysis #228

Jobs

Run details

Workflow file for this run