ladybird/.github/workflows/sonar-cloud-static-analysis.yml

name: Sonar Cloud Static Analysis
on:
  schedule:
    # At the end of every day
    - cron: '0 0 * * *'

jobs:
  build:
    name: Static Analysis
    runs-on: ubuntu-latest
    env:
      # Latest scanner version is tracked on: https://sonarcloud.io/documentation/analysis/scan/sonarscanner/
      SONAR_SCANNER_VERSION: 4.6.1.2450
      SONAR_SERVER_URL: "https://sonarcloud.io"
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

        # Install JDK for sonar-scanner
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 11

        # The sonar cache appears to be about ~450 MB
      - name: Cache SonarCloud packages and analysis
        uses: actions/cache@v2
        id: sonarcloud-cache
        with:
          path: ~/.sonar
          key: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }}
          restore-keys: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }}

      - name: Download and set up sonar-scanner
        env:
          SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
        if: steps.sonarcloud-cache.outputs.cache-hit != 'true'
        run: |
          mkdir -p $HOME/.sonar
          curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
          unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
          rm $HOME/.sonar/sonar-scanner.zip

      - name: Configure sonar-scanner
        run: |
          echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
          echo "sonar.projectKey=SerenityOS_serenity" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.organization=serenityos" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.cfamily.cache.enabled=true" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.cfamily.cache.path=.sonar" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.cfamily.compile-commands=${{ github.workspace }}/Build/compile_commands.json" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.cfamily.threads=2" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.host.url=${{ env.SONAR_SERVER_URL }}" >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.sources=." >> ${{ github.workspace }}/sonar-project.properties
          echo "sonar.tests=${{ github.workspace }}/Tests,${{ github.workspace }}/Base/res,${{ github.workspace }}/Base/www" >> ${{ github.workspace }}/sonar-project.properties

      # === OS SETUP ===
      # TODO: Is there someway to share these steps with the cmake.yml?

      - name: "Install Ubuntu dependencies"
        # These packages are already part of the ubuntu-20.04 image:
        # cmake clang-format-11 gcc-10 g++-10 libstdc++-10-dev libgmp-dev npm shellcheck
        # Packages below aren't.
        #
        # We add the canonical-server/server-backports PPA to get updated QEMU releases without having to manage
        #    yet another cache in github actions
        run: |
          sudo add-apt-repository ppa:canonical-server/server-backports
          sudo apt-get update
          sudo apt-get install libmpfr-dev libmpc-dev ninja-build unzip

      - name: Check versions
        run: set +e; g++ --version; g++-10 --version; ninja --version;

      - name: Prepare useful stamps
        id: stamps
        shell: cmake -P {0}
        run: |
          string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)
          # Output everything twice to make it visible both in the logs
          # *and* as actual output variable, in this order.
          message("  set-output name=time::${current_date}")
          message("::set-output name=time::${current_date}")
          message("  set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
          message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")

      - name: Toolchain cache
        # TODO: Change the version to the released version when https://github.com/actions/cache/pull/489 (or 571) is merged.
        uses: actions/cache@03e00da99d75a2204924908e1cca7902cafce66b
        env:
          # This job should always read the cache, never populate it.
          CACHE_SKIP_SAVE: false

        with:
          path: ${{ github.workspace }}/Toolchain/Cache/
          # This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain.
          # This is wrong, and causes more Toolchain rebuilds than necessary.
          # However, we want to avoid false cache hits at all costs.
          key: ${{ runner.os }}-toolchain-i686-${{ steps.stamps.outputs.libc_headers }}

      - name: Restore or regenerate Toolchain
        run: TRY_USE_LOCAL_TOOLCHAIN=y ARCH="${{ matrix.arch }}" ${{ github.workspace }}/Toolchain/BuildIt.sh

      - name: Create build directory
        run: |
          mkdir -p ${{ github.workspace }}/Build
          mkdir -p ${{ github.workspace }}/Build/UCD
          mkdir -p ${{ github.workspace }}/Build/CLDR

      - name: Create build environment
        working-directory: ${{ github.workspace }}/Build
        run: cmake .. -GNinja -DSERENITY_ARCH=i686 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DENABLE_PCI_IDS_DOWNLOAD=OFF -DENABLE_USB_IDS_DOWNLOAD=OFF -DCMAKE_C_COMPILER=gcc-10 -DCMAKE_CXX_COMPILER=g++-10


      - name: Build generated sources so they are available for analysis.
        working-directory: ${{ github.workspace }}/Build
        run: |
          ninja all_generated

      - name: Run sonar-scanner, upload results
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: |
          sonar-scanner
Meta: Action workflow to build and upload results in sonar-cloud This action executes once a day, the sonar cloud runner analyzes the code and then uploads the results. The current code base takes almost 3 hours of computer time to analyze. The runner supports multi threaded executing and caching of results, so we save that cache as part of the github action work flow to allow for the analysis to skip unchanged files. 2021-08-29 17:02:01 +00:00			`name: Sonar Cloud Static Analysis`
			`on:`
			`schedule:`
			`# At the end of every day`
Meta: Fix yaml syntax of Sonar Cube Workflow I fat fingered this last minute when converting from the trigger I was using for development/testing to the cron schedule for use in the main repo. 2021-08-30 18:06:45 +00:00			`- cron: '0 0 * * *'`
Meta: Action workflow to build and upload results in sonar-cloud This action executes once a day, the sonar cloud runner analyzes the code and then uploads the results. The current code base takes almost 3 hours of computer time to analyze. The runner supports multi threaded executing and caching of results, so we save that cache as part of the github action work flow to allow for the analysis to skip unchanged files. 2021-08-29 17:02:01 +00:00
			`jobs:`
			`build:`
			`name: Static Analysis`
			`runs-on: ubuntu-latest`
			`env:`
			`# Latest scanner version is tracked on: https://sonarcloud.io/documentation/analysis/scan/sonarscanner/`
			`SONAR_SCANNER_VERSION: 4.6.1.2450`
			`SONAR_SERVER_URL: "https://sonarcloud.io"`
			`steps:`
			`- uses: actions/checkout@v2`
			`with:`
			`fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis`

			`# Install JDK for sonar-scanner`
			`- name: Set up JDK 11`
			`uses: actions/setup-java@v1`
			`with:`
			`java-version: 11`

			`# The sonar cache appears to be about ~450 MB`
			`- name: Cache SonarCloud packages and analysis`
			`uses: actions/cache@v2`
			`id: sonarcloud-cache`
			`with:`
			`path: ~/.sonar`
			`key: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }}`
			`restore-keys: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }}`

			`- name: Download and set up sonar-scanner`
			`env:`
			`SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip`
			`if: steps.sonarcloud-cache.outputs.cache-hit != 'true'`
			`run: \|`
			`mkdir -p $HOME/.sonar`
			`curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}`
			`unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/`
			`rm $HOME/.sonar/sonar-scanner.zip`

			`- name: Configure sonar-scanner`
			`run: \|`
			`echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH`
			`echo "sonar.projectKey=SerenityOS_serenity" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.organization=serenityos" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.cfamily.cache.enabled=true" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.cfamily.cache.path=.sonar" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.cfamily.compile-commands=${{ github.workspace }}/Build/compile_commands.json" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.cfamily.threads=2" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.host.url=${{ env.SONAR_SERVER_URL }}" >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.sources=." >> ${{ github.workspace }}/sonar-project.properties`
			`echo "sonar.tests=${{ github.workspace }}/Tests,${{ github.workspace }}/Base/res,${{ github.workspace }}/Base/www" >> ${{ github.workspace }}/sonar-project.properties`

			`# === OS SETUP ===`
			`# TODO: Is there someway to share these steps with the cmake.yml?`

			`- name: "Install Ubuntu dependencies"`
			`# These packages are already part of the ubuntu-20.04 image:`
			`# cmake clang-format-11 gcc-10 g++-10 libstdc++-10-dev libgmp-dev npm shellcheck`
			`# Packages below aren't.`
			`#`
			`# We add the canonical-server/server-backports PPA to get updated QEMU releases without having to manage`
			`# yet another cache in github actions`
			`run: \|`
			`sudo add-apt-repository ppa:canonical-server/server-backports`
			`sudo apt-get update`
			`sudo apt-get install libmpfr-dev libmpc-dev ninja-build unzip`

			`- name: Check versions`
			`run: set +e; g++ --version; g++-10 --version; ninja --version;`

			`- name: Prepare useful stamps`
			`id: stamps`
			`shell: cmake -P {0}`
			`run: \|`
			`string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)`
			`# Output everything twice to make it visible both in the logs`
			`# and as actual output variable, in this order.`
			`message(" set-output name=time::${current_date}")`
			`message("::set-output name=time::${current_date}")`
			`message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/*/.h', 'Userland/Libraries/LibPthread/*/.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")`
			`message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/*/.h', 'Userland/Libraries/LibPthread/*/.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")`

			`- name: Toolchain cache`
			`# TODO: Change the version to the released version when https://github.com/actions/cache/pull/489 (or 571) is merged.`
			`uses: actions/cache@03e00da99d75a2204924908e1cca7902cafce66b`
			`env:`
			`# This job should always read the cache, never populate it.`
			`CACHE_SKIP_SAVE: false`

			`with:`
			`path: ${{ github.workspace }}/Toolchain/Cache/`
			`# This assumes that ALL LibC and LibPthread headers have an impact on the Toolchain.`
			`# This is wrong, and causes more Toolchain rebuilds than necessary.`
			`# However, we want to avoid false cache hits at all costs.`
			`key: ${{ runner.os }}-toolchain-i686-${{ steps.stamps.outputs.libc_headers }}`

			`- name: Restore or regenerate Toolchain`
			`run: TRY_USE_LOCAL_TOOLCHAIN=y ARCH="${{ matrix.arch }}" ${{ github.workspace }}/Toolchain/BuildIt.sh`

			`- name: Create build directory`
			`run: \|`
			`mkdir -p ${{ github.workspace }}/Build`
			`mkdir -p ${{ github.workspace }}/Build/UCD`
			`mkdir -p ${{ github.workspace }}/Build/CLDR`

			`- name: Create build environment`
			`working-directory: ${{ github.workspace }}/Build`
			`run: cmake .. -GNinja -DSERENITY_ARCH=i686 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DENABLE_PCI_IDS_DOWNLOAD=OFF -DENABLE_USB_IDS_DOWNLOAD=OFF -DCMAKE_C_COMPILER=gcc-10 -DCMAKE_CXX_COMPILER=g++-10`


			`- name: Build generated sources so they are available for analysis.`
			`working-directory: ${{ github.workspace }}/Build`
			`run: \|`
			`ninja all_generated`

			`- name: Run sonar-scanner, upload results`
			`env:`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
			`run: \|`
			`sonar-scanner`