ci(sage-monorepo): try sonar scan workflow triggered by fork PR (#2457)

* Touch OC web app * Trigger again the workflow * Create prototype of new sonar scanner for pr * Cleanup * Cleanup * Update scanner parameters * Disable sonar scanner in main CI workflow
Sage-Bionetworks · Jan 25, 2024 · 78cb3b3 · 78cb3b3
1 parent 37e8647
commit 78cb3b3
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 9 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ env:
   NX_CLOUD_AUTH_TOKEN: ${{ secrets.NX_CLOUD_AUTH_TOKEN }}
   NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }}
   NX_CLOUD_ENV_NAME: 'linux'
-  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   DOCKER_USERNAME: ${{ github.actor }}
   DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
 
@@ -54,10 +54,10 @@ jobs:
           devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
             && nx affected --target=integration-test"
 
-      - name: Scan the affected projects with Sonar
-        run: |
-          devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
-            && nx affected --target=sonar"
+      # - name: Scan the affected projects with Sonar
+      #   run: |
+      #     devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
+      #       && nx affected --target=sonar"
 
       - name: Publish the images of the affected projects
         run: |

diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml
@@ -25,7 +25,10 @@ jobs:
       - name: Set up the dev container
         uses: ./.github/actions/setup-dev-container
 
-      - name: Scan the affected projects with Sonar
-        run: |
-          devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
-            && nx affected --target=sonar"
+      - name: Scan scanner prototype for openchallenges-app
+        run: ./tools/sonar-scanner-for-pr.sh sage-monorepo apps/openchallenges/app ${{github.event.pull_request.number}} "${{env.HEAD_REPOSITORY}}:${{env.HEAD_REF}}"
+
+      # - name: Scan the affected projects with Sonar
+      #   run: |
+      #     devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
+      #       && nx affected --target=sonar"
diff --git a/tools/sonar-scanner-for-pr.sh b/tools/sonar-scanner-for-pr.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+if [ $# -lt 1 ]
+then
+  echo "The argument <project_key> must be specified."
+  exit 1
+fi
+
+PROJECT_KEY="$1"
+SOURCES="$2"
+PULL_REQUEST_KEY="$3"
+PULL_REQUEST_BRANCH="$4"
+PULL_REQUEST_BASE="${5:-main}"
+
+echo "Project key: $PROJECT_KEY"
+echo "Sources: $SOURCES"
+
+sonar-scanner \
+  -Dsonar.organization=sage-bionetworks \
+  -Dsonar.projectKey=$PROJECT_KEY \
+  -Dsonar.sources=$SOURCES \
+  -Dsonar.host.url=https://sonarcloud.io \
+  -Dsonar.python.coverage.reportPaths=coverage.xml \
+  -Dsonar.pullrequest.key=$PULL_REQUEST_KEY \
+  -Dsonar.pullrequest.branch=$PULL_REQUEST_BRANCH \
+  -Dsonar.pullrequest.base=$PULL_REQUEST_BASE \