From e166402fe6f8145a0422131ca549f35bf3a2d372 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:04:23 +0100 Subject: [PATCH 01/11] feat: add SonarCloud analysis workflow --- .github/workflows/sonarcloud.yml | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 00000000000..ccab2a4bfbc --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,60 @@ +name: SonarCloud Analysis + +on: + workflow_call: + +jobs: + prepare: + name: Prepare + runs-on: ubuntu-latest + outputs: + child-workspace-package-names: ${{ steps.workspace-package-names.outputs.child-workspace-package-names }} + steps: + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false + - name: Fetch workspace package names + id: workspace-package-names + run: | + echo "child-workspace-package-names=$(yarn workspaces list --no-private --json | jq --slurp --raw-output 'map(.name) | @json')" >> "$GITHUB_OUTPUT" + shell: bash + + sonar: + name: SonarCloud Analysis + runs-on: ubuntu-latest + needs: prepare + strategy: + matrix: + package-name: ${{ fromJson(needs.prepare.outputs.child-workspace-package-names) }} + steps: + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false + - name: Transform package name + id: transform-package-name + run: | + echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" + shell: bash + - name: Download coverage reports + uses: actions/download-artifact@v2 + with: + name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} + path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v5.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + projectBaseDir: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }} + args: > + -Dsonar.organization=consensys + -Dsonar.projectKey=${{ matrix.package-name }} + -Dsonar.sources=src + -Dsonar.tests=src,test + -Dsonar.test.inclusions=**/*.test.ts + -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info + -Dsonar.coverage.exclusions=**/*.test.ts + -Dsonar.coverage.minimum=80 \ No newline at end of file From 848fbe7bcb80b36fa54fc59fde4f2e539e0b4ec3 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:04:41 +0100 Subject: [PATCH 02/11] feat: add coverage reporting to test workflow --- .github/workflows/lint-build-test.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index 8f61318e431..c75da5bb233 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -102,7 +102,17 @@ jobs: with: is-high-risk-environment: false - run: yarn test:scripts - - run: yarn workspace ${{ matrix.package-name }} run test + - run: yarn workspace ${{ matrix.package-name }} run test --coverage + - name: Transform package name + id: transform-package-name + run: | + echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" + shell: bash + - name: Upload coverage reports + uses: actions/upload-artifact@v2 + with: + name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} + path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage/lcov.info - name: Require clean working directory shell: bash run: | From 172d6f690c04a3c0161211453ed26454b5b1d75c Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:04:50 +0100 Subject: [PATCH 03/11] feat: add SonarCloud analysis job to main workflow --- .github/workflows/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4bcbf87b7a2..bc225c368b8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,6 +40,13 @@ jobs: needs: check-workflows uses: ./.github/workflows/lint-build-test.yml + sonarcloud: + name: Sonar Analysis + needs: lint-build-test + uses: ./.github/workflows/sonarcloud.yml + permissions: + pull-requests: write + is-release: name: Determine whether this is a release merge commit needs: lint-build-test @@ -78,6 +85,7 @@ jobs: needs: - analyse-code - lint-build-test + - sonarcloud outputs: passed: ${{ steps.set-output.outputs.passed }} steps: From 9b9b7589b58030c3dbdbe9cbe167372834b44ecd Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:09:14 +0100 Subject: [PATCH 04/11] fix: use approved sonarcloud github action --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index ccab2a4bfbc..889659f2734 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -43,7 +43,7 @@ jobs: name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@v5.0.0 + uses: SonarSource/sonarcloud-github-action@5875562561d22a34be0c657405578705a169af6c env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 28c9e472e9bb4d5ac76d90c51062768fee2c6c28 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:13:07 +0100 Subject: [PATCH 05/11] fix: update actions to use v4 for artifact upload and download --- .github/workflows/lint-build-test.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index c75da5bb233..e605bbb21c3 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -109,7 +109,7 @@ jobs: echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" shell: bash - name: Upload coverage reports - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage/lcov.info diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 889659f2734..8421b82aa4d 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" shell: bash - name: Download coverage reports - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v4 with: name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage From e4bbee8ff6985dd3e797a35c360aac54c4768eca Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:23:48 +0100 Subject: [PATCH 06/11] fix: update test command to use --collectCoverage flag --- .github/workflows/lint-build-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index e605bbb21c3..01eae73b896 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -102,7 +102,7 @@ jobs: with: is-high-risk-environment: false - run: yarn test:scripts - - run: yarn workspace ${{ matrix.package-name }} run test --coverage + - run: yarn workspace ${{ matrix.package-name }} run test --collectCoverage=true - name: Transform package name id: transform-package-name run: | From 21d83d72f71634d3f18d0a2c601843325bb59254 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:26:24 +0100 Subject: [PATCH 07/11] fix: update coverage report artifact names to use transformed package names --- .github/workflows/lint-build-test.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index 01eae73b896..5d75cac7927 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -111,7 +111,7 @@ jobs: - name: Upload coverage reports uses: actions/upload-artifact@v4 with: - name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} + name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }} path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage/lcov.info - name: Require clean working directory shell: bash diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 8421b82aa4d..0c041bfce26 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -40,7 +40,7 @@ jobs: - name: Download coverage reports uses: actions/download-artifact@v4 with: - name: coverage-${{ matrix.package-name }}-${{ github.event.pull_request.number || github.sha }} + name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }} path: ./packages/${{ steps.transform-package-name.outputs.package-folder-name }}/coverage - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@5875562561d22a34be0c657405578705a169af6c From f421bed851fae69c971dab564672f74433969a1f Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:31:41 +0100 Subject: [PATCH 08/11] fix: remove --collectCoverage flag from test command as its not needed --- .github/workflows/lint-build-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index 5d75cac7927..cff67179200 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -102,7 +102,7 @@ jobs: with: is-high-risk-environment: false - run: yarn test:scripts - - run: yarn workspace ${{ matrix.package-name }} run test --collectCoverage=true + - run: yarn workspace ${{ matrix.package-name }} run test - name: Transform package name id: transform-package-name run: | From 68da2ad7da7dee1ded58b874f3cad7cbeda4c269 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 18:52:50 +0100 Subject: [PATCH 09/11] fix: only upload coverage reports once --- .github/workflows/lint-build-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index cff67179200..5a427ec5550 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -109,6 +109,7 @@ jobs: echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" shell: bash - name: Upload coverage reports + if: matrix.node-version == matrix.node-version[0] uses: actions/upload-artifact@v4 with: name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }} From 939042fae1b04d01aa4c8e24dcbf3900d958db95 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 19:05:46 +0100 Subject: [PATCH 10/11] fix: use string to define upload condition --- .github/workflows/lint-build-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-build-test.yml b/.github/workflows/lint-build-test.yml index 5a427ec5550..5d1ae04bc60 100644 --- a/.github/workflows/lint-build-test.yml +++ b/.github/workflows/lint-build-test.yml @@ -109,7 +109,7 @@ jobs: echo "package-folder-name=$(echo ${{ matrix.package-name }} | sed 's/@metamask\///')" >> "$GITHUB_OUTPUT" shell: bash - name: Upload coverage reports - if: matrix.node-version == matrix.node-version[0] + if: matrix.node-version == '22.x' uses: actions/upload-artifact@v4 with: name: coverage-${{ steps.transform-package-name.outputs.package-folder-name }}-${{ github.event.pull_request.number || github.sha }} From 729be57f6ef9b60a18f7f31d9b0fcb23852cb902 Mon Sep 17 00:00:00 2001 From: cmd-ob Date: Sun, 4 May 2025 19:14:37 +0100 Subject: [PATCH 11/11] fix: lint --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 0c041bfce26..aaf29699c30 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -57,4 +57,4 @@ jobs: -Dsonar.test.inclusions=**/*.test.ts -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info -Dsonar.coverage.exclusions=**/*.test.ts - -Dsonar.coverage.minimum=80 \ No newline at end of file + -Dsonar.coverage.minimum=80