Skip to content

Sonar Source Analysis #2098

Sonar Source Analysis

Sonar Source Analysis #2098

Workflow file for this run

# SPDX-FileCopyrightText: 2025 CERN
# SPDX-License-Identifier: GPL-3.0-or-later
name: Sonar Source Analysis
on:
schedule:
# Every day at 3 am
- cron: '0 3 * * *'
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch:
jobs:
build:
name: Sonar Source Analysis
runs-on: ubuntu-latest
container:
image: almalinux:9
env:
SCHEDULER_TYPE: objectstore
ORACLE_SUPPORT: "TRUE"
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
steps:
- name: Install dependencies
run: |
dnf -y update
dnf -y install epel-release almalinux-release-devel python3-dnf-plugin-versionlock jq
dnf -y --enablerepo=crb install git gcc gcc-c++ cmake3 make rpm-build dnf-utils unzip nodejs ninja-build
- name: Download CTA
uses: actions/checkout@v6
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install Build Wrapper
uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v7
- name: Install CTA dependencies
run: |
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
export CMAKE_OPTIONS
export CTA_VERSION
export CTA_BUILD_ID=${GITHUB_RUN_ID}git${GITHUB_SHA:0:8}
PLATFORM=$(jq -r .dev.defaultPlatform project.json)
cp -f ci/docker/${PLATFORM}/etc/yum.repos.d-public/*.repo /etc/yum.repos.d/
./ci/project-json/generate_versionlock.py --platform ${PLATFORM} > /etc/yum/pluginconf.d/versionlock.list
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
export TAG_VERSION=$(echo ${GITHUB_REF_NAME} | sed -e 's/^.*v//;s/-.*$//')
export TAG_RELEASE=$(echo ${GITHUB_REF_NAME} | sed -e 's/^.*v[^-]*-//')
echo "Exporting TAG_VERSION=${TAG_VERSION} - TAG_RELEASE=${TAG_RELEASE}"
fi
CTA_VERSION=$(echo ${TAG_VERSION} | cut -d. -f1)
if [[ ${SCHEDULER_TYPE} != "objectstore" ]]; then
echo "Using specified scheduler database type $SCHEDULER_TYPE"
sched_opt="-DCTA_USE_$(echo ${SCHEDULER_TYPE} | tr '[:lower:]' '[:upper:]'):Bool=true"
sched_version=$(echo ${SCHEDULER_TYPE} | cut -c 1-3)
CTA_VERSION="${CTA_VERSION}${sched_version}"
CMAKE_OPTIONS+="-DSKIP_UNIT_TESTS:STRING=1 ${sched_opt} "
fi
if [[ ${ORACLE_SUPPORT} == "FALSE" ]]; then
echo "Disabling Oracle Support"
CMAKE_OPTIONS+="-DDISABLE_ORACLE_SUPPORT:BOOL=ON"
fi
git config --global --add safe.directory $(pwd)
git submodule update --init --recursive
mkdir build_srpm
cd build_srpm
echo "CMAKE_OPTIONS=${CMAKE_OPTIONS}" >> "$GITHUB_ENV"
echo "CTA_VERSION=${CTA_VERSION}" >> "$GITHUB_ENV"
echo "CTA_BUILD_ID=${CTA_BUILD_ID}" >> "$GITHUB_ENV"
cmake -DPackageOnly:Bool=true -DVCS_VERSION=${CTA_BUILD_ID} ${CMAKE_OPTIONS} ..
make cta_srpm
- name: Run build-wrapper
run: |
cd xrootd-ssi-protobuf-interface && export XROOTD_SSI_PROTOBUF_INTERFACE_VERSION=$(git describe --tags --abbrev=0) && cd ..
dnf config-manager --set-enabled crb
dnf builddep --nogpgcheck -y build_srpm/RPM/SRPMS/*
mkdir build_rpm
cd build_rpm
cmake -DVCS_VERSION=${CTA_BUILD_ID} ${CMAKE_OPTIONS} ..
build-wrapper-linux-x86-64 --out-dir ../${{ env.BUILD_WRAPPER_OUT_DIR }} make
- name: Run sonar-scanner
uses: SonarSource/sonarqube-scan-action@v7
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
"-Dsonar.branch.name=${{ github.ref_name }}"
"-Dsonar.cfamily.compile-commands=${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"