Asset-Tracker-Template/.github/workflows/sonarcloud.yml at 3ba27229e95cd8087e33ffd5e180df0c62dea6da · nrfconnect/Asset-Tracker-Template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Sonarcloud and Twister Native Sim
on:
  push:
    branches:
      - main
    paths-ignore:
      - ".github/workflows/docs-build-and-publish.yml"
      - "docs/**"
  pull_request:
    paths:
      - '**/*.c'
      - '**/*.h'
      - west.yml
      - '**/CMakelists.txt'
      - '**/Kconfig*'
      - '**/prj.conf'

permissions:
  contents: read

jobs:
  build:
    name: Build and analyze
    runs-on: build_self_hosted
    container: ghcr.io/zephyrproject-rtos/ci:v0.28.7
    env:
      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
      CMAKE_PREFIX_PATH: /opt/toolchains
    steps:
      - uses: actions/checkout@v4
        if: github.event_name == 'pull_request'
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
          path: asset-tracker-template

      - uses: actions/checkout@v4
        if: github.event_name != 'pull_request'
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
          path: asset-tracker-template

      - name: Initialize
        working-directory: asset-tracker-template
        run: |
            if [ ! -d "../.west" ]; then
            west init -l .
            else
            echo ".west folder already exists, skipping west init."
            fi
            west update -o=--depth=1 -n

      - name: Install dependencies
        run: |
            # The Matter IDL is part of requirements-build.txt, but it's not available
            # in pypi so we need to install it from the source code
            MATTER_IDL_PATH=modules/lib/matter/scripts/py_matter_idl
            if [ -d $MATTER_IDL_PATH ]; then
              pip install -e $MATTER_IDL_PATH
            fi
            pip install -r nrf/scripts/requirements-fixed.txt
            apt-get update
            apt install -y curl ruby-full

      - name: Run tests with ASAN, no Sonarcloud and build_wrapper
        working-directory: asset-tracker-template
        run: |
          west twister -T tests/ --enable-coverage --coverage-platform=native_sim -v --inline-logs --integration --enable-asan --enable-lsan --enable-ubsan

      - name: Install Build Wrapper
        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v7.1.0

      - name: Build and test
        working-directory: asset-tracker-template
        run: |
          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} west twister -T tests/ --enable-coverage --coverage-platform=native_sim -v --inline-logs --integration

      - name: Extract coverage into sonarqube xml format
        working-directory: asset-tracker-template
        run: |
          gcovr twister-out -v \
            --merge-mode-functions=separate \
            --filter=".*app/src/.*" \
            --exclude=".*tests/.*" \
            --sonarqube coverage.xml

      - name: Upload Twister Test Results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: twister-results
          path: |
            asset-tracker-template/twister-out/**/*.log
          retention-days: 30

      - name: SonarQube Scan on main
        if: github.event_name != 'pull_request'
        uses: SonarSource/sonarqube-scan-action@v7.1.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          args: |
            --define sonar.cfamily.compile-commands=asset-tracker-template/${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json
            --define sonar.projectKey=nrfconnect-asset-tracker-template
            --define sonar.organization=nrfconnect
            --define sonar.host.url=https://sonarcloud.io
            --define sonar.coverageReportPaths=coverage.xml
            --define sonar.inclusions=app/src/**/*.c,app/src/**/*.h
            --define sonar.exclusions=tests/**/*
          projectBaseDir: asset-tracker-template

      - name: SonarQube Scan on PR
        if: github.event_name == 'pull_request'
        uses: SonarSource/sonarqube-scan-action@v7.1.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          PR_BRANCH: ${{ github.event.pull_request.head.ref }}
          BASE_REF: ${{ github.event.pull_request.base.ref }}
          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
        with:
          args: |
            --define sonar.cfamily.compile-commands=asset-tracker-template/${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json
            --define sonar.projectKey=nrfconnect-asset-tracker-template
            --define sonar.organization=nrfconnect
            --define sonar.host.url=https://sonarcloud.io
            --define sonar.coverageReportPaths=coverage.xml
            --define sonar.inclusions=app/src/**/*.c,app/src/**/*.h
            --define sonar.exclusions=tests/**/*
            --define sonar.scm.revision=${{ env.HEAD_SHA }}
            --define sonar.pullrequest.key=${{ env.PR_NUMBER }}
            --define sonar.pullrequest.branch=${{ env.PR_BRANCH }}
            --define sonar.pullrequest.base=${{ env.BASE_REF }}
          projectBaseDir: asset-tracker-template