ci(sage-monorepo): parametrize sonar scanner tool (#2458)

* Touch oc web app * Ignore .nx * Save before trying Bard suggestion * Upgrade sonar scanner to support PR * Simplify command * Cleanpu * Set working dir * Specify PR number to SonarScanner for Gradle * Remove scanner tool proto * Sort Ci env vars in alphanum * Update message
Sage-Bionetworks · Jan 25, 2024 · 19352e8 · 19352e8
1 parent 78cb3b3
commit 19352e8
Show file tree

Hide file tree

Showing 10 changed files with 216 additions and 81 deletions.
diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml
@@ -4,16 +4,15 @@ on:
     types: [opened, synchronize, reopened]
 
 env:
-  HEAD_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
   HEAD_REF: ${{ github.event.pull_request.head.ref }}
-  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  HEAD_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
 
 jobs:
   push:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-        name: Checkout ${{ env.HEAD_REF }} from repository ${{ env.HEAD_REPOSITORY }}
+        name: Checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}
         with:
           ref: ${{ env.HEAD_REF }}
           repository: ${{ env.HEAD_REPOSITORY }}
@@ -25,10 +24,10 @@ jobs:
       - name: Set up the dev container
         uses: ./.github/actions/setup-dev-container
 
-      - name: Scan scanner prototype for openchallenges-app
-        run: ./tools/sonar-scanner-for-pr.sh sage-monorepo apps/openchallenges/app ${{github.event.pull_request.number}} "${{env.HEAD_REPOSITORY}}:${{env.HEAD_REF}}"
-
-      # - name: Scan the affected projects with Sonar
-      #   run: |
-      #     devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
-      #       && nx affected --target=sonar"
+      - name: Scan the affected projects with Sonar
+        env:
+          SONAR_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
+            && nx affected --target=sonar"
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@
 !.yarn/sdks
 !.yarn/versions
 .nx-container/
+.nx/
 .pnpm-store/
 .scannerwork/
 playwright-report/

diff --git a/apps/openchallenges/app/project.json b/apps/openchallenges/app/project.json
@@ -15,18 +15,22 @@
     "sonar": {
       "executor": "nx:run-commands",
       "options": {
-        "command": "bash $WORKSPACE_DIR/tools/sonar-scanner.sh {projectName}",
+        "command": "bash $WORKSPACE_DIR/tools/sonar-scanner.sh --project-key {projectName} --project-dir .",
         "cwd": "{projectRoot}"
       }
     },
     "build": {
       "executor": "@angular-devkit/build-angular:browser",
-      "outputs": ["{options.outputPath}"],
+      "outputs": [
+        "{options.outputPath}"
+      ],
       "options": {
         "outputPath": "dist/apps/openchallenges/app/browser/browser",
         "index": "apps/openchallenges/app/src/index.html",
         "main": "apps/openchallenges/app/src/main.ts",
-        "polyfills": ["zone.js"],
+        "polyfills": [
+          "zone.js"
+        ],
         "tsConfig": "apps/openchallenges/app/tsconfig.app.json",
         "inlineStyleLanguage": "scss",
         "assets": [
@@ -119,7 +123,10 @@
     "lint": {
       "executor": "@nx/linter:eslint",
       "options": {
-        "lintFilePatterns": ["apps/openchallenges/app/**/*.ts", "apps/openchallenges/app/**/*.html"]
+        "lintFilePatterns": [
+          "apps/openchallenges/app/**/*.ts",
+          "apps/openchallenges/app/**/*.html"
+        ]
       }
     },
     "lint-fix": {
@@ -134,7 +141,9 @@
     },
     "test": {
       "executor": "@nx/jest:jest",
-      "outputs": ["{workspaceRoot}/coverage/apps/openchallenges/app"],
+      "outputs": [
+        "{workspaceRoot}/coverage/apps/openchallenges/app"
+      ],
       "options": {
         "jestConfig": "apps/openchallenges/app/jest.config.ts",
         "passWithNoTests": true
@@ -145,24 +154,39 @@
       "options": {
         "context": ".",
         "metadata": {
-          "images": ["ghcr.io/sage-bionetworks/openchallenges-app"],
-          "tags": ["type=edge,branch=main", "type=raw,value=local", "type=sha"]
+          "images": [
+            "ghcr.io/sage-bionetworks/openchallenges-app"
+          ],
+          "tags": [
+            "type=edge,branch=main",
+            "type=raw,value=local",
+            "type=sha"
+          ]
         },
         "push": false
       },
-      "dependsOn": ["server"]
+      "dependsOn": [
+        "server"
+      ]
     },
     "publish-image": {
       "executor": "@nx-tools/nx-container:build",
       "options": {
         "context": ".",
         "metadata": {
-          "images": ["ghcr.io/sage-bionetworks/openchallenges-app"],
-          "tags": ["type=edge,branch=main", "type=sha"]
+          "images": [
+            "ghcr.io/sage-bionetworks/openchallenges-app"
+          ],
+          "tags": [
+            "type=edge,branch=main",
+            "type=sha"
+          ]
         },
         "push": true
       },
-      "dependsOn": ["build-image"]
+      "dependsOn": [
+        "build-image"
+      ]
     },
     "scan-image": {
       "executor": "nx:run-commands",
@@ -172,7 +196,9 @@
       }
     },
     "server": {
-      "dependsOn": ["build"],
+      "dependsOn": [
+        "build"
+      ],
       "executor": "@angular-devkit/build-angular:server",
       "options": {
         "outputPath": "dist/apps/openchallenges/app/browser/server",
@@ -211,7 +237,9 @@
     "prerender": {
       "executor": "@nguniversal/builders:prerender",
       "options": {
-        "routes": ["/"]
+        "routes": [
+          "/"
+        ]
       },
       "configurations": {
         "development": {
@@ -233,16 +261,22 @@
     },
     "e2e": {
       "executor": "@nx/playwright:playwright",
-      "outputs": ["{workspaceRoot}/dist/.playwright/apps/openchallenges/app"],
+      "outputs": [
+        "{workspaceRoot}/dist/.playwright/apps/openchallenges/app"
+      ],
       "options": {
         "config": "apps/openchallenges/app/playwright.config.ts"
       }
     }
   },
-  "tags": ["type:app", "scope:client", "language:typescript"],
+  "tags": [
+    "type:app",
+    "scope:client",
+    "language:typescript"
+  ],
   "implicitDependencies": [
     "openchallenges-styles",
     "openchallenges-themes",
     "shared-typescript-assets"
   ]
-}
+}
diff --git a/apps/openchallenges/app/src/app/app.component.html b/apps/openchallenges/app/src/app/app.component.html
@@ -1,4 +1,5 @@
 <openchallenges-google-tag-manager *ngIf="useGoogleTagManager" />
+<!-- XXX -->
 <openchallenges-navbar
   class="mat-elevation-z6"
   [title]="title"

diff --git a/apps/openchallenges/challenge-service/build.gradle b/apps/openchallenges/challenge-service/build.gradle
@@ -63,7 +63,7 @@ dependencies {
   implementation "org.springframework.cloud:spring-cloud-sleuth-zipkin:${springCloudVersion}"
 
   implementation "org.sagebionetworks.openchallenges:openchallenges-app-config-data:${openchallengesVersion}"
-  
+
   implementation 'io.micrometer:micrometer-registry-prometheus:1.10.4'
 }
 
@@ -104,9 +104,11 @@ jacocoTestReport {
 
 sonar {
   properties {
-    property("sonar.projectKey", "${project.name}")
-    property("sonar.organization", "sage-bionetworks")
     property("sonar.host.url", "https://sonarcloud.io")
+    property("sonar.organization", "sage-bionetworks")
+    property("sonar.projectKey", "${project.name}")
+    // Include the pull request number (ignored if not set)
+    property("sonar.pullrequest.key", System.getenv('SONAR_PULL_REQUEST_NUMBER'))
   }
 }
 

diff --git a/apps/openchallenges/image-service/build.gradle b/apps/openchallenges/image-service/build.gradle
@@ -165,5 +165,7 @@ sonar {
     property("sonar.host.url", "https://sonarcloud.io")
     property("sonar.coverage.exclusions", autoGeneratedFiles.join(","))
     // property("sonar.log.level", "DEBUG")
+    // Include the pull request number (ignored if not set)
+    property("sonar.pullrequest.key", System.getenv('SONAR_PULL_REQUEST_NUMBER'))
   }
 }
diff --git a/apps/openchallenges/organization-service/build.gradle b/apps/openchallenges/organization-service/build.gradle
@@ -140,6 +140,8 @@ sonar {
     property("sonar.projectKey", "openchallenges-organization-service")
     property("sonar.organization", "sage-bionetworks")
     property("sonar.host.url", "https://sonarcloud.io")
+    // Include the pull request number (ignored if not set)
+    property("sonar.pullrequest.key", System.getenv('SONAR_PULL_REQUEST_NUMBER'))
   }
 }
 

diff --git a/apps/schematic/api/project.json b/apps/schematic/api/project.json
@@ -36,8 +36,14 @@
       "options": {
         "context": "apps/schematic/api",
         "metadata": {
-          "images": ["ghcr.io/sage-bionetworks/schematic-api"],
-          "tags": ["type=edge,branch=main", "type=raw,value=local", "type=sha"]
+          "images": [
+            "ghcr.io/sage-bionetworks/schematic-api"
+          ],
+          "tags": [
+            "type=edge,branch=main",
+            "type=raw,value=local",
+            "type=sha"
+          ]
         },
         "push": false
       }
@@ -47,12 +53,19 @@
       "options": {
         "context": "apps/schematic/api",
         "metadata": {
-          "images": ["ghcr.io/sage-bionetworks/schematic-api"],
-          "tags": ["type=edge,branch=main", "type=sha"]
+          "images": [
+            "ghcr.io/sage-bionetworks/schematic-api"
+          ],
+          "tags": [
+            "type=edge,branch=main",
+            "type=sha"
+          ]
         },
         "push": true
       },
-      "dependsOn": ["build-image"]
+      "dependsOn": [
+        "build-image"
+      ]
     },
     "scan-image": {
       "executor": "nx:run-commands",
@@ -64,11 +77,16 @@
     "generate": {
       "executor": "nx:run-commands",
       "options": {
-        "commands": ["xargs rm -fr <.openapi-generator/FILES", "openapi-generator-cli generate"],
+        "commands": [
+          "xargs rm -fr <.openapi-generator/FILES",
+          "openapi-generator-cli generate"
+        ],
         "cwd": "{projectRoot}",
         "parallel": false
       },
-      "dependsOn": ["^build"]
+      "dependsOn": [
+        "^build"
+      ]
     },
     "lint": {
       "executor": "nx:run-commands",
@@ -126,11 +144,18 @@
     "sonar": {
       "executor": "nx:run-commands",
       "options": {
-        "command": "bash $WORKSPACE_DIR/tools/sonar-scanner.sh {projectName}",
+        "command": "bash $WORKSPACE_DIR/tools/sonar-scanner.sh --project-key {projectName} --project-dir .",
         "cwd": "{projectRoot}"
       }
     }
   },
-  "tags": ["type:service", "scope:backend", "language:python", "package-manager:poetry"],
-  "implicitDependencies": ["schematic-api-description"]
-}
+  "tags": [
+    "type:service",
+    "scope:backend",
+    "language:python",
+    "package-manager:poetry"
+  ],
+  "implicitDependencies": [
+    "schematic-api-description"
+  ]
+}
diff --git a/tools/sonar-scanner-for-pr.sh b/tools/sonar-scanner-for-pr.sh