Use reusable SonarCloud workflow (#8589)

* Use reusable SonarCloud workflow * Simplify Netlify run too * We don't need dbl quotes * Remove stale if check
2022-05-13 23:25:50 +01:00 · 2022-05-13 23:25:50 +01:00 · e6ec01fe86
parent caf2827f93
commit e6ec01fe86
2 changed files with 51 additions and 84 deletions
--- a/.github/workflows/netlify.yaml
+++ b/.github/workflows/netlify.yaml
@ -7,25 +7,19 @@ on:
    types:
      - completed
 jobs:
-  deploy:
-    runs-on: ubuntu-latest
+  prdetails:
+    name: ℹ️ PR Details
    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
-    steps:
-      - name: "🔍 Read PR number"
-        id: readctx
-        # We need to find the PR number that corresponds to the branch, which we do by searching the GH API
-        # The workflow_run event includes a list of pull requests, but it doesn't get populated for
-        # forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run
-        run: |
-          head_branch='${{github.event.workflow_run.head_repository.owner.login}}:${{github.event.workflow_run.head_branch}}'
-          echo "Head branch: $head_branch"
-          pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
-          pr_number=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri" |
-               jq -r '.[] | .number')
-          echo "PR number: $pr_number"
-          echo "::set-output name=prnumber::$pr_number"
+    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
+    with:
+      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
+      branch: ${{ github.event.workflow_run.head_branch }}

-      - name: Create Deployment
+  deploy:
+    needs: prdetails
+    runs-on: ubuntu-latest
+    steps:
+      - name: 📝 Create Deployment
        uses: bobheadxi/deployments@v1
        id: deployment
        with:
@ -37,34 +31,17 @@ jobs:
            Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
            Exercise caution. Use test accounts.

-      # There's a 'download artifact' action, but it hasn't been updated for the
-      # workflow_run action (https://github.com/actions/download-artifact/issues/60)
-      # so instead we get this mess:
-      - name: 'Download artifact'
-        uses: actions/github-script@v3.1.0
+      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
+      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
+      - name: 📥 Download artifact
+        uses: dawidd6/action-download-artifact@v2
        with:
-          script: |
-            const artifacts = await github.actions.listWorkflowRunArtifacts({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                run_id: ${{ github.event.workflow_run.id }},
-            });
-            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-                return artifact.name == "previewbuild"
-            })[0];
-            const download = await github.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: matchArtifact.id,
-                archive_format: 'zip',
-            });
-            const fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/previewbuild.zip', Buffer.from(download.data));
+          workflow: element-build-and-test.yaml
+          run_id: ${{ github.event.workflow_run.id }}
+          name: previewbuild
+          path: webapp

-      - name: Extract Artifacts
-        run: unzip -d webapp previewbuild.zip && rm previewbuild.zip
-
-      - name: Deploy to Netlify
+      - name: ☁️ Deploy to Netlify
        id: netlify
        uses: nwtgck/actions-netlify@v1.2
        with:
@ -73,13 +50,13 @@ jobs:
          # These don't work because we're in workflow_run
          enable-pull-request-comment: false
          enable-commit-comment: false
-          alias: pr${{ steps.readctx.outputs.prnumber }}
+          alias: pr${{ needs.prbuild.outputs.pr_id }}
        env:
          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
        timeout-minutes: 1

-      - name: Update deployment status
+      - name: 🚦 Update deployment status
        uses: bobheadxi/deployments@v1
        if: always()
        with:
--- a/.github/workflows/sonarqube.yml
+++ b/.github/workflows/sonarqube.yml
@ -4,44 +4,34 @@ on:
    workflows: [ "Tests" ]
    types:
      - completed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
+  prdetails:
+    name: ℹ️ PR Details
+    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
+    with:
+      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
+      branch: ${{ github.event.workflow_run.head_branch }}
+
  sonarqube:
-    name: SonarQube
-    runs-on: ubuntu-latest
-    if: github.event.workflow_run.conclusion == 'success'
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-
-      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
-      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
-      - name: Download Coverage Report
-        uses: actions/github-script@v3.1.0
-        with:
-          script: |
-            const artifacts = await github.actions.listWorkflowRunArtifacts({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                run_id: ${{ github.event.workflow_run.id }},
-            });
-            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-                return artifact.name == "coverage"
-            })[0];
-            const download = await github.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: matchArtifact.id,
-                archive_format: 'zip',
-            });
-            const fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
-
-      - name: Extract Coverage Report
-        run: unzip -d coverage coverage.zip && rm coverage.zip
-
-      - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    name: 🩻 SonarQube
+    needs: prdetails
+    # Only wait for prdetails if it isn't skipped
+    if: |
+      always() &&
+      (needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') &&
+      github.event.workflow_run.conclusion == 'success'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
+    with:
+      repo: ${{ github.event.workflow_run.head_repository.full_name }}
+      pr_id: ${{ needs.prdetails.outputs.pr_id }}
+      head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }}
+      base_branch: ${{ needs.prdetails.outputs.base_branch }}
+      revision: ${{ github.event.workflow_run.head_sha }}
+      coverage_workflow_name: tests.yml
+      coverage_run_id: ${{ github.event.workflow_run.id }}
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}