From 71a80a77130e88bc426aa06d08d113fe7d8b8b24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 17:12:05 +0200 Subject: [PATCH 01/10] Attempt to fix SonarCloud --- .github/workflows/test-windows.yml | 103 +++++++++++++++++------------ 1 file changed, 60 insertions(+), 43 deletions(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 27797114..07701bef 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -1,50 +1,67 @@ -name: Windows Tests +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarCloud analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# Free for open source project. + +# 1. Login to SonarCloud.io using your GitHub account + +# 2. Import your project on SonarCloud +# * Add your GitHub organization first, then add your repository as a new project. +# * Please note that many languages are eligible for automatic analysis, +# which means that the analysis will start automatically without the need to set up GitHub Actions. +# * This behavior can be changed in Administration > Analysis Method. +# +# 3. Follow the SonarCloud in-product tutorial +# * a. Copy/paste the Project Key and the Organization Key into the args parameter below +# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) +# +# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN +# (On SonarCloud, click on your avatar on top-right > My account > Security +# or go directly to https://sonarcloud.io/account/security/) + +# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) + +name: SonarCloud analysis on: push: - branches: - - main + branches: [ "main" ] pull_request: - types: [opened, synchronize, reopened] + branches: [ "main" ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + jobs: - build: - name: Build - runs-on: windows-latest + Analysis: + runs-on: ubuntu-latest + steps: - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 1.11 - - uses: actions/checkout@v2 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Cache SonarCloud packages - uses: actions/cache@v1 - with: - path: ~\sonar\cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Cache SonarCloud scanner - id: cache-sonar-scanner - uses: actions/cache@v1 - with: - path: .\.sonar\scanner - key: ${{ runner.os }}-sonar-scanner - restore-keys: ${{ runner.os }}-sonar-scanner - - name: Install SonarCloud scanner - if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' - shell: powershell - run: | - New-Item -Path .\.sonar\scanner -ItemType Directory - dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner --version 9.0.0 - - name: Build and analyze + - name: Analyze with SonarCloud + + # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@v2.2.0 + uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - shell: powershell - run: | - cd src - ..\.sonar\scanner\dotnet-sonarscanner begin /k:"SpiceSharp_SpiceSharpParser" /o:"spicesharp" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.verbose=true - dotnet build - dotnet test --blame --no-restore --verbosity normal /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:CoverletOutput=opencover.xml - ..\.sonar\scanner\dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the SonarScanner CLI + args: + # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) + # mandatory + -Dsonar.projectKey= + -Dsonar.organization= + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false + # When you need the analysis to take place in a directory other than the one from which it was launched, default is . + projectBaseDir: . From 60ca2ba09ae5b332f30b3297640ff48df7cf1186 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 17:15:35 +0200 Subject: [PATCH 02/10] Add settings --- .github/workflows/test-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 07701bef..8c38b475 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -55,8 +55,8 @@ jobs: args: # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) # mandatory - -Dsonar.projectKey= - -Dsonar.organization= + -Dsonar.projectKey= SpiceSharp_SpiceSharpParser + -Dsonar.organization= spicesharp # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # Comma-separated paths to directories containing test source files. From 6efa807a4848b27b628c144710e32f928ec6646c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 17:16:58 +0200 Subject: [PATCH 03/10] fix --- .github/workflows/test-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 8c38b475..48aae4bb 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -55,8 +55,8 @@ jobs: args: # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) # mandatory - -Dsonar.projectKey= SpiceSharp_SpiceSharpParser - -Dsonar.organization= spicesharp + -Dsonar.projectKey= "SpiceSharp_SpiceSharpParser" + -Dsonar.organization= "spicesharp" # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # Comma-separated paths to directories containing test source files. From b205863faa0a9479104e425d40d94c26200a7c4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 17:19:05 +0200 Subject: [PATCH 04/10] Fails --- .github/workflows/test-windows.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 48aae4bb..b3ffc195 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -65,3 +65,4 @@ jobs: #-Dsonar.verbose= # optional, default is false # When you need the analysis to take place in a directory other than the one from which it was launched, default is . projectBaseDir: . + From 2a04ea27bea8052ade48079bb4804ef530510796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 17:21:16 +0200 Subject: [PATCH 05/10] fix --- .github/workflows/test-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index b3ffc195..fc4e4fa8 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -55,8 +55,8 @@ jobs: args: # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) # mandatory - -Dsonar.projectKey= "SpiceSharp_SpiceSharpParser" - -Dsonar.organization= "spicesharp" + -Dsonar.projectKey "SpiceSharp_SpiceSharpParser" + -Dsonar.organization "spicesharp" # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # Comma-separated paths to directories containing test source files. From 50d38642250de1a775bf17d6232ba8b7928c53bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 18:04:49 +0200 Subject: [PATCH 06/10] fix --- .github/workflows/test-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index fc4e4fa8..b3ffc195 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -55,8 +55,8 @@ jobs: args: # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) # mandatory - -Dsonar.projectKey "SpiceSharp_SpiceSharpParser" - -Dsonar.organization "spicesharp" + -Dsonar.projectKey= "SpiceSharp_SpiceSharpParser" + -Dsonar.organization= "spicesharp" # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # Comma-separated paths to directories containing test source files. From b966a62c7e96ae3f26484845f53d450b554e5c6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 18:08:14 +0200 Subject: [PATCH 07/10] fix --- .github/workflows/test-windows.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index b3ffc195..caa5a333 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -55,8 +55,7 @@ jobs: args: # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) # mandatory - -Dsonar.projectKey= "SpiceSharp_SpiceSharpParser" - -Dsonar.organization= "spicesharp" + -k "SpiceSharp_SpiceSharpParser" # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # Comma-separated paths to directories containing test source files. From 9d427b3e1ae26747b721e210ba854ba9ba1eac80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 18:11:15 +0200 Subject: [PATCH 08/10] fix --- .github/workflows/test-windows.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index caa5a333..f10da1ee 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -55,7 +55,8 @@ jobs: args: # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) # mandatory - -k "SpiceSharp_SpiceSharpParser" + -Dsonar.projectKey="SpiceSharp_SpiceSharpParser" + -Dsonar.organization="spicesharp" # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # Comma-separated paths to directories containing test source files. From a9e939fc050dce677a4222585460750496a18156 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 18:11:40 +0200 Subject: [PATCH 09/10] Fix --- .github/workflows/test-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index f10da1ee..dcd117ee 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -47,7 +47,7 @@ jobs: # You can pin the exact commit or the version. # uses: SonarSource/sonarcloud-github-action@v2.2.0 - uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 + uses: SonarSource/sonarcloud-github-action@v2.2.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) with: From e7f4a53727a6eb8b2df0297b37f5f87a0e4aadd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Go=C5=82=C4=99biowski?= Date: Sun, 13 Oct 2024 18:15:02 +0200 Subject: [PATCH 10/10] fix --- .github/workflows/test-windows.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index dcd117ee..07683bd8 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -65,4 +65,3 @@ jobs: #-Dsonar.verbose= # optional, default is false # When you need the analysis to take place in a directory other than the one from which it was launched, default is . projectBaseDir: . -