Skip to content
Build

Update SonarSource/gh-action_release action to v6.2.0 #337

Sign in to view logs

Update SonarSource/gh-action_release action to v6.2.0

Update SonarSource/gh-action_release action to v6.2.0 #337

Workflow file for this run

.github/workflows/build.yml at 4770401
name: Build
on:
push:
branches: [master, branch-*, dogfood-*]
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build:
name: "Build"
runs-on: github-ubuntu-latest-s
outputs:
build-number: ${{ steps.build-poetry.outputs.BUILD_NUMBER }}
permissions:
id-token: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Install mise and tools
uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
- name: Build the scanner
uses: SonarSource/ci-github-actions/build-poetry@v1
id: build-poetry
with:
sonar-platform: none
artifactory-reader-role: private-reader
artifactory-deployer-role: qa-deployer
deploy-pull-request: true
install_deps:
name: "Install and Cache Poetry Dependencies"
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Configure poetry
uses: ./.github/actions/config-poetry # We use this job to cache the poetry depend
- run: |
poetry install
formatting:
name: "Formatting and Licenses headers"
needs: [install_deps]
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Configure poetry
uses: ./.github/actions/config-poetry
- run: |
poetry run black src/ tests/ --check
poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/
poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d tests/
git diff --name-only --exit-code ./src ./tests
documentation:
name: "CLI Documentation"
runs-on: github-ubuntu-latest-s
needs: [install_deps]
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Install mise and tools
uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
- name: Check for incorrect documentation
run: |
poetry run python tools/generate_cli_documentation.py
git diff --exit-code CLI_ARGS.md
coverage:
name: "Coverage report generation"
runs-on: github-ubuntu-latest-s
needs: [install_deps]
permissions:
id-token: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Configure poetry
uses: ./.github/actions/config-poetry
- run: |
poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
poetry run mypy src/ > mypy-report.txt || true
- name: Upload coverage artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: coverage-reports
path: |
coverage.xml
mypy-report.txt
analysis:
name: "NEXT Analysis"
runs-on: github-ubuntu-latest-s
needs: [coverage]
permissions:
id-token: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Download coverage artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: coverage-reports
- name: Install mise and tools
uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
- name: Analysis the project on next
uses: SonarSource/ci-github-actions/build-poetry@v1
with:
sonar-platform: next
artifactory-reader-role: private-reader
artifactory-deployer-role: qa-deployer
qa:
name: "Test Python ${{ matrix.python-version }}"
runs-on: github-ubuntu-latest-s
needs: [install_deps]
permissions:
id-token: write
contents: write
strategy:
fail-fast: false
matrix:
python-version:
["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2", "3.14.0"]
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Configure poetry
uses: ./.github/actions/config-poetry
with:
python-version: ${{ matrix.python-version }}
- name: Execute the test suite
run: |
poetry run pytest tests/
qa-windows:
name: "Test Windows"
runs-on: github-windows-latest-s
needs: [install_deps]
permissions:
id-token: write
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Configure poetry for Windows
uses: ./.github/actions/config-poetry
- name: Execute the test suite
run: |
poetry run pytest tests/
its:
name: "Integration Tests"
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
contents: write
env:
SONARQUBE_VERSION: 25.3.0.104237
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Cache SonarQube
uses: SonarSource/ci-github-actions/cache@v1
id: sonarqube-cache
with:
path: sonarqube_cache/
key: sonarqube-25.3.0.104237
restore-keys: cache-${{ runner.os }}-
- name: Download SonarQube
if: ${{ !steps.sonarqube-cache.outputs.cache-hit }}
run: |
mkdir -p sonarqube_cache
if [ ! -f sonarqube_cache/sonarqube.zip ]; then
wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip
fi
- name: Configure poetry
uses: ./.github/actions/config-poetry
- name: Execute the integration tests
run: ./.github/scripts/run_its.sh
promote:
name: "Promote"
needs:
[
build,
formatting,
documentation,
coverage,
analysis,
qa,
qa-windows,
its,
]
runs-on: github-ubuntu-latest-s
permissions:
id-token: write
contents: write
steps:
- name: Promote
uses: SonarSource/ci-github-actions/promote@v1
with:
promote-pull-request: true
build-name: sonar-scanner-python
env:
BUILD_NUMBER: ${{ needs.build.outputs.build-number }}