diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index 8f61318e431..5d1ae04bc60 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -103,6 +103,17 @@ jobs: is-high-risk-environment: false - run: yarn test:scripts - run: yarn workspace ${{ matrix.package-name }} run test + - name: Transform package name + id: transform-package-name + run: | + echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" + shell: bash + - name: Upload coverage reports + if: matrix.node-version == '22.x' + uses: actions/upload-artifact@v4 + with: + name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }} + path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage/lcov.info - name: Require clean working directory shell: bash run: | diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4bcbf87b7a2..bc225c368b8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,6 +40,13 @@ jobs: needs: check-workflows uses: ./.github/workflows/lint-build-test.yml + sonarcloud: + name: Sonar Analysis + needs: lint-build-test + uses: ./.github/workflows/sonarcloud.yml + permissions: + pull-requests: write + is-release: name: Determine whether this is a release merge commit needs: lint-build-test @@ -78,6 +85,7 @@ jobs: needs: - analyse-code - lint-build-test + - sonarcloud outputs: passed: ${{ steps.set-output.outputs.passed }} steps: diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 00000000000..aaf29699c30 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,60 @@ +name: SonarCloud Analysis + +on: + workflow_call: + +jobs: + prepare: + name: Prepare + runs-on: ubuntu-latest + outputs: + child-workspace-package-names: ${{ steps.workspace-package-names.outputs.child-workspace-package-names }} + steps: + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false + - name: Fetch workspace package names + id: workspace-package-names + run: | + echo "child-workspace-package-names=$(yarn workspaces list --no-private --json | jq --slurp --raw-output 'map(.name) | @json')" >> "$GITHUB_OUTPUT" + shell: bash + + sonar: + name: SonarCloud Analysis + runs-on: ubuntu-latest + needs: prepare + strategy: + matrix: + package-name: ${{ fromJson(needs.prepare.outputs.child-workspace-package-names) }} + steps: + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false + - name: Transform package name + id: transform-package-name + run: | + echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" + shell: bash + - name: Download coverage reports + uses: actions/download-artifact@v4 + with: + name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }} + path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@5875562561d22a34be0c657405578705a169af6c + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + projectBaseDir: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }} + args: > + -Dsonar.organization=consensys + -Dsonar.projectKey=${{ matrix.package-name }} + -Dsonar.sources=src + -Dsonar.tests=src,test + -Dsonar.test.inclusions=**/*.test.ts + -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info + -Dsonar.coverage.exclusions=**/*.test.ts + -Dsonar.coverage.minimum=80