[All Platforms] - SonarQube Scan - Scheduled

[All Platforms] - SonarQube Scan - Scheduled #501

Workflow file for this run

	name: "[All Platforms] - SonarQube Scan - Scheduled"

	on:
	schedule:
	- cron: "0 2 * * 1-5" # every working day at 2am we will do a daily scan on develop
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}

	permissions:
	id-token: write
	contents: read
	pull-requests: write

	jobs:
	scan:
	name: Scan LLM && LLD & Libs
	env:
	NODE_OPTIONS: "--max-old-space-size=7168"
	runs-on: [ledger-live-linux-8CPU-32RAM]
	steps:
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	- name: Setup git user
	uses: LedgerHQ/ledger-live/tools/actions/composites/setup-git-user@develop
	- name: Setup the caches
	uses: LedgerHQ/ledger-live/tools/actions/composites/setup-caches@develop
	id: caches
	with:
	skip-turbo-cache: "false"
	install-proto: true
	accountId: ${{ secrets.AWS_ACCOUNT_ID_PROD }}
	roleName: ${{ secrets.AWS_CACHE_ROLE_NAME }}
	region: ${{ secrets.AWS_CACHE_REGION }}
	turbo-server-token: ${{ secrets.TURBOREPO_SERVER_TOKEN }}
	- name: Install dependencies
	env:
	LANG: en_US.UTF-8
	run: \|
	pnpm i --filter="./libs/**" --no-frozen-lockfile --unsafe-perm
	pnpm i --filter="live-mobile..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm
	pnpm i --filter="ledger-live-desktop..." --filter="ledger-live" --no-frozen-lockfile --unsafe-perm

	- name: Build dependencies
	run: \|
	pnpm build:libs --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo"
	pnpm build:lld:deps --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo"
	pnpm build:llm:deps --api="http://127.0.0.1:${{ steps.caches.outputs.port }}" --token="${{ secrets.TURBOREPO_SERVER_TOKEN }}" --team="foo"

	- name: Generate Unit test coverage for LLD & LLM
	run: \|
	pnpm desktop test:jest:coverage
	pnpm mobile test:jest:coverage

	- name: Generate Unit test coverage for libs
	run: \|

	mkdir -p libs/coverage
	touch libs/coverage/lcov.info
	touch libs/coverage/sonar-executionTests-report.xml

	pnpm turbo run coverage --filter="./libs/**" --concurrency=4 -- --runInBand=1

	for package_json in $(find ./libs -name "package.json"); do
	lib=$(dirname "$package_json")
	echo "Processing library at path: $lib"

	if [ -f "$package_json" ] && jq -e '.scripts.coverage' "$package_json"; then
	if [ -f "$lib/coverage/lcov.info" ] && [ -f "$lib/coverage/sonar-executionTests-report.xml" ]; then
	echo "Appending coverage files for $lib"
	cat "$lib/coverage/lcov.info" >> libs/coverage/lcov.info
	cat "$lib/coverage/sonar-executionTests-report.xml" >> libs/coverage/sonar-executionTests-report.xml
	fi
	elif [ -f "$package_json" ] && ! jq -e '.scripts.coverage' "$package_json" && jq -e '.scripts.test' "$package_json"; then
	echo "Coverage script not defined for $lib"
	else
	echo "No coverage or test script found for $lib, skipping."
	fi
	done

	- name: Merge coverage files
	run: \|
	cat libs/coverage/lcov.info apps/ledger-live-desktop/coverage/lcov.info apps/ledger-live-mobile/coverage/lcov.info > ./lcov.info
	cat libs/coverage/sonar-executionTests-report.xml apps/ledger-live-desktop/coverage/sonar-executionTests-report.xml apps/ledger-live-mobile/coverage/sonar-executionTests-report.xml > ./sonar-executionTests-report.xml

	- name: Sonarqube Scan
	uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[All Platforms] - SonarQube Scan - Scheduled #501

Workflow file

[All Platforms] - SonarQube Scan - Scheduled #501

Uh oh!

Workflow file for this run