Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature #366 develop sonarqube_gha #367

Merged
merged 6 commits into from
Apr 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions .github/jobs/configure_sonarqube.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#!/bin/bash

# Constants
SONAR_PROPERTIES_DIR=internal/scripts/sonarqube
SONAR_PROPERTIES=sonar-project.properties

# Check that this is being run from the top-level METcalcpy directory
if [ ! -e $SONAR_PROPERTIES_DIR/$SONAR_PROPERTIES ]; then
echo "ERROR: ${0} -> must be run from the top-level METcalcpy directory"
exit 1
fi

# Check required environment variables
if [ -z ${SOURCE_BRANCH+x} ]; then
echo "ERROR: ${0} -> \$SOURCE_BRANCH not defined!"
exit 1
fi
if [ -z ${WD_REFERENCE_BRANCH+x} ]; then
echo "ERROR: ${0} -> \$WD_REFERENCE_BRANCH not defined!"
exit 1
fi
if [ -z ${SONAR_HOST_URL+x} ]; then
echo "ERROR: ${0} -> \$SONAR_HOST_URL not defined!"
exit 1
fi
if [ -z ${SONAR_TOKEN+x} ]; then
echo "ERROR: ${0} -> \$SONAR_TOKEN not defined!"
exit 1
fi

# Define the version string
SONAR_PROJECT_VERSION=$(cat docs/version | cut -d'=' -f2 | tr -d '" ')

#
# Define the $SONAR_REFERENCE_BRANCH as the
# - Target of any requests
# - Manual setting for workflow dispatch
# - Source branch for any pushes (e.g. develop)
#
if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
export SONAR_REFERENCE_BRANCH=$GITHUB_BASE_REF
elif [ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]; then
export SONAR_REFERENCE_BRANCH=$WD_REFERENCE_BRANCH
else
export SONAR_REFERENCE_BRANCH=$SOURCE_BRANCH
fi

# Configure the sonar-project.properties
[ -e $SONAR_PROPERTIES ] && rm $SONAR_PROPERTIES
sed -e "s|SONAR_PROJECT_KEY|METcalcpy-GHA|" \
-e "s|SONAR_PROJECT_NAME|METcalcpy GHA|" \
-e "s|SONAR_PROJECT_VERSION|$SONAR_PROJECT_VERSION|" \
-e "s|SONAR_HOST_URL|$SONAR_HOST_URL|" \
-e "s|SONAR_TOKEN|$SONAR_TOKEN|" \
-e "s|SONAR_BRANCH_NAME|$SOURCE_BRANCH|" \
$SONAR_PROPERTIES_DIR/$SONAR_PROPERTIES > $SONAR_PROPERTIES

# Define new code when the source and reference branches differ
if [ "$SOURCE_BRANCH" != "$SONAR_REFERENCE_BRANCH" ]; then
echo "sonar.newCode.referenceBranch=${SONAR_REFERENCE_BRANCH}" >> $SONAR_PROPERTIES
fi

echo "Contents of the $SONAR_PROPERTIES file:"
cat $SONAR_PROPERTIES

3 changes: 3 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@
- [ ] Will this PR result in changes to the test suite? **[Yes or No]**</br>
If **yes**, describe the new output and/or changes to the existing output:</br>

- [ ] Do these changes introduce new SonarQube findings? **[Yes or No]**</br>
If **yes**, please describe:

- [ ] Please complete this pull request review by **[Fill in date]**.</br>

## Pull Request Checklist ##
Expand Down
76 changes: 76 additions & 0 deletions .github/workflows/sonarqube.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
name: SonarQube Scan

# Run SonarQube for Pull Requests and changes to the develop and main_vX.Y branches

on:

# Trigger analysis for pushes to develop and main_vX.Y branches
push:
branches:
- develop
- 'main_v**'
paths-ignore:
- 'docs/**'
- '.github/pull_request_template.md'
- '.github/ISSUE_TEMPLATE/**'
- '**/README.md'
- '**/LICENSE.md'

# Trigger analysis for pull requests to develop and main_vX.Y branches
pull_request:
types: [opened, synchronize, reopened]
branches:
- develop
- 'main_v**'
paths-ignore:
- 'docs/**'
- '.github/pull_request_template.md'
- '.github/ISSUE_TEMPLATE/**'
- '**/README.md'
- '**/LICENSE.md'

workflow_dispatch:
inputs:
reference_branch:
description: 'Reference Branch'
default: develop
type: string

jobs:
sonarqube:
name: SonarQube Scan
runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v4
with:
# Disable shallow clones for better analysis
fetch-depth: 0

- name: Get branch name
id: get_branch_name
run: echo branch_name=${GITHUB_REF#refs/heads/} >> $GITHUB_OUTPUT

- name: Configure SonarQube
run: .github/jobs/configure_sonarqube.sh
env:
SOURCE_BRANCH: ${{ steps.get_branch_name.outputs.branch_name }}
WD_REFERENCE_BRANCH: ${{ github.event.inputs.reference_branch }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

- name: SonarQube Quality Gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@master
# Force to fail step after specific time.
timeout-minutes: 5
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
13 changes: 0 additions & 13 deletions internal/scripts/scripts/installation/modulefiles/2.1.0_hera

This file was deleted.

9 changes: 2 additions & 7 deletions internal/scripts/sonarqube/run_nightly.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,15 @@
# METcalcpy/sonarqube/run_nightly.sh name
#
# Usage: run_nightly.sh name
# where "name" speci1fies a branch, tag, or hash
# where "name" specifies a branch, tag, or hash
#
# For example, scan the develop branch:
# run_nightly.sh develop
#
#=======================================================================

# Constants
EMAIL_LIST="[email protected] [email protected] [email protected] [email protected]"
TEST_EMAIL_LIST="[email protected]"
EMAIL_LIST="[email protected] [email protected] [email protected] [email protected]"
KEEP_DAYS=5
GIT_REPO_NAME=METcalcpy

Expand All @@ -35,7 +34,6 @@ function usage {
# Check for arguments
if [ $# -lt 1 ]; then usage; exit 1; fi


# Store the full path to the scripts directory
SCRIPT_DIR=`dirname $0`
if [[ ${0:0:1} != "/" ]]; then SCRIPT_DIR=$(pwd)/${SCRIPT_DIR}; fi
Expand Down Expand Up @@ -68,12 +66,9 @@ LOGFILE=${RUN_DIR}/run_sonarqube_${TODAY}.log
# Run scan and check for bad return status
${SCRIPT_DIR}/run_sonarqube.sh ${1} >& ${LOGFILE}
if [[ $? -ne 0 ]]; then
[ ! -z $2 ] && EMAIL_LIST=$TEST_EMAIL_LIST
echo "$0: The nightly SonarQube scanning for $GIT_REPO_NAME FAILED in `basename ${RUN_DIR}`." >> ${LOGFILE}
cat ${LOGFILE} | mail -s "$GIT_REPO_NAME SonarQube scanning failed for ${1} in `basename ${RUN_DIR}` (autogen msg)" ${EMAIL_LIST}
exit 1
fi

# Convert SonarQube report from pdf to html

exit 0
42 changes: 29 additions & 13 deletions internal/scripts/sonarqube/run_sonarqube.sh
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
#!/bin/bash
#
# Run SonarQube Source Code Analyzer on a specified revision of MET
# Run SonarQube Source Code Analyzer for METcalcpy
#=======================================================================
#
# This run_sonarqube.sh script will check out the specified version
# of MET and run the SonarQube Source Code Analyzer on it. First,
# of METcalcpy and run the SonarQube Source Code Analyzer on it. First,
# go to the directory where you would like the SCA output written and
# then run:
#
# git clone https://github.com/dtcenter/METcalcpy
# METcalcpy/sonarqube/run_sonarqube.sh name
#
# Usage: run_sonarqube.sh name
# Test the specified branched version of MET:
# Test the specified branched version of METcalcpy:
# run_sonarqube.sh {branch name}
# Test the specified tagged version of MET:
# Test the specified tagged version of METcalcpy:
# run_sonarqube.sh {tag name}
#
#=======================================================================
Expand All @@ -24,15 +24,25 @@ GIT_REPO_NAME=METcalcpy
GIT_REPO="https://github.com/dtcenter/${GIT_REPO_NAME}"

function usage {
echo
echo "USAGE: $(basename $0) name"
echo " where \"name\" specifies a branch, tag, or hash."
echo
echo
echo "USAGE: $(basename $0) name"
echo " where \"name\" specifies a branch, tag, or hash."
echo
}

# Check for arguments
if [[ $# -lt 1 ]]; then usage; exit; fi

# Check that SONAR_TOKEN and SONAR_HOST_URL are defined
if [ -z ${SONAR_TOKEN} ]; then
echo "ERROR: SONAR_TOKEN must be set"
exit 1
fi
if [ -z ${SONAR_HOST_URL} ]; then
echo "ERROR: SONAR_HOST_URL must be set"
exit 1
fi

# Check that SONARQUBE_WRAPPER_BIN is defined
if [ -z ${SONARQUBE_WRAPPER_BIN} ]; then
which build-wrapper-linux-x86-64 2> /dev/null
Expand Down Expand Up @@ -87,7 +97,6 @@ function run_command() {
return ${STATUS}
}


# Store the full path to the scripts directory
SCRIPT_DIR=`dirname $0`
if [[ ${0:0:1} != "/" ]]; then SCRIPT_DIR=$(pwd)/${SCRIPT_DIR}; fi
Expand All @@ -102,14 +111,21 @@ run_command "git clone ${GIT_REPO} ${REPO_DIR}"
run_command "cd ${REPO_DIR}"
run_command "git checkout ${1}"

# Define the version string
SONAR_PROJECT_VERSION=$(cat docs/version | cut -d'=' -f2 | tr -d '" ')

SONAR_PROPERTIES=sonar-project.properties

# Copy sonar-project.properties for Python code
# Configure the sonar-project.properties
[ -e $SONAR_PROPERTIES ] && rm $SONAR_PROPERTIES
cp -p $SCRIPT_DIR/sonar-project.properties $SONAR_PROPERTIES
sed -e "s|SONAR_PROJECT_KEY|METcalcpy_NB|" \
-e "s|SONAR_PROJECT_NAME|METcalcpy Nightly Build|" \
-e "s|SONAR_PROJECT_VERSION|$SONAR_PROJECT_VERSION|" \
-e "s|SONAR_HOST_URL|$SONAR_HOST_URL|" \
-e "s|SONAR_TOKEN|$SONAR_TOKEN|" \
-e "s|SONAR_BRANCH_NAME|${1}|" \
$SCRIPT_DIR/$SONAR_PROPERTIES > $SONAR_PROPERTIES

# Run SonarQube scan for Python code
run_command "${SONARQUBE_SCANNER_BIN}/sonar-scanner"

# Run SonarQube report generator to make a PDF file
#TODAY=`date +%Y%m%d`
23 changes: 9 additions & 14 deletions internal/scripts/sonarqube/sonar-project.properties
Original file line number Diff line number Diff line change
@@ -1,17 +1,12 @@
sonar.projectKey=org.sonarqube:METcalcpy_NB
sonar.projectName=METcalcpy Nightly Build
sonar.projectVersion=1.0

# Project and source code settings
sonar.projectKey=SONAR_PROJECT_KEY
sonar.projectName=SONAR_PROJECT_NAME
sonar.projectVersion=SONAR_PROJECT_VERSION
sonar.branch.name=SONAR_BRANCH_NAME
sonar.sources=metcalcpy,scratch,test

# The build-wrapper output dir

# Encoding of the source files
sonar.coverage.exclusions=test/**
sonar.sourceEncoding=UTF-8

#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
sonar.host.url=http://mandan:9000

sonar.login=met
[email protected]
# SonarQube server
sonar.host.url=SONAR_HOST_URL
sonar.token=SONAR_TOKEN