I've been trying to follow the example provided by SonarCloud to set it up, but it doesn't work.
name: SonarCloud
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build and analyze
runs-on: macos-latest
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install sonar-scanner and build-wrapper
uses: SonarSource/sonarcloud-github-c-cpp#v1
- name: Run build-wrapper
run: |
build-wrapper-macosx-x86 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }}<insert_your_clean_build_command>
- name: Run sonar-scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
It always goes wrong in the Run build-wrapper-macosx-x86 production process.
Is there enough solution or sample code to guide me?
Related
Currently I am trying to have 1 job scanning SonarQube and 1 job checking for the quality gate in github actions. In order to get the report from gradle of the quality check in the second job, I have to cache it (or atleast with the limited knowledge I have). But I don't want when I rerun the workflow on the same PR or on different PRs use the same cache, since the report is only valid for a current workflow and not futher ones (those need to always create a new report and give the new report to the second job).
Here is my workflow:
name: SonarQube
on:
push:
branches:
- master # or the name of your main branch
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 11
uses: actions/setup-java#v3
with:
java-version: 11
distribution: corretto
cache: gradle
- name: Build and analyze
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: ./gradlew --info sonar -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_TOKEN
- name: Cache report
uses: actions/cache#v3
with:
path: build/sonar/
key: report-task
qualityCheck:
needs: scan
runs-on: ubuntu-latest
steps:
- name: Get cache report
uses: actions/cache#v3
with:
path: build/sonar/
key: report-task
- name: Quality Gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action#master
# Force to fail step after specific time.
timeout-minutes: 5
with:
scanMetadataReportFile: build/sonar/report-task.txt
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
What needs to be changed to achieve this?
I have currently done this:
- name: Cache report
uses: actions/cache#v3
with:
path: build/sonar/
key: commit-${{ github.sha }}-workflow-${{ github.run_id }}-${{ github.run_number }}-report-task-${{ hashFiles('build/sonar/**') }}
This doesn't solve the problem that it keeps the cache after the workflow ends, but it now won't use the report of previous workflows.
I have the following two actions, how can I make the second action be executed at the end of the first after making the first one commit and push?
Action1
on:
workflow_dispatch:
inputs:
name: Scrape Data
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run action
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub sets this for you
Action2
on:
workflow_dispatch:
inputs:
name: Visit Data
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run visit
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub sets this for you
You could use the workflow_run trigger on the second workflow.
Example:
name: Visit Data
on:
workflow_run:
workflows: ['Scrape Data'] # First workflow name
types:
- completed # can also use 'requested'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run visit
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Note that you can't use workflow inputs in that case (I observed you had it set, and if it's necessary you would need to use another trigger, for example through the Github API using a workflow dispatch event with a payload).
I want to set up self-hosted runners on a k8s cluster using actions-runner-controller.
My question is, given that as per the official docs, persistent runners are not recommended
Although not generally recommended, it’s possible to disable the
passing of the --ephemeral flag by explicitly setting ephemeral: false
in the RunnerDeployment or RunnerSet spec. When disabled, your runner
becomes “persistent”.
how can one leverage artifact caching when using this controller?
Where will the cache content will be stored in the k8s cluster, given that containers are ephemeral?
If you are not using the enterprise version, the caches will be handled by Github itself. I came across some similar problems at my self-hosted runner to create a cache for nodeJs, VueJs, and Java. Here's what I did:
VueJs (moving dist folder) (note the actions/upload-artifact#v3)
name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
build-web:
runs-on: self-hosted
container:
image: node:14
steps:
- uses: actions/checkout#v3
- name: Build shc-web
run: |
yarn config set cache-folder .yarn
yarn
yarn run build
- uses: actions/upload-artifact#v3
with:
name: dist-folder
path: dist/
registry-web:
runs-on: self-hosted
needs: ['build-web']
steps:
- uses: actions/checkout#v3
- uses: actions/download-artifact#v3
with:
name: dist-folder
path: dist/
- name: Configure AWS
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Registry on AWS repository
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: shccp
run: |
docker build -t $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID .
docker push $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID
Also, I used two different jobs to handle the build. It could be done in only one so there was no need to upload/download the dist. Actually, that was precisely what I had to do in the NodeJs action. The node_modules is just too big to be uploaded.
NodeJS:
name: CI
on:
push:
branches: [ "stage" ]
pull_request:
branches: [ "stage" ]
workflow_dispatch:
jobs:
ci-api:
runs-on: self-hosted
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: 14
- name: Build api
run: npm install
- name: Configure AWS
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Registry on AWS repository
id: registry-aws
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: shcapi
run: |
docker build -t $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID .
docker push $REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID
echo "::set-output name=image-tag::$REGISTRY/$REPOSITORY:3.1.x-$GITHUB_RUN_ID"
No cache is needed once it is done in a single job. That is a pretty nice feature of Github actions btw.
The Java cache, on the other hand, is handled by the following action:
name: CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
ci-etlv4:
runs-on: self-hosted
steps:
- uses: actions/checkout#v3
- uses: actions/setup-java#v3
with:
distribution: adopt-openj9
java-version: 8
cache: 'maven'
- uses: stCarolas/setup-maven#v4.4
with:
maven-version: 3.8.2
- name: Build ETLv4
run: |
echo ${{ secrets.SETTINGS_BASE64 }} | base64 -d > settings.xml
mvn --settings settings.xml --global-settings settings.xml clean package -DskipTests=true
- uses: docker/login-action#v2
with:
registry: "iad.ocir.io"
username: ${{ secrets.OCI_REGISTRY_USER }}
password: ${{ secrets.OCI_REGISTRY_PASSWORD }}
- uses: docker/setup-qemu-action#v2
- uses: docker/setup-buildx-action#v2
with:
driver: docker
- uses: docker/build-push-action#v3
with:
context: .
push: true
tags: XXXXX
The actions/setup-java#v3 can deal with the maven/gradle caches.
Hope it helps.
The workflow in file inrisk.packages.ci.yml generates a tag and a realise of the code when a push is done in the develop branch. The below works as expected.
name: Code Int
on:
push:
paths:
- 'infra/**'
jobs:
ci:
runs-on: ubuntu-latest
steps:
# Checks-out to $GITHUB_WORKSPACE
- uses: actions/checkout#v2
- name: Basic Checks
run: |
whoami
ls -lah
pwd
- uses: actions/setup-node#v1
# Create a new release when on develop which triggers the deployment
- name: Bump version and push tag
if: github.ref == 'refs/heads/develop'
uses: mathieudutour/github-tag-action#v4.5
id: tag_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
if: github.ref == 'refs/heads/develop'
id: create_release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
release_name: Release ${{ steps.tag_version.outputs.new_tag }}
draft: false
prerelease: false
The below workflow in file inrisk.packages.cd.yml and is suppose to be triggered when ever a tag/realise is created/published.
name: Code Deploy
on:
push:
tags:
- 'v*'
release:
types:
- published
- created
- released
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
# Checks-out to $GITHUB_WORKSPACE
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
- name: Install Yarn
run: npm install -g yarn
- uses: chrislennon/action-aws-cli#v1.1
- name: Install, Build and Deploy
run: |
whoami
ls -lah
pwd
The second workflow Code Deploy dose not get trigger after Code Int publishes/created a tag/realise
However when I manually create a realise/tag the second workflow Code Deploy get triggered
This seems to be by design as stated here .This is to stop recursive workflow runs.
I used this article to get around the problem
In the following workflow, I want to add cache functionality so that, every time it will build from scratch. this is the workflow:
# This workflow will do
# a clean install of node deps
# build the source code
# run test across different versions of node
name: Conflict Check
on:
push:
branches:
- staging
pull_request:
branches:
- staging
jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: mschilde/auto-label-merge-conflicts#master
with:
CONFLICT_LABEL_NAME: 'has conflicts'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
How can I achieve this?
You can use actions/cache action for purposes of caching in Github Actions.
jobs:
triage:
runs-on: ubuntu-latest
steps:
- name: Cache build files
uses: actions/cache#v2
with:
path: ${{ PATH_TO_CACHE }}
key:${{ runner.os }}-${{ hashFiles(<glob_pattern_for_files>) }}
- uses: mschilde/auto-label-merge-conflicts#master
with:
CONFLICT_LABEL_NAME: 'has conflicts'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The example above assumes you want to cache your files between runs on different refs but your actual key declaration would depend on what you are trying to do.
For example if you are trying to cache between jobs or workflow runs on same ref:
key: ${{ runner.os }}-${{ github.sha }}