Update rule coverage #1308
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update rule coverage | |
on: | |
schedule: | |
- cron: '17 2 * * *' | |
workflow_dispatch: # When manually triggered from a non-default branch, the results will not be pushed | |
jobs: | |
update_coverage: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write # required by SonarSource/vault-action-wrapper | |
contents: write | |
checks: read # required by fountainhead/action-wait-for-check | |
actions: write # required by andymckay/cancel-action | |
env: | |
TMP_BRANCH: temporary/coverage_update | |
steps: | |
- name: 'get secrets' | |
id: secrets | |
uses: SonarSource/vault-action-wrapper@v3 | |
with: | |
secrets: | | |
development/github/token/SonarSource-rspec-coverage token | coverage_github_token; | |
development/kv/data/slack token | slack_token; | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: true | |
fetch-depth: 0 | |
path: 'rspec' | |
token: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }} | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.9' | |
- name: 'Install Pipenv' | |
run: pip install pipenv | |
- name: 'Install coverage script dependencies' | |
working-directory: 'rspec/rspec-tools' | |
run: | | |
pipenv --python python3.9 install | |
- name: 'Regenerate coverage information' | |
env: | |
GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }} | |
id: gen-coverage | |
working-directory: 'rspec/rspec-tools' | |
run: | | |
pipenv run rspec-tools update-coverage --rulesdir ../rules | |
mv ./covered_rules.json ../frontend/public/covered_rules.json | |
mv ./rule_product_mapping.json ../frontend/public/rule_product_mapping.json | |
if git diff --exit-code ../frontend/public/covered_rules.json ../frontend/public/rule_product_mapping.json ; then | |
echo "new_coverage=false" >> "$GITHUB_OUTPUT" | |
else | |
echo "new_coverage=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: 'Cancel if coverage did not change' | |
if: steps.gen-coverage.outputs.new_coverage != 'true' | |
uses: andymckay/[email protected] | |
- name: 'Push the updated coverage file to a new branch' | |
id: create-temp-branch | |
if: steps.gen-coverage.outputs.new_coverage == 'true' | |
working-directory: 'rspec' | |
run: | | |
git config --global user.name "SonarTech" | |
git config --global user.email "[email protected]" | |
git checkout -b $TMP_BRANCH | |
git add frontend/public/covered_rules.json frontend/public/rule_product_mapping.json | |
git commit -m "update coverage information" | |
git push --force-with-lease origin $TMP_BRANCH | |
- name: 'Wait for CI to succeed' | |
if: steps.gen-coverage.outputs.new_coverage == 'true' | |
uses: fountainhead/[email protected] | |
id: wait-for-build | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
checkName: all_required_checks | |
ref: ${{ env.TMP_BRANCH }} | |
timeoutSeconds: 2400 | |
intervalSeconds: 30 | |
- name: 'Push the updated coverage to master' | |
if: | | |
steps.gen-coverage.outputs.new_coverage == 'true' && | |
steps.wait-for-build.outputs.conclusion == 'success' && | |
(github.event_name != 'workflow_dispatch' || github.ref == format('refs/heads/{0}', github.event.repository.default_branch)) | |
working-directory: 'rspec' | |
run: | | |
git checkout master | |
git merge $TMP_BRANCH | |
git push origin master | |
- name: 'Delete the temporary branch' | |
if: always() && steps.create-temp-branch.conclusion == 'success' | |
uses: dawidd6/action-delete-branch@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branches: ${{ env.TMP_BRANCH}} | |
- name: 'Fail if the change breaks CI' | |
if: | | |
steps.gen-coverage.outputs.new_coverage == 'true' && | |
steps.wait-for-build.outputs.conclusion != 'success' | |
run: exit 1 | |
- name: 'Notify on slack about the failure' | |
if: ${{ failure() }} | |
env: | |
SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }} | |
working-directory: 'rspec/rspec-tools' | |
run: | | |
pipenv run rspec-tools notify-failure-on-slack \ | |
--message "ERROR: failed to update rule coverage. See https://github.com/SonarSource/rspec/actions/runs/$GITHUB_RUN_ID" \ | |
--channel team-analysis-rspec |