From 88c3b01859aaf93d42bdfd9b9230fe9736d216c3 Mon Sep 17 00:00:00 2001 From: Carlos C Soto Date: Fri, 18 Oct 2024 13:52:59 -0600 Subject: [PATCH] Add sonarcloud workflow --- .github/workflows/sonarcloud.yml | 109 +++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000..0bbedc7 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,109 @@ +name: sonarcloud +on: + workflow_dispatch: + push: + branches: [ "main" ] + +# Actions +# shivammathur/setup-php@v2 https://github.com/marketplace/actions/setup-php-action +# sonarsource/sonarcloud-github-action@master https://github.com/marketplace/actions/sonarcloud-scan + +jobs: + + tests-coverage: + name: Create code coverage + runs-on: "ubuntu-latest" + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: xdebug + tools: composer:v2 + env: + fail-fast: true + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + - name: Cache dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} + restore-keys: ${{ runner.os }}-composer- + - name: Install project dependencies + run: composer upgrade --no-interaction --no-progress --prefer-dist + - name: Create code coverage + run: vendor/bin/phpunit --testdox --coverage-xml=build/coverage --coverage-clover=build/coverage/clover.xml --log-junit=build/coverage/junit.xml + - name: Store code coverage + uses: actions/upload-artifact@v4 + with: + name: code-coverage + path: build/coverage + + sonarcloud-secrets: + name: SonarCloud check secrets are present + runs-on: ubuntu-latest + outputs: + github: ${{ steps.check-secrets.outputs.github }} + sonar: ${{ steps.check-secrets.outputs.sonar }} + steps: + - name: Check secrets are present + id: check-secrets + run: | + if [ -n "${{ secrets.GITHUB_TOKEN }}" ]; then + echo "github=yes" >> $GITHUB_OUTPUT + else + echo "github=no" >> $GITHUB_OUTPUT + echo "::warning ::GITHUB_TOKEN non set" + fi + if [ -n "${{ secrets.SONAR_TOKEN }}" ]; then + echo "sonar=yes" >> $GITHUB_OUTPUT + else + echo "sonar=no" >> $GITHUB_OUTPUT + echo "::warning ::SONAR_TOKEN non set" + fi + + sonarcloud: + name: SonarCloud Scan and Report + needs: [ "tests-coverage", "sonarcloud-secrets" ] + if: ${{ needs.sonarcloud-secrets.outputs.github == 'yes' && needs.sonarcloud-secrets.outputs.sonar == 'yes' }} + runs-on: "ubuntu-latest" + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Unshallow clone to provide blame information + run: git fetch --unshallow + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.3' + coverage: none + tools: composer:v2 + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + - name: Cache dependencies + uses: actions/cache@v4 + with: + path: ${{ steps.composer-cache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }} + restore-keys: ${{ runner.os }}-composer- + - name: Install project dependencies + run: composer upgrade --no-interaction --no-progress --prefer-dist + - name: Obtain code coverage + uses: actions/download-artifact@v4 + with: + name: code-coverage + path: build/coverage + - name: Prepare SonarCloud Code Coverage Files + run: | + sed 's#'$GITHUB_WORKSPACE'#/github/workspace#g' build/coverage/junit.xml > build/sonar-junit.xml + sed 's#'$GITHUB_WORKSPACE'#/github/workspace#g' build/coverage/clover.xml > build/sonar-coverage.xml + - name: SonarCloud Scan + uses: sonarsource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}