Add SonarQube Scan workflow to our workflows

This initial implementation is limited to Python-only in code coverage. SonarQube does not have YAML or Ansible language support so we might need to revisit this topic with another approach. Currently, it scans the project following the guidelines recommended by EDB platform team with a newly added SonarQube workflow. Closes #318
mlira59 · Feb 26, 2022 · c65880e · c65880e
1 parent 22b32e6
commit c65880e
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 3 deletions.
diff --git a/.coveragerc b/.coveragerc
@@ -0,0 +1,2 @@
+[run]
+omit = lib/tests/*
diff --git a/.github/workflows/sonarqube-scan.yml b/.github/workflows/sonarqube-scan.yml
@@ -0,0 +1,37 @@
+name: SonarQube Scan
+on:
+  pull_request:
+    branches: [ master ]
+  push:
+    branches: [ master ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:  
+jobs:
+  sonarQube:
+    name: SonarQube-Job
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source repo
+        uses: actions/checkout@v2
+
+      - name: Checkout GitHub Action Repo
+        uses: actions/checkout@master
+        with:
+          repository: EnterpriseDB/edb-github-actions.git
+          ref: master
+          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          path: .github/actions/edb-github-actions
+      - name: SonarQube Scan
+        uses: ./.github/actions/edb-github-actions/sonarqube
+        with:
+            REPO_NAME: '${{github.event.repository.name}}'
+            SONAR_PROJECT_KEY: '${{secrets.SONARQUBE_PROJECTKEY}}'
+            SONAR_URL: '${{secrets.SONARQUBE_URL}}'
+            SONAR_LOGIN: '${{secrets.SONARQUBE_LOGIN}}'
+            PULL_REQUEST_KEY: '${{github.event.number}}'
+            PULL_REQUEST_BRANCH: '${{github.head_ref}}'
+            PULL_REQUEST_BASE_BRANCH: '${{github.base_ref}}'
+            REPO_DEFAULT_BRANCH: '${{github.event.repository.default_branch}}'
+            REPO_EXCLUDE_FILES: '**/lib/tests/**,**/docs/**/*'
diff --git a/.github/workflows/sonarqube/configure-env.sh b/.github/workflows/sonarqube/configure-env.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+
+	##########################
+	# Setup build environment
+	##########################
+	SetupEnv(){
+	  echo "Install Requirements"
+	  sudo apt-get -y install python3-pip libpq-dev python3-dev
+	  sudo apt install python3.8-venv
+	  sudo python3 -m pip install --upgrade pip
+	  sudo python3 -m pip install tox
+	}
+
+
+	##################
+	# Generate reports
+	##################
+	GenerateReports(){
+
+	echo "Create Coverage report"
+	python3 -m tox -e py38-test
+	}
+
+
+	########
+	# Main
+	########
+	SetupEnv
+	GenerateReports
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,5 @@
+sonar.python.coverage.reportPaths=coverage-reports/coverage.xml
+sonar.python.xunit.reportPath=coverage-reports/results.xml
+sonar.coverage.exclusions=**/lib/tests/**/*.*, **/docs/**/*.*
+sonar.exclusions=**/docs/**/*.*
+sonar.test.exclusions=**/lib/tests/**/*.*
diff --git a/tox.ini b/tox.ini
@@ -1,7 +1,6 @@
 [tox]
-envlist = py36-lint, py36-test, dep
+envlist = py36-lint, py38-lint, py36-test, py38-test, dep
 skipsdist = True
-toxworkdir = {env:TOX_WORK_DIR:.tox}
 skip_missing_interpreters = True
 
 [testenv]
@@ -23,6 +22,9 @@ commands =
 addopts =
     --cov-report term:skip-covered
     --cov-report html:test-output/coverage
-    --cov=architectures/lib
+    --cov-report xml:coverage-reports/coverage.xml
     --cov=lib
     --html=test-output/tests.html
+    -o junit_family=xunit1
+    --junitxml coverage-reports/results.xml
+    --cov-report term