Use reusable SonarCloud workflow (#8589)

* Use reusable SonarCloud workflow

* Simplify Netlify run too

* We don't need dbl quotes

* Remove stale if check

.github/workflows/netlify.yaml

@@ -7,25 +7,19 @@ on:
     types:
       - completed
 jobs:
-  deploy:
+  prdetails:
-    runs-on: ubuntu-latest
+    name: ℹ️ PR Details
     if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
-    steps:
+    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
-      - name: "🔍 Read PR number"
+    with:
-        id: readctx
+      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
-        # We need to find the PR number that corresponds to the branch, which we do by searching the GH API
+      branch: ${{ github.event.workflow_run.head_branch }}
-        # The workflow_run event includes a list of pull requests, but it doesn't get populated for
-        # forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run
-        run: |
-          head_branch='${{github.event.workflow_run.head_repository.owner.login}}:${{github.event.workflow_run.head_branch}}'
-          echo "Head branch: $head_branch"
-          pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
-          pr_number=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri" |
-               jq -r '.[] | .number')
-          echo "PR number: $pr_number"
-          echo "::set-output name=prnumber::$pr_number"
 
-      - name: Create Deployment
+  deploy:
+    needs: prdetails
+    runs-on: ubuntu-latest
+    steps:
+      - name: 📝 Create Deployment
         uses: bobheadxi/deployments@v1
         id: deployment
         with:
@@ -37,34 +31,17 @@ jobs:
             Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
             Exercise caution. Use test accounts.
 
-      # There's a 'download artifact' action, but it hasn't been updated for the
+      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
-      # workflow_run action (https://github.com/actions/download-artifact/issues/60)
+      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
-      # so instead we get this mess:
+      - name: 📥 Download artifact
-      - name: 'Download artifact'
+        uses: dawidd6/action-download-artifact@v2
-        uses: actions/github-script@v3.1.0
         with:
-          script: |
+          workflow: element-build-and-test.yaml
-            const artifacts = await github.actions.listWorkflowRunArtifacts({
+          run_id: ${{ github.event.workflow_run.id }}
-                owner: context.repo.owner,
+          name: previewbuild
-                repo: context.repo.repo,
+          path: webapp
-                run_id: ${{ github.event.workflow_run.id }},
-            });
-            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-                return artifact.name == "previewbuild"
-            })[0];
-            const download = await github.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: matchArtifact.id,
-                archive_format: 'zip',
-            });
-            const fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/previewbuild.zip', Buffer.from(download.data));
 
-      - name: Extract Artifacts
+      - name: ☁️ Deploy to Netlify
-        run: unzip -d webapp previewbuild.zip && rm previewbuild.zip
-
-      - name: Deploy to Netlify
         id: netlify
         uses: nwtgck/actions-netlify@v1.2
         with:
@@ -73,13 +50,13 @@ jobs:
           # These don't work because we're in workflow_run
           enable-pull-request-comment: false
           enable-commit-comment: false
-          alias: pr${{ steps.readctx.outputs.prnumber }}
+          alias: pr${{ needs.prbuild.outputs.pr_id }}
         env:
           NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
           NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
         timeout-minutes: 1
 
-      - name: Update deployment status
+      - name: 🚦 Update deployment status
         uses: bobheadxi/deployments@v1
         if: always()
         with:

.github/workflows/sonarqube.yml

@@ -4,44 +4,34 @@ on:
     workflows: [ "Tests" ]
     types:
       - completed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
+  prdetails:
+    name: ℹ️ PR Details
+    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
+    with:
+      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
+      branch: ${{ github.event.workflow_run.head_branch }}
+
   sonarqube:
-    name: SonarQube
+    name: 🩻 SonarQube
-    runs-on: ubuntu-latest
+    needs: prdetails
-    if: github.event.workflow_run.conclusion == 'success'
+    # Only wait for prdetails if it isn't skipped
-    steps:
+    if: |
-      - uses: actions/checkout@v2
+      always() &&
-        with:
+      (needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') &&
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      github.event.workflow_run.conclusion == 'success'
-
+    uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
-      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
+    with:
-      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
+      repo: ${{ github.event.workflow_run.head_repository.full_name }}
-      - name: Download Coverage Report
+      pr_id: ${{ needs.prdetails.outputs.pr_id }}
-        uses: actions/github-script@v3.1.0
+      head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }}
-        with:
+      base_branch: ${{ needs.prdetails.outputs.base_branch }}
-          script: |
+      revision: ${{ github.event.workflow_run.head_sha }}
-            const artifacts = await github.actions.listWorkflowRunArtifacts({
+      coverage_workflow_name: tests.yml
-                owner: context.repo.owner,
+      coverage_run_id: ${{ github.event.workflow_run.id }}
-                repo: context.repo.repo,
+    secrets:
-                run_id: ${{ github.event.workflow_run.id }},
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-            });
-            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-                return artifact.name == "coverage"
-            })[0];
-            const download = await github.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: matchArtifact.id,
-                archive_format: 'zip',
-            });
-            const fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
-
-      - name: Extract Coverage Report
-        run: unzip -d coverage coverage.zip && rm coverage.zip
-
-      - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}