ci : fix failing sonar pipeline by moving sonar publish step to workflow_run
#7151
Conversation
rohanKanojia
changed the title
workprflow_runworkflow_run
…flow_run` Sonar analysis is no longer working on pull requests as sonar login token is not propagated to pull requests. In order to perform analysis, split the github action into two actions: - `Sonar PR Report Request` : Will run on PR, but would only verify build is ok - `Sonar PR Report Publish` : Will run after completion of previous workflow, but on main repository that would have required secrets. Signed-off-by: Rohan Kumar <[email protected]>
rohanKanojia
force-pushed
the
pr/split-sonar-workflow-run
branch
from
6924ca4 to
b67e173
Compare
| - name: Build Project before requesting for Sonar Analysis | ||
| run: mvn ${MAVEN_ARGS} install |
There was a problem hiding this comment.
This is building the project, but I'm not sure I follow why.
Is it to ensure that the project builds and the tests pass?
There was a problem hiding this comment.
Yeah, before invoking workflow_run request on the main repository. We just make sure that build is not failing.
| run: | | ||
| PR_QUERY_RESULT=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ | ||
| "https://api.github.com/repos/$GITHUB_REPO/pulls?head=$PR_AUTHOR:$PR_BRANCH&state=open" | jq '.[0].number') | ||
| if [ "$PR_QUERY_RESULT" = "null" ] || [ -z "$PR_QUERY_RESULT" ]; then | ||
| echo "Could not find PR number for $PR_AUTHOR:$PR_BRANCH" | ||
| exit 1 | ||
| fi | ||
| echo "PR_NUMBER=$PR_QUERY_RESULT" >> $GITHUB_ENV |
There was a problem hiding this comment.
I understand this part is checking that the PR exists and hasn't been merged before proceeding to publish the PR results.
There was a problem hiding this comment.
This part is extracting pull request number using GitHub API. Actually, I couldn't find GitHub pull request number in github event payload. Therefore using GitHub REST API to fetch it. This pull request number is passed in sonar.pullrequest.key property
| - name: Sonar | ||
| run: make sonar-pr-report |
There was a problem hiding this comment.
Follow-up to https://github.com/fabric8io/kubernetes-client/pull/7151/files#r2191435582
How are the results from the build in the PR branch evaluated here? there are no intermediate artifacts stored.
There was a problem hiding this comment.
This needs to be merged to work. As of now there is no workflow_run workflow present in main repository.
There was a problem hiding this comment.
But still I don't understand where are the (or where would the) intermediate artifacts or sonar scanner results be fetched from
There was a problem hiding this comment.
There are no intermediate artifacts, it would trigger a fresh sonar analysis in workflow_run
I had tested it on my fork by creating test PR (from another account of mine) rohanKanojia#198
It triggered this workflow https://github.com/rohanKanojia/kubernetes-client/actions/runs/16107925671
It posted sonar analysis on this pull request on fabric8io/kubernetes-client (due to projectId set in sonar properties) #198 (comment)
Description
Sonar analysis is no longer working on pull requests with sonar login token is not provided in pull requests workflows.
In order to perform analysis, split the github action into two actions:
Sonar PR Report Request: Will run on PR, but would only verify build is okSonar PR Report Publish: Will run after completion of previous workflow, but on main repository that would have required secrets.Type of change
test, version modification, documentation, etc.)
Checklist