Currently I am trying to have 1 job scanning SonarQube and 1 job checking for the quality gate in github actions. In order to get the report from gradle of the quality check in the second job, I have to cache it (or atleast with the limited knowledge I have). But I don't want when I rerun the workflow on the same PR or on different PRs use the same cache, since the report is only valid for a current workflow and not futher ones (those need to always create a new report and give the new report to the second job).
Here is my workflow:
name: SonarQube
on:
push:
branches:
- master # or the name of your main branch
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 11
uses: actions/setup-java#v3
with:
java-version: 11
distribution: corretto
cache: gradle
- name: Build and analyze
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: ./gradlew --info sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_TOKEN
- name: Cache report
uses: actions/cache#v3
with:
path: build/sonar/
key: report-task
qualityCheck:
needs: scan
runs-on: ubuntu-latest
steps:
- name: Get cache report
uses: actions/cache#v3
with:
path: build/sonar/
key: report-task
- name: Quality Gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action#master
# Force to fail step after specific time.
timeout-minutes: 5
with:
scanMetadataReportFile: build/sonar/report-task.txt
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
What needs to be changed to achieve this?
I have currently done this:
- name: Cache report
uses: actions/cache#v3
with:
path: build/sonar/
key: commit-${{ github.sha }}-workflow-${{ github.run_id }}-${{ github.run_number }}-report-task-${{ hashFiles('build/sonar/**') }}
This doesn't solve the problem that it keeps the cache after the workflow ends, but it now won't use the report of previous workflows.
Related
This is the workflow file that was created through the github actions for integration with the sonarqube
name: SonarQube Qualitygate check
on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
push:
branches:
- development
pull_request:
types: [opened, synchronize, reopened]
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
with:
# Disabling shallow clone is recommended for improving relevancy of reporting.
fetch-depth: 0
# Triggering SonarQube analysis as results of it are required by Quality Gate check.
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action#master
with:
projectBaseDir: .
env:
SONAR_TOKEN: ${{ secrets.TM_SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.TM_SONAR_HOST_URL }}
# Check the Quality Gate status.
- name: SonarQube Quality Gate check
id: sonarqube-quality-gate-check
uses: SonarSource/sonarqube-quality-gate-action#master
# Force to fail step after specific time.
timeout-minutes: 5
env:
SONAR_LOGIN: ${{ secrets.TM_SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.TM_SONAR_HOST_URL }}
Over the sonarqube scan the error is coming & couldn't resolve this issue . needed some support please .. Done adding project in sonarqube website ..
This is the output i got after running enter image description here enter image description here
I've been trying to follow the example provided by SonarCloud to set it up, but it doesn't work.
name: SonarCloud
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build and analyze
runs-on: macos-latest
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install sonar-scanner and build-wrapper
uses: SonarSource/sonarcloud-github-c-cpp#v1
- name: Run build-wrapper
run: |
build-wrapper-macosx-x86 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }}<insert_your_clean_build_command>
- name: Run sonar-scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
It always goes wrong in the Run build-wrapper-macosx-x86 production process.
Is there enough solution or sample code to guide me?
I have the following two actions, how can I make the second action be executed at the end of the first after making the first one commit and push?
Action1
on:
workflow_dispatch:
inputs:
name: Scrape Data
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run action
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub sets this for you
Action2
on:
workflow_dispatch:
inputs:
name: Visit Data
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run visit
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub sets this for you
You could use the workflow_run trigger on the second workflow.
Example:
name: Visit Data
on:
workflow_run:
workflows: ['Scrape Data'] # First workflow name
types:
- completed # can also use 'requested'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run visit
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Note that you can't use workflow inputs in that case (I observed you had it set, and if it's necessary you would need to use another trigger, for example through the Github API using a workflow dispatch event with a payload).
The workflow in file inrisk.packages.ci.yml generates a tag and a realise of the code when a push is done in the develop branch. The below works as expected.
name: Code Int
on:
push:
paths:
- 'infra/**'
jobs:
ci:
runs-on: ubuntu-latest
steps:
# Checks-out to $GITHUB_WORKSPACE
- uses: actions/checkout#v2
- name: Basic Checks
run: |
whoami
ls -lah
pwd
- uses: actions/setup-node#v1
# Create a new release when on develop which triggers the deployment
- name: Bump version and push tag
if: github.ref == 'refs/heads/develop'
uses: mathieudutour/github-tag-action#v4.5
id: tag_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
if: github.ref == 'refs/heads/develop'
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
draft: false
prerelease: false
The below workflow in file inrisk.packages.cd.yml and is suppose to be triggered when ever a tag/realise is created/published.
name: Code Deploy
on:
push:
tags:
- 'v*'
release:
types:
- published
- created
- released
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# Checks-out to $GITHUB_WORKSPACE
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
- name: Install Yarn
run: npm install -g yarn
- uses: chrislennon/action-aws-cli#v1.1
- name: Install, Build and Deploy
run: |
whoami
ls -lah
pwd
The second workflow Code Deploy dose not get trigger after Code Int publishes/created a tag/realise
However when I manually create a realise/tag the second workflow Code Deploy get triggered
This seems to be by design as stated here .This is to stop recursive workflow runs.
I used this article to get around the problem
In the following workflow, I want to add cache functionality so that, every time it will build from scratch. this is the workflow:
# This workflow will do
# a clean install of node deps
# build the source code
# run test across different versions of node
name: Conflict Check
on:
push:
branches:
- staging
pull_request:
branches:
- staging
jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: mschilde/auto-label-merge-conflicts#master
with:
CONFLICT_LABEL_NAME: 'has conflicts'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
How can I achieve this?
You can use actions/cache action for purposes of caching in Github Actions.
jobs:
triage:
runs-on: ubuntu-latest
steps:
- name: Cache build files
uses: actions/cache#v2
with:
path: ${{ PATH_TO_CACHE }}
key:${{ runner.os }}-${{ hashFiles(<glob_pattern_for_files>) }}
- uses: mschilde/auto-label-merge-conflicts#master
with:
CONFLICT_LABEL_NAME: 'has conflicts'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The example above assumes you want to cache your files between runs on different refs but your actual key declaration would depend on what you are trying to do.
For example if you are trying to cache between jobs or workflow runs on same ref:
key: ${{ runner.os }}-${{ github.sha }}