Merge branch 'master' into BUILD-4733 #1069
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update rule coverage | ||
on: | ||
schedule: | ||
- cron: '17 2 * * *' | ||
jobs: | ||
update_coverage: | ||
permissions: | ||
id-token: write | ||
runs-on: ubuntu-latest | ||
env: | ||
TMP_BRANCH: temporary/coverage_update | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
persist-credentials: true | ||
ref: master | ||
path: 'rspec' | ||
token: ${{ secrets.COVERAGE_GITHUB_TOKEN }} | ||
- uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.9' | ||
- name: 'Install Pipenv' | ||
run: pip install pipenv | ||
- name: 'Install coverage script dependencies' | ||
working-directory: 'rspec/rspec-tools' | ||
run: | | ||
pipenv --python python3.9 install | ||
- name: 'Regenerate coverage information' | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.COVERAGE_GITHUB_TOKEN }} | ||
id: gen-coverage | ||
working-directory: 'rspec/rspec-tools' | ||
run: | | ||
pipenv run rspec-tools update-coverage --rulesdir ../rules | ||
mv ./covered_rules.json ../frontend/public/covered_rules.json | ||
if git diff --exit-code ../frontend/public/covered_rules.json; then | ||
echo "new_coverage=false" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "new_coverage=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: 'Cancel if coverage did not change' | ||
if: steps.gen-coverage.outputs.new_coverage != 'true' | ||
uses: andymckay/[email protected] | ||
- name: 'Push the updated coverage file to a new branch' | ||
id: create-temp-branch | ||
if: steps.gen-coverage.outputs.new_coverage == 'true' | ||
working-directory: 'rspec' | ||
run: | | ||
git config --global user.name "SonarTech" | ||
git config --global user.email "[email protected]" | ||
git checkout -b $TMP_BRANCH | ||
git add frontend/public/covered_rules.json | ||
git commit -m "update coverage information" | ||
git push --force-with-lease origin $TMP_BRANCH | ||
- name: 'Wait for CI to succeed' | ||
if: steps.gen-coverage.outputs.new_coverage == 'true' | ||
uses: fountainhead/[email protected] | ||
id: wait-for-build | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
checkName: all_required_checks | ||
ref: ${{ env.TMP_BRANCH }} | ||
timeoutSeconds: 2400 | ||
intervalSeconds: 30 | ||
- name: 'Push the updated coverage to master' | ||
if: | | ||
steps.gen-coverage.outputs.new_coverage == 'true' && | ||
steps.wait-for-build.outputs.conclusion == 'success' | ||
working-directory: 'rspec' | ||
run: | | ||
git checkout master | ||
git merge $TMP_BRANCH | ||
git push origin master | ||
- name: 'Delete the temporary branch' | ||
if: always() && steps.create-temp-branch.conclusion == 'success' | ||
uses: dawidd6/action-delete-branch@v3 | ||
with: | ||
github_token: ${{ secrets.GITHUB_TOKEN}} | ||
branches: ${{ env.TMP_BRANCH}} | ||
- name: 'Fail if the change breaks CI' | ||
if: | | ||
steps.gen-coverage.outputs.new_coverage == 'true' && | ||
steps.wait-for-build.outputs.conclusion != 'success' | ||
run: exit 1 | ||
- name: get secrets | ||
id: secrets | ||
uses: SonarSource/vault-action-wrapper@3996073b47b49ac5c58c750d27ab4edf469401c8 # 3.0.1 | ||
with: | ||
secrets: | | ||
development/kv/data/slack token | slack_token; | ||
- name: 'Notify on slack about the failure' | ||
if: ${{ failure() }} | ||
env: | ||
SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }} | ||
working-directory: 'rspec/rspec-tools' | ||
run: | | ||
pipenv run rspec-tools notify-failure-on-slack \ | ||
--message "ERROR: failed to update rule coverage. See https://github.com/SonarSource/rspec/actions/runs/$GITHUB_RUN_ID" \ | ||
--channel team-analysis-rspec |