Meta: Action workflow to build and upload results in sonar-cloud

This action executes once a day, the sonar cloud runner analyzes the
code and then uploads the results.

The current code base takes almost 3 hours of computer time to analyze.
The runner supports multi threaded executing and caching of results, so
we save that cache as part of the github action work flow to allow for
the analysis to skip unchanged files.
This commit is contained in:
Brian Gianforcaro 2021-08-29 10:02:01 -07:00 committed by Andreas Kling
parent 619200774b
commit ab07d8bbf0
Notes: sideshowbarker 2024-07-18 05:05:31 +09:00

View file

@ -0,0 +1,126 @@
name: Sonar Cloud Static Analysis
on:
schedule:
# At the end of every day
cron: "0 0 * * *"
jobs:
build:
name: Static Analysis
runs-on: ubuntu-latest
env:
# Latest scanner version is tracked on: https://sonarcloud.io/documentation/analysis/scan/sonarscanner/
SONAR_SCANNER_VERSION: 4.6.1.2450
SONAR_SERVER_URL: "https://sonarcloud.io"
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
# Install JDK for sonar-scanner
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
# The sonar cache appears to be about ~450 MB
- name: Cache SonarCloud packages and analysis
uses: actions/cache@v2
id: sonarcloud-cache
with:
path: ~/.sonar
key: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }}
restore-keys: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }}
- name: Download and set up sonar-scanner
env:
SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
if: steps.sonarcloud-cache.outputs.cache-hit != 'true'
run: |
mkdir -p $HOME/.sonar
curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
rm $HOME/.sonar/sonar-scanner.zip
- name: Configure sonar-scanner
run: |
echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
echo "sonar.projectKey=SerenityOS_serenity" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.organization=serenityos" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.cfamily.cache.enabled=true" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.cfamily.cache.path=.sonar" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.cfamily.compile-commands=${{ github.workspace }}/Build/compile_commands.json" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.cfamily.threads=2" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.host.url=${{ env.SONAR_SERVER_URL }}" >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.sources=." >> ${{ github.workspace }}/sonar-project.properties
echo "sonar.tests=${{ github.workspace }}/Tests,${{ github.workspace }}/Base/res,${{ github.workspace }}/Base/www" >> ${{ github.workspace }}/sonar-project.properties
# === OS SETUP ===
# TODO: Is there someway to share these steps with the cmake.yml?
- name: "Install Ubuntu dependencies"
# These packages are already part of the ubuntu-20.04 image:
# cmake clang-format-11 gcc-10 g++-10 libstdc++-10-dev libgmp-dev npm shellcheck
# Packages below aren't.
#
# We add the canonical-server/server-backports PPA to get updated QEMU releases without having to manage
# yet another cache in github actions
run: |
sudo add-apt-repository ppa:canonical-server/server-backports
sudo apt-get update
sudo apt-get install libmpfr-dev libmpc-dev ninja-build unzip
- name: Check versions
run: set +e; g++ --version; g++-10 --version; ninja --version;
- name: Prepare useful stamps
id: stamps
shell: cmake -P {0}
run: |
string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)
# Output everything twice to make it visible both in the logs
# *and* as actual output variable, in this order.
message(" set-output name=time::${current_date}")
message("::set-output name=time::${current_date}")
message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
- name: Toolchain cache
# TODO: Change the version to the released version when https://github.com/actions/cache/pull/489 (or 571) is merged.
uses: actions/cache@03e00da99d75a2204924908e1cca7902cafce66b
env:
# This job should always read the cache, never populate it.
CACHE_SKIP_SAVE: false
with:
path: ${{ github.workspace }}/Toolchain/Cache/
# This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain.
# This is wrong, and causes more Toolchain rebuilds than necessary.
# However, we want to avoid false cache hits at all costs.
key: ${{ runner.os }}-toolchain-i686-${{ steps.stamps.outputs.libc_headers }}
- name: Restore or regenerate Toolchain
run: TRY_USE_LOCAL_TOOLCHAIN=y ARCH="${{ matrix.arch }}" ${{ github.workspace }}/Toolchain/BuildIt.sh
- name: Create build directory
run: |
mkdir -p ${{ github.workspace }}/Build
mkdir -p ${{ github.workspace }}/Build/UCD
mkdir -p ${{ github.workspace }}/Build/CLDR
- name: Create build environment
working-directory: ${{ github.workspace }}/Build
run: cmake .. -GNinja -DSERENITY_ARCH=i686 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DENABLE_PCI_IDS_DOWNLOAD=OFF -DENABLE_USB_IDS_DOWNLOAD=OFF -DCMAKE_C_COMPILER=gcc-10 -DCMAKE_CXX_COMPILER=g++-10
- name: Build generated sources so they are available for analysis.
working-directory: ${{ github.workspace }}/Build
run: |
ninja all_generated
- name: Run sonar-scanner, upload results
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner