From b4429f6c1a0edf5919373c421be2e7e964996e9d Mon Sep 17 00:00:00 2001 From: Keelah Date: Fri, 11 Oct 2024 18:01:16 +0200 Subject: [PATCH 1/3] Sonar Scanner fixes --- .github/workflows/codeql-analysis.yml | 67 ++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 28fe31a..38a0325 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -49,20 +49,65 @@ jobs: AnalysisSonar: name: Analyze with SonarCloud - runs-on: ubuntu-latest + runs-on: windows-latest permissions: pull-requests: write # allows SonarCloud to decorate PRs with analysis results - steps: - - name: Analyze with SonarCloud + # steps: # DOES NOT SCAN FOR SOME REASON ? + # - name: Analyze with SonarCloud + + # # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@v3 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # with: + # # Additional arguments for the SonarScanner CLI + # args: + # -Dsonar.projectKey=Foxlider_FASTER + # -Dsonar.organization=foxlicorp + # projectBaseDir: . + - # You can pin the exact commit or the version. - uses: SonarSource/sonarcloud-github-action@v3 + steps: + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'zulu' # Alternative distribution options are available. + + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~\sonar\cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache SonarCloud scanner + id: cache-sonar-scanner + uses: actions/cache@v4 + with: + path: .\.sonar\scanner + key: ${{ runner.os }}-sonar-scanner + restore-keys: ${{ runner.os }}-sonar-scanner + + - name: Install SonarCloud scanner + if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' + shell: pwsh + run: | + New-Item -Path .\.sonar\scanner -ItemType Directory + dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner + + - name: Build and analyze env: + GITHUB_TOKEN: ${{ secrets.PR_DECORATION }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - with: - # Additional arguments for the SonarScanner CLI - args: - -Dsonar.projectKey=Foxlider_FASTER - -Dsonar.organization=foxlicorp - projectBaseDir: . \ No newline at end of file + shell: pwsh + run: | + .\.sonar\scanner\dotnet-sonarscanner begin /k:"Foxlider_FASTER" /o:"foxlicorp" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" + dotnet build + .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + \ No newline at end of file From 1205130643200fb42de376029e0f94c6b418766e Mon Sep 17 00:00:00 2001 From: Keelah Date: Fri, 11 Oct 2024 18:15:01 +0200 Subject: [PATCH 2/3] Actually this might just work --- .github/workflows/codeql-analysis.yml | 69 ++++++--------------------- 1 file changed, 14 insertions(+), 55 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 38a0325..9177e82 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -49,65 +49,24 @@ jobs: AnalysisSonar: name: Analyze with SonarCloud - runs-on: windows-latest + runs-on: ubuntu-latest permissions: pull-requests: write # allows SonarCloud to decorate PRs with analysis results - # steps: # DOES NOT SCAN FOR SOME REASON ? - # - name: Analyze with SonarCloud - - # # You can pin the exact commit or the version. - # uses: SonarSource/sonarcloud-github-action@v3 - # env: - # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - # with: - # # Additional arguments for the SonarScanner CLI - # args: - # -Dsonar.projectKey=Foxlider_FASTER - # -Dsonar.organization=foxlicorp - # projectBaseDir: . - - - steps: - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: 'zulu' # Alternative distribution options are available. - + steps: # DOES NOT SCAN FOR SOME REASON ? - uses: actions/checkout@v4 with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - - name: Cache SonarCloud packages - uses: actions/cache@v4 - with: - path: ~\sonar\cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - - name: Cache SonarCloud scanner - id: cache-sonar-scanner - uses: actions/cache@v4 - with: - path: .\.sonar\scanner - key: ${{ runner.os }}-sonar-scanner - restore-keys: ${{ runner.os }}-sonar-scanner - - - name: Install SonarCloud scanner - if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' - shell: pwsh - run: | - New-Item -Path .\.sonar\scanner -ItemType Directory - dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner - - - name: Build and analyze + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + - name: Analyze with SonarCloud + + # You can pin the exact commit or the version. + uses: SonarSource/sonarcloud-github-action@v3 env: - GITHUB_TOKEN: ${{ secrets.PR_DECORATION }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - shell: pwsh - run: | - .\.sonar\scanner\dotnet-sonarscanner begin /k:"Foxlider_FASTER" /o:"foxlicorp" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" - dotnet build - .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" - \ No newline at end of file + with: + # Additional arguments for the SonarScanner CLI + args: + -Dsonar.projectKey=Foxlider_FASTER + -Dsonar.organization=foxlicorp + projectBaseDir: . From 0e4c97aeb830caeb0e99b47bb1c4c7e17a759edb Mon Sep 17 00:00:00 2001 From: Keelah Date: Fri, 11 Oct 2024 18:21:57 +0200 Subject: [PATCH 3/3] Nope... *sigh* --- .github/workflows/codeql-analysis.yml | 69 +++++++++++++++++++++------ 1 file changed, 55 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9177e82..38a0325 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -49,24 +49,65 @@ jobs: AnalysisSonar: name: Analyze with SonarCloud - runs-on: ubuntu-latest + runs-on: windows-latest permissions: pull-requests: write # allows SonarCloud to decorate PRs with analysis results - steps: # DOES NOT SCAN FOR SOME REASON ? + # steps: # DOES NOT SCAN FOR SOME REASON ? + # - name: Analyze with SonarCloud + + # # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@v3 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # with: + # # Additional arguments for the SonarScanner CLI + # args: + # -Dsonar.projectKey=Foxlider_FASTER + # -Dsonar.organization=foxlicorp + # projectBaseDir: . + + + steps: + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: 'zulu' # Alternative distribution options are available. + - uses: actions/checkout@v4 with: - # Disabling shallow clone is recommended for improving relevancy of reporting - fetch-depth: 0 - - name: Analyze with SonarCloud - - # You can pin the exact commit or the version. - uses: SonarSource/sonarcloud-github-action@v3 + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~\sonar\cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + + - name: Cache SonarCloud scanner + id: cache-sonar-scanner + uses: actions/cache@v4 + with: + path: .\.sonar\scanner + key: ${{ runner.os }}-sonar-scanner + restore-keys: ${{ runner.os }}-sonar-scanner + + - name: Install SonarCloud scanner + if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' + shell: pwsh + run: | + New-Item -Path .\.sonar\scanner -ItemType Directory + dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner + + - name: Build and analyze env: + GITHUB_TOKEN: ${{ secrets.PR_DECORATION }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - with: - # Additional arguments for the SonarScanner CLI - args: - -Dsonar.projectKey=Foxlider_FASTER - -Dsonar.organization=foxlicorp - projectBaseDir: . + shell: pwsh + run: | + .\.sonar\scanner\dotnet-sonarscanner begin /k:"Foxlider_FASTER" /o:"foxlicorp" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" + dotnet build + .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + \ No newline at end of file