From e6ec01fe86dd6b5d44d6549d89c66fdb83371013 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Fri, 13 May 2022 23:25:50 +0100 Subject: [PATCH] Use reusable SonarCloud workflow (#8589) * Use reusable SonarCloud workflow * Simplify Netlify run too * We don't need dbl quotes * Remove stale if check --- .github/workflows/netlify.yaml | 67 +++++++++++--------------------- .github/workflows/sonarqube.yml | 68 ++++++++++++++------------------- 2 files changed, 51 insertions(+), 84 deletions(-) diff --git a/.github/workflows/netlify.yaml b/.github/workflows/netlify.yaml index bada40e077..c377daa9e6 100644 --- a/.github/workflows/netlify.yaml +++ b/.github/workflows/netlify.yaml @@ -7,25 +7,19 @@ on: types: - completed jobs: - deploy: - runs-on: ubuntu-latest + prdetails: + name: ℹī¸ PR Details if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' - steps: - - name: "🔍 Read PR number" - id: readctx - # We need to find the PR number that corresponds to the branch, which we do by searching the GH API - # The workflow_run event includes a list of pull requests, but it doesn't get populated for - # forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run - run: | - head_branch='${{github.event.workflow_run.head_repository.owner.login}}:${{github.event.workflow_run.head_branch}}' - echo "Head branch: $head_branch" - pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)" - pr_number=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri" | - jq -r '.[] | .number') - echo "PR number: $pr_number" - echo "::set-output name=prnumber::$pr_number" + uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop + with: + owner: ${{ github.event.workflow_run.head_repository.owner.login }} + branch: ${{ github.event.workflow_run.head_branch }} - - name: Create Deployment + deploy: + needs: prdetails + runs-on: ubuntu-latest + steps: + - name: 📝 Create Deployment uses: bobheadxi/deployments@v1 id: deployment with: @@ -37,34 +31,17 @@ jobs: Do you trust the author of this PR? Maybe this build will steal your keys or give you malware. Exercise caution. Use test accounts. - # There's a 'download artifact' action, but it hasn't been updated for the - # workflow_run action (https://github.com/actions/download-artifact/issues/60) - # so instead we get this mess: - - name: 'Download artifact' - uses: actions/github-script@v3.1.0 + # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action + # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess: + - name: đŸ“Ĩ Download artifact + uses: dawidd6/action-download-artifact@v2 with: - script: | - const artifacts = await github.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{ github.event.workflow_run.id }}, - }); - const matchArtifact = artifacts.data.artifacts.filter((artifact) => { - return artifact.name == "previewbuild" - })[0]; - const download = await github.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - const fs = require('fs'); - fs.writeFileSync('${{github.workspace}}/previewbuild.zip', Buffer.from(download.data)); + workflow: element-build-and-test.yaml + run_id: ${{ github.event.workflow_run.id }} + name: previewbuild + path: webapp - - name: Extract Artifacts - run: unzip -d webapp previewbuild.zip && rm previewbuild.zip - - - name: Deploy to Netlify + - name: ☁ī¸ Deploy to Netlify id: netlify uses: nwtgck/actions-netlify@v1.2 with: @@ -73,13 +50,13 @@ jobs: # These don't work because we're in workflow_run enable-pull-request-comment: false enable-commit-comment: false - alias: pr${{ steps.readctx.outputs.prnumber }} + alias: pr${{ needs.prbuild.outputs.pr_id }} env: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} timeout-minutes: 1 - - name: Update deployment status + - name: đŸšĻ Update deployment status uses: bobheadxi/deployments@v1 if: always() with: diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml index 7029be97f3..95b06bab6b 100644 --- a/.github/workflows/sonarqube.yml +++ b/.github/workflows/sonarqube.yml @@ -4,44 +4,34 @@ on: workflows: [ "Tests" ] types: - completed +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: + prdetails: + name: ℹī¸ PR Details + if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request' + uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop + with: + owner: ${{ github.event.workflow_run.head_repository.owner.login }} + branch: ${{ github.event.workflow_run.head_branch }} + sonarqube: - name: SonarQube - runs-on: ubuntu-latest - if: github.event.workflow_run.conclusion == 'success' - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action - # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess: - - name: Download Coverage Report - uses: actions/github-script@v3.1.0 - with: - script: | - const artifacts = await github.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{ github.event.workflow_run.id }}, - }); - const matchArtifact = artifacts.data.artifacts.filter((artifact) => { - return artifact.name == "coverage" - })[0]; - const download = await github.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - const fs = require('fs'); - fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data)); - - - name: Extract Coverage Report - run: unzip -d coverage coverage.zip && rm coverage.zip - - - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + name: đŸŠģ SonarQube + needs: prdetails + # Only wait for prdetails if it isn't skipped + if: | + always() && + (needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') && + github.event.workflow_run.conclusion == 'success' + uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop + with: + repo: ${{ github.event.workflow_run.head_repository.full_name }} + pr_id: ${{ needs.prdetails.outputs.pr_id }} + head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }} + base_branch: ${{ needs.prdetails.outputs.base_branch }} + revision: ${{ github.event.workflow_run.head_sha }} + coverage_workflow_name: tests.yml + coverage_run_id: ${{ github.event.workflow_run.id }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}