ci-github-actions/.github/workflows/test-shell-scripts.yml at master · SonarSource/ci-github-actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
name: Test Shell Scripts
on:
  pull_request:
  merge_group:
  push:
    branches:
      - master
      - branch-*
  workflow_dispatch:

jobs:
  test-shell-scripts:
    runs-on: github-ubuntu-latest-s
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
        with:
          fetch-depth: 0
      - uses: ./config-npm
      - uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3
        with:
          version: 2026.3.7
      - name: Run ShellSpec tests
        # FIXME BUILD-8337: improve setup of kcov
        run: |
          curl -L -O https://archive.ubuntu.com/ubuntu/pool/universe/k/kcov/kcov_38+dfsg-1_amd64.deb
          sudo dpkg -i --path-exclude=/usr/share/doc/* --path-exclude=/usr/share/man/* kcov_38+dfsg-1_amd64.deb
          rm kcov_38+dfsg-1_amd64.deb

          ./run_shell_tests.sh
      - name: Vault
        id: secrets
        uses: SonarSource/vault-action-wrapper@c154b4a417b51cb98dd71137f49bf20e77c56820 # 3.4.0
        with:
          secrets: |
            development/kv/data/sonarcloud url | SONAR_URL;
            development/kv/data/sonarcloud token | SONAR_TOKEN;
      - name: Sonar Analysis
        if: steps.secrets.outcome == 'success'
        # FIXME BUILD-8337: improve usage of sonar-scanner-cli
        env:
          SONAR_URL: ${{ steps.secrets.outputs.vault && fromJSON(steps.secrets.outputs.vault).SONAR_URL || '' }}
          SONAR_TOKEN: ${{ steps.secrets.outputs.vault && fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN || '' }}
          SONAR_SCANNER_CLI_VERSION: 6.1.0.4477
        run: |
          SCANNER_ZIP="sonar-scanner-cli-${SONAR_SCANNER_CLI_VERSION}-linux-x64.zip"
          curl -L -O "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/$SCANNER_ZIP"
          unzip "sonar-scanner-cli-${SONAR_SCANNER_CLI_VERSION}-linux-x64.zip"
          mv "sonar-scanner-${SONAR_SCANNER_CLI_VERSION}-linux-x64" sonar-scanner-cli
          chmod +x sonar-scanner-cli/bin/sonar-scanner

          echo "DEBUG: GITHUB_ACTION_PATH=${GITHUB_ACTION_PATH}"
          echo "DEBUG: PWD=$(pwd)"
          mkdir coverage/coverage_data
          sed "s,/${GITHUB_ACTION_PATH}/,/,g" coverage/sonarqube.xml > coverage/coverage_data/sonar_coverage.xml
          ./sonar-scanner-cli/bin/sonar-scanner -X -Dsonar.host.url="${SONAR_URL}" -Dsonar.token="${SONAR_TOKEN}"