Browse Source

add ok-to-sonar command

Lucas Severo Alves 4 years ago
parent
commit
3cf1044737
2 changed files with 147 additions and 0 deletions
  1. 34 0
      .github/workflows/ok-to-sonar.yml
  2. 113 0
      .github/workflows/sonar.yml

+ 34 - 0
.github/workflows/ok-to-sonar.yml

@@ -0,0 +1,34 @@
+# If someone with write access comments "/ok-to-sonar" on a pull request, emit a repository_dispatch event
+name: Ok To Sonar
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  ok-to-sonar:
+    runs-on: ubuntu-latest
+    # Only run for PRs, not issue comments
+    if: ${{ github.event.issue.pull_request }}
+    steps:
+    # Generate a GitHub App installation access token from an App ID and private key
+    # To create a new GitHub App:
+    #   https://developer.github.com/apps/building-github-apps/creating-a-github-app/
+    # See app.yml for an example app manifest
+    - name: Generate token
+      id: generate_token
+      uses: tibdex/github-app-token@v1
+      with:
+        app_id: ${{ secrets.APP_ID }}
+        private_key: ${{ secrets.PRIVATE_KEY }}
+
+    - name: Slash Command Dispatch
+      uses: peter-evans/slash-command-dispatch@v2.3.0
+      env:
+        TOKEN: ${{ steps.generate_token.outputs.token }}
+      with:
+        token: ${{ env.TOKEN }} # GitHub App installation access token
+        reaction-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-type: pull-request
+        commands: ok-to-sonar
+        permission: maintain

+ 113 - 0
.github/workflows/sonar.yml

@@ -0,0 +1,113 @@
+# Run secret-dependent sonar tests only after /ok-to-sonar approval
+on:
+  pull_request:
+  repository_dispatch:
+    types: [ok-to-sonar-command]
+
+env:
+  # Common versions
+  GO_VERSION: '1.16'
+  GOLANGCI_VERSION: 'v1.33'
+  DOCKER_BUILDX_VERSION: 'v0.4.2'
+
+  GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+
+name: sonar
+
+jobs:
+  sonar-fork:
+    runs-on: ubuntu-latest
+    if:
+      github.event_name == 'repository_dispatch'
+    steps:
+    - name: Fork based /ok-to-sonar checkout
+      uses: actions/checkout@v2
+      with:
+        ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
+
+    - name: Fetch History
+      run: git fetch --prune --unshallow
+
+    - name: Setup Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ env.GO_VERSION }}
+
+    - name: Find the Go Cache
+      id: go
+      run: |
+        echo "::set-output name=build-cache::$(go env GOCACHE)"
+        echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
+
+    - name: Cache the Go Build Cache
+      uses: actions/cache@v2.1.6
+      with:
+        path: ${{ steps.go.outputs.build-cache }}
+        key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
+        restore-keys: ${{ runner.os }}-build-unit-tests-
+
+    - name: Cache Go Dependencies
+      uses: actions/cache@v2.1.6
+      with:
+        path: ${{ steps.go.outputs.mod-cache }}
+        key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
+        restore-keys: ${{ runner.os }}-pkg-
+
+    - name: Add envtest binaries
+      run:  |
+        curl -sSLo envtest-bins.tar.gz "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-${{env.KUBEBUILDER_TOOLS_VERSION}}-linux-amd64.tar.gz"
+        sudo mkdir -p /usr/local/kubebuilder
+        sudo tar -C /usr/local/kubebuilder --strip-components=1 -zvxf envtest-bins.tar.gz
+
+    - name: Cache envtest binaries
+      uses: actions/cache@v2.1.6
+      with:
+        path: /usr/local/kubebuilder
+        key: ${{ runner.os }}-kubebuilder-${{env.KUBEBUILDER_TOOLS_VERSION}}
+        restore-keys: ${{ runner.os }}-kubebuilder-
+
+    - name: Run Unit Tests
+      run: |
+        export KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT=true
+        make test
+
+    - name: SonarCloud Scans
+      if: env.SONAR_TOKEN != ''
+      uses: SonarSource/sonarcloud-github-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+    # Update check run called "integration-fork"
+    - uses: actions/github-script@v5
+      id: update-check-run
+      if: ${{ always() }}
+      env:
+        number: ${{ github.event.client_payload.pull_request.number }}
+        job: ${{ github.job }}
+        # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
+        conclusion: ${{ job.status }}
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const { data: pull } = await github.pulls.get({
+            ...context.repo,
+            pull_number: process.env.number
+          });
+          const ref = pull.head.sha;
+
+          const { data: checks } = await github.checks.listForRef({
+            ...context.repo,
+            ref
+          });
+
+          const check = checks.check_runs.filter(c => c.name === process.env.job);
+
+          const { data: result } = await github.checks.update({
+            ...context.repo,
+            check_run_id: check[0].id,
+            status: 'completed',
+            conclusion: process.env.conclusion
+          });
+
+          return result;