| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| name: Sonar Quality Pull Request Analysis |
| |
| on: |
| workflow_run: |
| workflows: [SonarBuild] |
| types: [completed] |
| |
| concurrency: |
| group: sonar-pr-${{ github.event.workflow_run.head_repository.full_name }}-${{ github.event.workflow_run.head_branch }} |
| cancel-in-progress: true |
| |
| jobs: |
| sonar: |
| # Temporarily disabled until SonarCloud quality gate is adjusted (INFRA-27808) |
| if: > |
| false && |
| github.event.workflow_run.conclusion == 'success' && |
| github.repository == 'apache/camel' |
| name: Sonar Analysis |
| runs-on: ubuntu-latest |
| permissions: |
| contents: read |
| actions: write |
| checks: write |
| steps: |
| - name: Download pull request metadata |
| uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 |
| with: |
| name: sonar-pr-event |
| run-id: ${{ github.event.workflow_run.id }} |
| github-token: ${{ secrets.GITHUB_TOKEN }} |
| |
| - name: Read pull request metadata |
| shell: bash |
| run: | |
| echo "pr_number=$(sed '1q;d' pr-event.txt)" >> "$GITHUB_ENV" |
| echo "pr_head_ref=$(sed '2q;d' pr-event.txt)" >> "$GITHUB_ENV" |
| echo "pr_base_ref=$(sed '3q;d' pr-event.txt)" >> "$GITHUB_ENV" |
| echo "pr_head_sha=$(sed '4q;d' pr-event.txt)" >> "$GITHUB_ENV" |
| echo "target_artifact_id=$(sed '5q;d' pr-event.txt)" >> "$GITHUB_ENV" |
| |
| - name: Create PR check |
| uses: actions/github-script@v9 |
| id: check |
| with: |
| script: | |
| const jobs_response = await github.rest.actions.listJobsForWorkflowRunAttempt({ |
| ...context.repo, |
| run_id: context.runId, |
| attempt_number: process.env.GITHUB_RUN_ATTEMPT, |
| }); |
| const job_url = jobs_response.data.jobs[0].html_url; |
| const check_response = await github.rest.checks.create({ |
| ...context.repo, |
| name: 'Sonar Quality Pull Request Analysis', |
| head_sha: process.env.pr_head_sha, |
| status: 'in_progress', |
| output: { |
| title: 'Sonar Quality Pull Request Analysis', |
| summary: '[Details](' + job_url + ')' |
| } |
| }); |
| return check_response.data.id; |
| result-encoding: string |
| |
| - name: Checkout PR source |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| with: |
| repository: ${{ github.event.workflow_run.head_repository.full_name }} |
| ref: ${{ github.event.workflow_run.head_sha }} |
| fetch-depth: 0 |
| # fetch-depth: 0 is needed for Sonar's new code detection, blame information and issue backdating |
| |
| - name: Fetch base branch |
| run: | |
| git remote add upstream https://github.com/apache/camel || true |
| git fetch upstream |
| git checkout -B ${{ env.pr_base_ref }} upstream/${{ env.pr_base_ref }} |
| git checkout ${{ github.event.workflow_run.head_sha }} |
| |
| - name: Download compiled classes artifact |
| uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 |
| with: |
| name: sonar-target |
| run-id: ${{ github.event.workflow_run.id }} |
| github-token: ${{ secrets.GITHUB_TOKEN }} |
| |
| - name: Delete compiled classes artifact |
| if: always() |
| uses: actions/github-script@v9 |
| with: |
| script: | |
| await github.rest.actions.deleteArtifact({ |
| ...context.repo, |
| artifact_id: process.env.target_artifact_id |
| }); |
| |
| - name: Extract compiled classes |
| shell: bash |
| run: tar -xzf target.tar.gz |
| |
| - name: Set up JDK 21 |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 |
| with: |
| distribution: 'temurin' |
| java-version: '21' |
| cache: 'maven' |
| |
| - name: Cache SonarCloud packages |
| uses: actions/cache@v4 |
| with: |
| path: ~/.sonar/cache |
| key: ${{ runner.os }}-sonar |
| |
| - name: Install packages |
| shell: bash |
| run: | |
| sudo apt-get update |
| sudo apt-get install -qqy --no-install-recommends libtinfo6 |
| |
| - name: Run Sonar Analysis |
| shell: bash |
| run: > |
| ./mvnw org.sonarsource.scanner.maven:sonar-maven-plugin:sonar |
| -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} |
| -Dsonar.pullrequest.branch=${{ env.pr_head_ref }} |
| -Dsonar.pullrequest.base=${{ env.pr_base_ref }} |
| -Dsonar.pullrequest.key=${{ env.pr_number }} |
| -Dsonar.pullrequest.github.repository=apache/camel |
| -Dsonar.pullrequest.provider=GitHub |
| -Dsonar.pullrequest.github.summary_comment=true |
| -Dsonar.projectKey=apache_camel |
| -Dsonar.organization=apache |
| -B -V |
| env: |
| MAVEN_OPTS: "-XX:+UseG1GC -XX:InitialHeapSize=2g -XX:MaxHeapSize=6g -XX:+UseStringDeduplication" |
| SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} |
| |
| - name: Update PR check status |
| uses: actions/github-script@v9 |
| if: always() |
| env: |
| CHECK_ID: ${{ steps.check.outputs.result }} |
| JOB_STATUS: ${{ job.status }} |
| with: |
| script: | |
| await github.rest.checks.update({ |
| ...context.repo, |
| check_run_id: process.env.CHECK_ID, |
| status: 'completed', |
| conclusion: process.env.JOB_STATUS |
| }); |
