Skip to content

Commit

Permalink
SC-6130,SC-6137 Automatic PR creation and save expected URL and SHA i…
Browse files Browse the repository at this point in the history 
…n repository
  • Loading branch information
@tomasz-kaminski-sonarsource
tomasz-kaminski-sonarsource authored Nov 18, 2022
1 parent 5ad6792 commit 7c53cdf
Show file tree
Hide file tree
Showing 7 changed files with 160 additions and 43 deletions.
99 changes: 66 additions & 33 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,16 @@ jobs:
setup-script-test:
name: configure_paths.sh script test
runs-on: ubuntu-latest
env:
INSTALL_PATH: 'install-directory'
SONAR_HOST_URL: 'http://sonar-host.com'
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM'
SONAR_SCANNER_URL_WINDOWS: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-windows.zip'
SONAR_SCANNER_SHA_WINDOWS: 'DOWNLOAD-SHA-WINDOWS'
SONAR_SCANNER_URL_LINUX: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux.zip'
SONAR_SCANNER_SHA_LINUX: 'DOWNLOAD-SHA-LINUX'
SONAR_SCANNER_URL_MACOSX: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx.zip'
SONAR_SCANNER_SHA_MACOSX: 'DOWNLOAD-SHA-MACOSX'
steps:
- uses: actions/checkout@v3
with:
Expand All @@ -117,16 +127,14 @@ jobs:
shell: bash
env:
OS: 'Windows'
ARCH: 'X64'
INSTALL_PATH: 'install-directory'
SONAR_HOST_URL: 'http://sonar-host.com'
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM'
ARCH: 'X64'
run: |
./scripts/configure_paths.sh > output
grep -v "::error::" output
echo "- Check sonar-scanner:"
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-windows.zip" output
grep "sonar-scanner-sha=DOWNLOAD-SHA-WINDOWS" output
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-windows" output
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-windows/bin/sonar-scanner.bat" output
Expand All @@ -139,16 +147,14 @@ jobs:
shell: bash
env:
OS: 'Linux'
ARCH: 'X64'
INSTALL_PATH: 'install-directory'
SONAR_HOST_URL: 'http://sonar-host.com'
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM'
ARCH: 'X64'
run: |
./scripts/configure_paths.sh > output
grep -v "::error::" output
echo "- Check sonar-scanner:"
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux.zip" output
grep "sonar-scanner-sha=DOWNLOAD-SHA-LINUX" output
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux" output
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux/bin/sonar-scanner" output
Expand All @@ -161,16 +167,14 @@ jobs:
shell: bash
env:
OS: 'macOS'
ARCH: 'X64'
INSTALL_PATH: 'install-directory'
SONAR_HOST_URL: 'http://sonar-host.com'
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM'
ARCH: 'X64'
run: |
./scripts/configure_paths.sh > output
grep -v "::error::" output
echo "- Check sonar-scanner:"
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx.zip" output
grep "sonar-scanner-sha=DOWNLOAD-SHA-MACOSX" output
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx" output
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx/bin/sonar-scanner" output
Expand All @@ -183,10 +187,7 @@ jobs:
shell: bash
env:
OS: 'unsupportedOS'
ARCH: 'X64'
INSTALL_PATH: 'install-directory'
SONAR_HOST_URL: 'http://sonar-host.com'
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM'
ARCH: 'X64'
run: |
(./scripts/configure_paths.sh || echo "=== Script failed ===") > output
Expand All @@ -198,10 +199,7 @@ jobs:
shell: bash
env:
OS: 'Linux'
ARCH: 'X86'
INSTALL_PATH: 'install-directory'
SONAR_HOST_URL: 'http://sonar-host.com'
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM'
ARCH: 'X86'
run: |
(./scripts/configure_paths.sh || echo "=== Script failed ===") > output
Expand All @@ -221,29 +219,24 @@ jobs:
- name: Download test without validation
shell: bash
env:
INSTALL_PATH: 'install-directory'
INSTALL_PATH: 'install-directory-no-sha-validation'
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'
SHA_DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip.sha256'
EXPECTED_SHA: 'incorrect-sha-not-validated'
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip
run: |
./scripts/download.sh > output
test -f "$TMP_ZIP_PATH"
if [ -f "$TMP_ZIP_PATH.sha256" ]; then
echo "$TMP_ZIP_PATH.sha256 shouldn't exist"
exit 1
fi
grep -v "::error::" output
- name: Download test with validation
shell: bash
env:
INSTALL_PATH: 'install-directory-sha-validation'
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'
SHA_DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip.sha256'
EXPECTED_SHA: '9411331814c1d002bd65d37758b872918b7602e7cf3ca5b83a3e19a729b2be05'
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip
run: |
./scripts/download.sh -v > output
test -f "$TMP_ZIP_PATH"
test -f "$TMP_ZIP_PATH".sha256
grep -v "::error::" output
- name: Incorrect install dir
shell: bash
Expand All @@ -256,23 +249,63 @@ jobs:
- name: Incorrect download url
shell: bash
env:
INSTALL_PATH: 'install-directory'
INSTALL_PATH: 'install-directory-incorrect-url'
DOWNLOAD_URL: 'incorrect-url'
run: |
(./scripts/download.sh || echo "=== Script failed ===") > output
grep "::error::Failed to download 'incorrect-url'" output
grep "=== Script failed ===" output
- name: Incorrect SHA256 url
- name: Incorrect SHA256
shell: bash
env:
INSTALL_PATH: 'install-directory'
INSTALL_PATH: 'install-directory-incorrect-sha'
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'
SHA_DOWNLOAD_URL: incorrect-sha256-url
EXPECTED_SHA: 'incorrect-sha256'
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip
run: |
(./scripts/download.sh -v || echo "=== Script failed ===") > output
grep "::error::Failed to download 'incorrect-sha256-url'" output
grep "::error::Checking sha256 failed" output
grep "=== Script failed ===" output
- name: Mismatching SHA256
shell: bash
env:
INSTALL_PATH: 'install-directory-mismtaching-sha'
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'
EXPECTED_SHA: '3e121d85a4adb1f30b917d5f3eb897966b59e02c3d6d313a78dcd964193dc963'
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip
run: |
(./scripts/download.sh -v || echo "=== Script failed ===") > output
grep "::error::Checking sha256 failed" output
grep "=== Script failed ===" output
fetch-latest-version-test:
name: fetch_latest_version.sh script test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Test script
shell: bash
run: |
./scripts/fetch_latest_version.sh > output
echo "- Check sonar-scanner version:"
grep "sonar-scanner-version=" output
SONAR_SCANNER_VERSION=$(cat output | cut -d= -f 2)
test ! -z "${SONAR_SCANNER_VERSION}"
echo "- Check windows sonar-scanner URLs:"
grep "sonar-scanner-url-windows=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-windows.zip" output
grep -e "^sonar-scanner-sha-windows=[0-9A-Fa-f]\+$" output
echo "- Check linux sonar-scanner URLs:"
grep "sonar-scanner-url-linux=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" output
grep -e "^sonar-scanner-sha-linux=[0-9A-Fa-f]\+$" output
echo "- Check macosx sonar-scanner URLs:"
grep "sonar-scanner-url-macosx=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-macosx.zip" output
grep -e "^sonar-scanner-sha-macosx=[0-9A-Fa-f]\+$" output
output-test:
name: Test action outputs
Expand Down
50 changes: 50 additions & 0 deletions .github/workflows/version_update.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: sonar-scanner version check
on:
schedule:
- cron: '15 10 * * *'

jobs:
update-version:
name: Prepare pull request for sonar-scanner version update
runs-on: ubuntu-latest
steps:
- run: sudo apt install -y jq

- uses: actions/checkout@v3
with:
ref: main
persist-credentials: true
fetch-depth: 0

- name: "Fetch currently used sonar-scanner version"
id: tagged-version
shell: bash
run: cat sonar-scanner-version >> $GITHUB_OUTPUT

- name: "Fetch lastest sonar-scanner version"
id: latest-version
shell: bash
run: |
./scripts/fetch_latest_version.sh > sonar-scanner-version
cat sonar-scanner-version >> $GITHUB_OUTPUT
- name: "Create Pull Request for version update"
if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
shell: bash
env:
UPDATE_BRANCH: update-to-sonar-scanner-${{ steps.latest-version.outputs.sonar-scanner-version }}
TITLE: "Update sonar-scanner-version to ${{ steps.latest-version.outputs.sonar-scanner-version }}"
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config --global user.name "SonarTech"
git config --global user.email "[email protected]"
git checkout -b ${UPDATE_BRANCH}
git add sonar-scanner-version
git commit -m "${TITLE}"
git push --force-with-lease origin ${UPDATE_BRANCH}
gh pr list
if [[ $(gh pr list -H "${UPDATE_BRANCH}" | grep "${UPDATE_BRANCH}" | wc -l) -eq 0 ]]; then
gh pr create -B main -H ${UPDATE_BRANCH} --title "${TITLE}" --body "Automatic updated of sonar-scanner version value. Needs to be tagged for release."
fi
10 changes: 8 additions & 2 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ runs:
- name: Set version of sonar-scanner
id: sonar-scanner-version
shell: bash
run: echo "sonar-scanner-version=4.7.0.2747" >> $GITHUB_OUTPUT
run: cat ${GITHUB_ACTION_PATH}/sonar-scanner-version >> $GITHUB_OUTPUT

- name: Configure paths
id: configure_paths
Expand All @@ -50,6 +50,12 @@ runs:
INSTALL_PATH: ${{ inputs.installation-path }}
SONAR_HOST_URL: 'https://sonarcloud.io'
SONAR_SCANNER_VERSION: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-version }}
SONAR_SCANNER_URL_WINDOWS: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-windows }}
SONAR_SCANNER_SHA_WINDOWS: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-windows }}
SONAR_SCANNER_URL_LINUX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-linux }}
SONAR_SCANNER_SHA_LINUX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-linux }}
SONAR_SCANNER_URL_MACOSX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-url-macosx }}
SONAR_SCANNER_SHA_MACOSX: ${{ steps.sonar-scanner-version.outputs.sonar-scanner-sha-macosx }}
run: ${GITHUB_ACTION_PATH}/scripts/configure_paths.sh >> $GITHUB_OUTPUT

- name: Cache sonar-scanner installation
Expand All @@ -68,7 +74,7 @@ runs:
shell: bash
env:
DOWNLOAD_URL: ${{ steps.configure_paths.outputs.sonar-scanner-url }}
SHA_DOWNLOAD_URL: ${{ steps.configure_paths.outputs.sonar-scanner-url }}.sha256
EXPECTED_SHA: ${{ steps.configure_paths.outputs.sonar-scanner-sha }}
INSTALL_PATH: ${{ inputs.installation-path }}
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip
run: ${GITHUB_ACTION_PATH}/scripts/download.sh -v
Expand Down
11 changes: 10 additions & 1 deletion scripts/configure_paths.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,36 @@ case ${OS} in
BUILD_WRAPPER_SUFFIX="win-x86"
SONAR_SCANNER_NAME="sonar-scanner.bat"
BUILD_WRAPPER_NAME="build-wrapper-win-x86-64.exe"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_WINDOWS}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_WINDOWS}"
;;
Linux)
SONAR_SCANNER_SUFFIX="linux"
BUILD_WRAPPER_SUFFIX="linux-x86"
SONAR_SCANNER_NAME="sonar-scanner"
BUILD_WRAPPER_NAME="build-wrapper-linux-x86-64"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_LINUX}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_LINUX}"
;;
macOS)
SONAR_SCANNER_SUFFIX="macosx"
BUILD_WRAPPER_SUFFIX="macosx-x86"
SONAR_SCANNER_NAME="sonar-scanner"
BUILD_WRAPPER_NAME="build-wrapper-macosx-x86"
SONAR_SCANNER_URL="${SONAR_SCANNER_URL_MACOSX}"
SONAR_SCANNER_SHA="${SONAR_SCANNER_SHA_MACOSX}"
;;
*)
echo "::error::Unsupported runner OS '${OS}'"
exit 1
;;
esac


echo "sonar-scanner-url=${SONAR_SCANNER_URL}"
echo "sonar-scanner-sha=${SONAR_SCANNER_SHA}"

SONAR_SCANNER_DIR="${INSTALL_PATH}/sonar-scanner-${SONAR_SCANNER_VERSION}-${SONAR_SCANNER_SUFFIX}"
echo "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-${SONAR_SCANNER_SUFFIX}.zip"
echo "sonar-scanner-dir=${SONAR_SCANNER_DIR}"
echo "sonar-scanner-bin=${SONAR_SCANNER_DIR}/bin/${SONAR_SCANNER_NAME}"

Expand Down
8 changes: 1 addition & 7 deletions scripts/download.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,7 @@ parse_arguments() {
}

verify_download_correctness() {
echo "Checking download correctness with '$SHA_DOWNLOAD_URL'"
curl -sSLo "${TMP_ZIP_PATH}.sha256" "${SHA_DOWNLOAD_URL}"
check_status "Failed to download '$SHA_DOWNLOAD_URL'"

echo " ${TMP_ZIP_PATH}" >>${TMP_ZIP_PATH}.sha256

sha256sum -c ${TMP_ZIP_PATH}.sha256
echo "${EXPECTED_SHA} ${TMP_ZIP_PATH}" | sha256sum -c
check_status "Checking sha256 failed"
}

Expand Down
18 changes: 18 additions & 0 deletions scripts/fetch_latest_version.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash

source "$(dirname -- "$0")/utils.sh"

SONAR_SCANNER_VERSION=$(curl -sSL -H "Accept: application/vnd.github+json" \
https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | jq -r '.tag_name')
check_status "Failed to fetch latest sonar-scanner version from GitHub API"

echo "sonar-scanner-version=${SONAR_SCANNER_VERSION}"

for OS in windows linux macosx; do
SONAR_SCANNER_URL="https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-${OS}.zip"
SONAR_SCANNER_SHA=$(curl -sSL "${SONAR_SCANNER_URL}.sha256")
check_status "Failed to download ${OS} sonar-scanner checksum from '${SONAR_SCANNER_URL}'"

echo "sonar-scanner-url-${OS}=${SONAR_SCANNER_URL}"
echo "sonar-scanner-sha-${OS}=${SONAR_SCANNER_SHA}"
done
7 changes: 7 additions & 0 deletions sonar-scanner-version
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
sonar-scanner-version=4.7.0.2747
sonar-scanner-url-windows=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-windows.zip
sonar-scanner-sha-windows=9e9e425b2c9123622436a5004c5b6cf833800bd0ec717c3bd5ea506efc0f998e
sonar-scanner-url-linux=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
sonar-scanner-sha-linux=3e121d85a4adb1f30b917d5f3eb897966b59e02c3d6d313a78dcd964193dc963
sonar-scanner-url-macosx=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-macosx.zip
sonar-scanner-sha-macosx=977a70d360b9eaea89c965edfb29eb661dbc9fcc6c0e40037809f089f9a91339

0 comments on commit 7c53cdf

Please sign in to comment.