Use reusable SonarCloud workflow (#8589)
* Use reusable SonarCloud workflow * Simplify Netlify run too * We don't need dbl quotes * Remove stale if checkpull/28788/head^2
parent
caf2827f93
commit
e6ec01fe86
|
@ -7,25 +7,19 @@ on:
|
|||
types:
|
||||
- completed
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
prdetails:
|
||||
name: ℹ️ PR Details
|
||||
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
|
||||
steps:
|
||||
- name: "🔍 Read PR number"
|
||||
id: readctx
|
||||
# We need to find the PR number that corresponds to the branch, which we do by searching the GH API
|
||||
# The workflow_run event includes a list of pull requests, but it doesn't get populated for
|
||||
# forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run
|
||||
run: |
|
||||
head_branch='${{github.event.workflow_run.head_repository.owner.login}}:${{github.event.workflow_run.head_branch}}'
|
||||
echo "Head branch: $head_branch"
|
||||
pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
|
||||
pr_number=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri" |
|
||||
jq -r '.[] | .number')
|
||||
echo "PR number: $pr_number"
|
||||
echo "::set-output name=prnumber::$pr_number"
|
||||
uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
|
||||
with:
|
||||
owner: ${{ github.event.workflow_run.head_repository.owner.login }}
|
||||
branch: ${{ github.event.workflow_run.head_branch }}
|
||||
|
||||
- name: Create Deployment
|
||||
deploy:
|
||||
needs: prdetails
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 📝 Create Deployment
|
||||
uses: bobheadxi/deployments@v1
|
||||
id: deployment
|
||||
with:
|
||||
|
@ -37,34 +31,17 @@ jobs:
|
|||
Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
|
||||
Exercise caution. Use test accounts.
|
||||
|
||||
# There's a 'download artifact' action, but it hasn't been updated for the
|
||||
# workflow_run action (https://github.com/actions/download-artifact/issues/60)
|
||||
# so instead we get this mess:
|
||||
- name: 'Download artifact'
|
||||
uses: actions/github-script@v3.1.0
|
||||
# There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
|
||||
# (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
|
||||
- name: 📥 Download artifact
|
||||
uses: dawidd6/action-download-artifact@v2
|
||||
with:
|
||||
script: |
|
||||
const artifacts = await github.actions.listWorkflowRunArtifacts({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
run_id: ${{ github.event.workflow_run.id }},
|
||||
});
|
||||
const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
||||
return artifact.name == "previewbuild"
|
||||
})[0];
|
||||
const download = await github.actions.downloadArtifact({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
artifact_id: matchArtifact.id,
|
||||
archive_format: 'zip',
|
||||
});
|
||||
const fs = require('fs');
|
||||
fs.writeFileSync('${{github.workspace}}/previewbuild.zip', Buffer.from(download.data));
|
||||
workflow: element-build-and-test.yaml
|
||||
run_id: ${{ github.event.workflow_run.id }}
|
||||
name: previewbuild
|
||||
path: webapp
|
||||
|
||||
- name: Extract Artifacts
|
||||
run: unzip -d webapp previewbuild.zip && rm previewbuild.zip
|
||||
|
||||
- name: Deploy to Netlify
|
||||
- name: ☁️ Deploy to Netlify
|
||||
id: netlify
|
||||
uses: nwtgck/actions-netlify@v1.2
|
||||
with:
|
||||
|
@ -73,13 +50,13 @@ jobs:
|
|||
# These don't work because we're in workflow_run
|
||||
enable-pull-request-comment: false
|
||||
enable-commit-comment: false
|
||||
alias: pr${{ steps.readctx.outputs.prnumber }}
|
||||
alias: pr${{ needs.prbuild.outputs.pr_id }}
|
||||
env:
|
||||
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
||||
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
|
||||
timeout-minutes: 1
|
||||
|
||||
- name: Update deployment status
|
||||
- name: 🚦 Update deployment status
|
||||
uses: bobheadxi/deployments@v1
|
||||
if: always()
|
||||
with:
|
||||
|
|
|
@ -4,44 +4,34 @@ on:
|
|||
workflows: [ "Tests" ]
|
||||
types:
|
||||
- completed
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
jobs:
|
||||
prdetails:
|
||||
name: ℹ️ PR Details
|
||||
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
|
||||
uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
|
||||
with:
|
||||
owner: ${{ github.event.workflow_run.head_repository.owner.login }}
|
||||
branch: ${{ github.event.workflow_run.head_branch }}
|
||||
|
||||
sonarqube:
|
||||
name: SonarQube
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.workflow_run.conclusion == 'success'
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
# There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
|
||||
# (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
|
||||
- name: Download Coverage Report
|
||||
uses: actions/github-script@v3.1.0
|
||||
with:
|
||||
script: |
|
||||
const artifacts = await github.actions.listWorkflowRunArtifacts({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
run_id: ${{ github.event.workflow_run.id }},
|
||||
});
|
||||
const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
||||
return artifact.name == "coverage"
|
||||
})[0];
|
||||
const download = await github.actions.downloadArtifact({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
artifact_id: matchArtifact.id,
|
||||
archive_format: 'zip',
|
||||
});
|
||||
const fs = require('fs');
|
||||
fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
|
||||
|
||||
- name: Extract Coverage Report
|
||||
run: unzip -d coverage coverage.zip && rm coverage.zip
|
||||
|
||||
- name: SonarCloud Scan
|
||||
uses: SonarSource/sonarcloud-github-action@master
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
name: 🩻 SonarQube
|
||||
needs: prdetails
|
||||
# Only wait for prdetails if it isn't skipped
|
||||
if: |
|
||||
always() &&
|
||||
(needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') &&
|
||||
github.event.workflow_run.conclusion == 'success'
|
||||
uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
|
||||
with:
|
||||
repo: ${{ github.event.workflow_run.head_repository.full_name }}
|
||||
pr_id: ${{ needs.prdetails.outputs.pr_id }}
|
||||
head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }}
|
||||
base_branch: ${{ needs.prdetails.outputs.base_branch }}
|
||||
revision: ${{ github.event.workflow_run.head_sha }}
|
||||
coverage_workflow_name: tests.yml
|
||||
coverage_run_id: ${{ github.event.workflow_run.id }}
|
||||
secrets:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
|
|
Loading…
Reference in New Issue