Feature #289 main_v2.1 sonarqube_gha

.github/jobs/configure_sonarqube.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Constants
+SONAR_PROPERTIES_DIR=internal/scripts/sonarqube
+SONAR_PROPERTIES=sonar-project.properties
+
+# Check that this is being run from the top-level METdataio directory
+if [ ! -e $SONAR_PROPERTIES_DIR/$SONAR_PROPERTIES ]; then
+  echo "ERROR: ${0} -> must be run from the top-level METdataio directory"
+  exit 1
+fi
+
+# Check required environment variables
+if [ -z ${SOURCE_BRANCH+x} ]; then
+  echo "ERROR: ${0} -> \$SOURCE_BRANCH not defined!"
+  exit 1
+fi
+if [ -z ${WD_REFERENCE_BRANCH+x} ]; then
+  echo "ERROR: ${0} -> \$WD_REFERENCE_BRANCH not defined!"
+  exit 1
+fi
+if [ -z ${SONAR_HOST_URL+x} ]; then
+  echo "ERROR: ${0} -> \$SONAR_HOST_URL not defined!"
+  exit 1
+fi
+if [ -z ${SONAR_TOKEN+x} ]; then
+  echo "ERROR: ${0} -> \$SONAR_TOKEN not defined!"
+  exit 1
+fi
+
+# Define the version string
+SONAR_PROJECT_VERSION=$(cat docs/version | cut -d'=' -f2 | tr -d '" ')
+
+#
+# Define the $SONAR_REFERENCE_BRANCH as the
+#   - Target of any requests
+#   - Manual setting for workflow dispatch
+#   - Source branch for any pushes (e.g. develop)
+#
+if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
+  export SONAR_REFERENCE_BRANCH=$GITHUB_BASE_REF
+elif [ "$GITHUB_EVENT_NAME" == "workflow_dispatch" ]; then
+  export SONAR_REFERENCE_BRANCH=$WD_REFERENCE_BRANCH
+else
+  export SONAR_REFERENCE_BRANCH=$SOURCE_BRANCH
+fi
+
+# Configure the sonar-project.properties
+[ -e $SONAR_PROPERTIES ] && rm $SONAR_PROPERTIES
+sed -e "s|SONAR_PROJECT_KEY|METdataio-GHA|" \
+    -e "s|SONAR_PROJECT_NAME|METdataio GHA|" \
+    -e "s|SONAR_PROJECT_VERSION|$SONAR_PROJECT_VERSION|" \
+    -e "s|SONAR_HOST_URL|$SONAR_HOST_URL|" \
+    -e "s|SONAR_TOKEN|$SONAR_TOKEN|" \
+    -e "s|SONAR_BRANCH_NAME|$SOURCE_BRANCH|" \
+    $SONAR_PROPERTIES_DIR/$SONAR_PROPERTIES > $SONAR_PROPERTIES
+
+# Define new code when the source and reference branches differ
+if [ "$SOURCE_BRANCH" != "$SONAR_REFERENCE_BRANCH" ]; then
+  echo "sonar.newCode.referenceBranch=${SONAR_REFERENCE_BRANCH}" >> $SONAR_PROPERTIES
+fi
+
+echo "Contents of the $SONAR_PROPERTIES file:"
+cat $SONAR_PROPERTIES
+

.github/pull_request_template.md

@@ -11,6 +11,9 @@
 - [ ] Will this PR result in changes to the test suite? **[Yes or No]**</br>
 If **yes**, describe the new output and/or changes to the existing output:</br>
 
+- [ ] Do these changes introduce new SonarQube findings? **[Yes or No]**</br>
+If **yes**, please describe:
+
 - [ ] Please complete this pull request review by **[Fill in date]**.</br>
 
 ## Pull Request Checklist ##

.github/workflows/sonarqube.yml

@@ -0,0 +1,76 @@
+name: SonarQube Scan
+
+# Run SonarQube for Pull Requests and changes to the develop and main_vX.Y branches
+
+on:
+
+  # Trigger analysis for pushes to develop and main_vX.Y branches
+  push:
+    branches:
+      - develop
+      - 'main_v**'
+    paths-ignore:
+      - 'docs/**'
+      - '.github/pull_request_template.md'
+      - '.github/ISSUE_TEMPLATE/**'
+      - '**/README.md'
+      - '**/LICENSE.md'
+
+  # Trigger analysis for pull requests to develop and main_vX.Y branches
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - develop
+      - 'main_v**'
+    paths-ignore:
+      - 'docs/**'
+      - '.github/pull_request_template.md'
+      - '.github/ISSUE_TEMPLATE/**'
+      - '**/README.md'
+      - '**/LICENSE.md'
+
+  workflow_dispatch:
+    inputs:
+      reference_branch:
+        description: 'Reference Branch'
+        default: develop
+        type: string
+
+jobs:
+  sonarqube:
+    name: SonarQube Scan
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - uses: actions/checkout@v4
+      with:
+        # Disable shallow clones for better analysis
+        fetch-depth: 0
+
+    - name: Get branch name
+      id: get_branch_name
+      run: echo branch_name=${GITHUB_REF#refs/heads/} >> $GITHUB_OUTPUT
+
+    - name: Configure SonarQube
+      run: .github/jobs/configure_sonarqube.sh
+      env:
+        SOURCE_BRANCH: ${{ steps.get_branch_name.outputs.branch_name }}
+        WD_REFERENCE_BRANCH: ${{ github.event.inputs.reference_branch }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+    - name: SonarQube Scan
+      uses: sonarsource/sonarqube-scan-action@master
+      env:
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+    - name: SonarQube Quality Gate check
+      id: sonarqube-quality-gate-check
+      uses: sonarsource/sonarqube-quality-gate-action@master
+      # Force to fail step after specific time.
+      timeout-minutes: 5
+      env:
+       SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

internal/scripts/sonarqube/run_sonarqube.sh

@@ -1,20 +1,20 @@
 #!/bin/bash
 #
-# Run SonarQube Source Code Analyzer on a specified revision of MET
+# Run SonarQube Source Code Analyzer for METdataio
 #=======================================================================
 #
 # This run_sonarqube.sh script will check out the specified version
-# of MET and run the SonarQube Source Code Analyzer on it.  First,
+# of METdataio and run the SonarQube Source Code Analyzer on it.  First,
 # go to the directory where you would like the SCA output written and
 # then run:
 #
 #    git clone https://github.com/dtcenter/METdataio
 #    METdataio/sonarqube/run_sonarqube.sh name
 #
 # Usage: run_sonarqube.sh name
-#    Test the specified branched version of MET:
+#    Test the specified branched version of METdataio:
 #       run_sonarqube.sh {branch name}
-#    Test the specified tagged version of MET:
+#    Test the specified tagged version of METdataio:
 #       run_sonarqube.sh {tag name}
 #
 #=======================================================================
@@ -33,6 +33,16 @@ function usage {
 # Check for arguments
 if [[ $# -lt 1 ]]; then usage; exit; fi
 
+# Check that SONAR_TOKEN and SONAR_HOST_URL are defined
+if [ -z ${SONAR_TOKEN} ]; then
+  echo "ERROR: SONAR_TOKEN must be set"
+  exit 1
+fi
+if [ -z ${SONAR_HOST_URL} ]; then
+  echo "ERROR: SONAR_HOST_URL must be set"
+  exit 1
+fi
+
 # Check that SONARQUBE_WRAPPER_BIN is defined
 if [ -z ${SONARQUBE_WRAPPER_BIN} ]; then
   which build-wrapper-linux-x86-64 2> /dev/null
@@ -87,7 +97,6 @@ function run_command() {
   return ${STATUS}
 }
 
-
 # Store the full path to the scripts directory
 SCRIPT_DIR=`dirname $0`
 if [[ ${0:0:1} != "/" ]]; then SCRIPT_DIR=$(pwd)/${SCRIPT_DIR}; fi 
@@ -102,14 +111,21 @@ run_command "git clone ${GIT_REPO} ${REPO_DIR}"
 run_command "cd ${REPO_DIR}"
 run_command "git checkout ${1}"
 
+# Define the version string
+SONAR_PROJECT_VERSION=$(cat docs/version | cut -d'=' -f2 | tr -d '" ')
+
 SONAR_PROPERTIES=sonar-project.properties
 
-# Copy sonar-project.properties for Python code
+# Configure the sonar-project.properties
 [ -e $SONAR_PROPERTIES ] && rm $SONAR_PROPERTIES
-cp -p $SCRIPT_DIR/sonar-project.properties $SONAR_PROPERTIES
+sed -e "s|SONAR_PROJECT_KEY|METdataio_NB|" \
+    -e "s|SONAR_PROJECT_NAME|METdataio Nightly Build|" \
+    -e "s|SONAR_PROJECT_VERSION|$SONAR_PROJECT_VERSION|" \
+    -e "s|SONAR_HOST_URL|$SONAR_HOST_URL|" \
+    -e "s|SONAR_TOKEN|$SONAR_TOKEN|" \
+    -e "s|SONAR_BRANCH_NAME|${1}|" \
+    $SCRIPT_DIR/$SONAR_PROPERTIES > $SONAR_PROPERTIES
 
 # Run SonarQube scan for Python code
 run_command "${SONARQUBE_SCANNER_BIN}/sonar-scanner"
 
-# Run SonarQube report generator to make a PDF file
-#TODAY=`date +%Y%m%d`

internal/scripts/sonarqube/sonar-project.properties

@@ -1,17 +1,16 @@
-sonar.projectKey=org.sonarqube:METdataio_NB
-sonar.projectName=METdataio Nightly Build
-sonar.projectVersion=1.0
+sonar.projectKey=SONAR_PROJECT_KEY
+sonar.projectName=SONAR_PROJECT_NAME
+sonar.projectVersion=SONAR_PROJECT_VERSION
 
-sonar.sources=METdbLoad,METreadnc
+sonar.sources=METdbLoad,METreadnc,METreformat
 
 # The build-wrapper output dir
 
 # Encoding of the source files
 sonar.sourceEncoding=UTF-8
 
 #----- Default SonarQube server
-#sonar.host.url=http://localhost:9000
-sonar.host.url=http://mandan:9000
+sonar.host.url=SONAR_HOST_URL
 
-sonar.login=met
-sonar.[email protected]
+sonar.token=SONAR_TOKEN
+sonar.branch.name=SONAR_BRANCH_NAME