wip(workflows): Fix on_pull_request workflow

Resolves: DCMAW-8361 Co-authored-by: Aamir <[email protected]>
govuk-one-login · Apr 22, 2024 · 07a5a69 · 07a5a69
1 parent 976912f
commit 07a5a69
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 2 deletions.
diff --git a/.github/workflows/on_pull_request.yml b/.github/workflows/on_pull_request.yml
@@ -49,7 +49,7 @@ jobs:
 
       - name: Lint script files
         run: |
-          ./.sh/lintProject "" "runOwaspDependencyChecker"
+          ./.sh/lintProject.sh "" "runOwaspDependencyChecker"
         shell: bash
 
       - name: Run gradle testing suite
@@ -61,7 +61,7 @@ jobs:
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
-          ./.sh/uploadToSonar "PR" ${{ github.head_ref || github.ref_name }} ${{ github.event.number }}
+          ./.sh/uploadToSonar.sh "PR" ${{ github.head_ref || github.ref_name }} ${{ github.event.number }}
         shell: bash
 
       - name: Bundle reports folder

diff --git a/.sh/uploadToSonar.sh b/.sh/uploadToSonar.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+# Exit immediately if a simple command exits with a non-zero status
+# see also: the 'set' command within the 'Shell Builtin Commands' section of `man bash`
+set -o errexit
+
+# Expects there to be a value for the environment variable `SONAR_TOKEN`.
+# If this isn't set, add it as a prefix before you locally use this script.
+# e.g.: `SONAR_TOKEN=1234_abcd ./.sh/uploadToSonar 12 "feature/someBranchName"`
+
+# Applicable values:
+# "PR"     - Performs a Pull Request analysis, then uploads to sonar cloud. Also requires values to
+#            be set for BRANCH_NAME and PR_NUMBER.
+# "BRANCH" - Performs a Branch analysis, then uploads to sonar cloud. Also requires a value to be
+#            set for BRANCH_NAME.
+# "LOCAL"  - Performs an analysis, then uploads to a local instance of sonarqube. Expects sonarqube
+#            to be accessible at http://localhost:9000. No other properties are required.
+# All other values, including case differences, won't perform a scan for sonar.
+ANALYSIS_TYPE="${1}"
+
+# The name of the target branch being scanned for sonar. Not required for "LOCAL" scans.
+BRANCH_NAME="${2}"
+
+# The GitHub PR number for the branch getting merged in. Only required for "PR" scans.
+PR_NUMBER="${3}"
+
+if [[ "${ANALYSIS_TYPE}" == "PR" ]]
+then
+ # PR analysis
+ ./gradlew sonar \
+   -Dsonar.host.url=https://sonarcloud.io/ \
+   -Dsonar.token="${SONAR_TOKEN}" \
+   -Dsonar.pullrequest.key="${PR_NUMBER}" \
+   -Dsonar.pullrequest.branch="${BRANCH_NAME}" \
+   -Dsonar.pullrequest.base=main
+
+elif [[ "${ANALYSIS_TYPE}" == "BRANCH" ]]
+then
+  # Branch analysis
+  ./gradlew sonar \
+    -Dsonar.host.url=https://sonarcloud.io/ \
+    -Dsonar.token="${SONAR_TOKEN}" \
+    -Dsonar.branch.name="${BRANCH_NAME}"
+
+elif [[ "${ANALYSIS_TYPE}" == "LOCAL" ]]
+then
+  ./gradlew sonar \
+    -Dsonar.host.url=http://localhost:9000 \
+    -Dsonar.token="${SONAR_TOKEN}"
+
+fi
+
+
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -9,6 +9,7 @@ kotlin-android = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin-ge
 ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint-gradle" }
 shellcheck = { id = "com.felipefzdz.gradle.shellcheck", version.ref = "shellcheck-gradle" }
 dependency-check = { id = "org.owasp.dependencycheck", version.ref = "dependency-check-gradle" }
+sonarqube = { id = "org.sonarqube", version.ref = "sonarqube-gradle" }
 
 [versions]
 
@@ -23,6 +24,7 @@ androidx-test-runner = "1.5.2" # https://developer.android.com/jetpack/androidx/
 junit4 = "4.13.2" # https://github.com/junit-team/junit4/releases
 shellcheck-gradle = "1.4.6" # https://github.com/felipefzdz/gradle-shellcheck-plugin
 dependency-check-gradle = "8.4.0" # https://github.com/dependency-check/dependency-check-gradle/releases
+sonarqube-gradle = "4.3.0.3225" # https://github.com/SonarSource/sonar-scanner-gradle/releases
 
 [libraries]
 
@@ -36,3 +38,4 @@ androidx-test-orchestrator = { module = "androidx.test:orchestrator", version.re
 androidx-test-runner = { module = "androidx.test:runner", version.ref = "androidx-test-runner" }
 junit = { group = "junit", name = "junit", version.ref = "junit4" }
 dependencycheck = { module = "org.owasp:dependency-check-gradle", version.ref = "dependency-check-gradle" }
+sonarqube-gradle = { module = "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin", version.ref = "sonarqube-gradle" }