sonar-scanner-python/.github/workflows/build.yml at d4ce810e2b8d2f4ed701ec3e596d374f3ae4d091 · SonarSource/sonar-scanner-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
name: Build
on:
  push:
    branches: [master, branch-*, dogfood-*]
  pull_request:
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  build:
    name: "Build"
    runs-on: github-ubuntu-latest-s
    outputs:
      build-number: ${{ steps.build-poetry.outputs.BUILD_NUMBER }}
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install mise and tools
        uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
      - name: Build the scanner
        uses: SonarSource/ci-github-actions/build-poetry@v1
        id: build-poetry
        with:
          sonar-platform: none
          artifactory-reader-role: private-reader
          artifactory-deployer-role: qa-deployer
          deploy-pull-request: true

  install_deps:
    name: "Install and Cache Poetry Dependencies"
    runs-on: github-ubuntu-latest-s
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Configure poetry
        uses: ./.github/actions/config-poetry # We use this job to cache the poetry depend
      - run: |
          poetry install

  formatting:
    name: "Formatting and Licenses headers"
    needs: [install_deps]
    runs-on: github-ubuntu-latest-s
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Configure poetry
        uses: ./.github/actions/config-poetry
      - run: |
          poetry run black src/ tests/ --check
          poetry run licenseheaders -t license_header.tmpl -o "SonarSource Sàrl" -y 2011-2026 -n "Sonar Scanner Python" -E .py -d src/
          poetry run licenseheaders -t license_header.tmpl -o "SonarSource Sàrl" -y 2011-2026 -n "Sonar Scanner Python" -E .py -d tests/
          git diff --name-only --exit-code ./src ./tests

  documentation:
    name: "CLI Documentation"
    runs-on: github-ubuntu-latest-s
    needs: [install_deps]
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install mise and tools
        uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
      - name: Check for incorrect documentation
        run: |
          poetry run python tools/generate_cli_documentation.py
          git diff --exit-code CLI_ARGS.md

  coverage:
    name: "Coverage report generation"
    runs-on: github-ubuntu-latest-s
    needs: [install_deps]
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Configure poetry
        uses: ./.github/actions/config-poetry
      - run: |
          poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
          poetry run mypy src/ > mypy-report.txt || true
      - name: Upload coverage artifacts
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: coverage-reports
          path: |
            coverage.xml
            mypy-report.txt

  analysis:
    name: "NEXT Analysis"
    runs-on: github-ubuntu-latest-s
    needs: [coverage]
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Download coverage artifacts
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: coverage-reports
      - name: Install mise and tools
        uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
      - name: Analysis the project on next
        uses: SonarSource/ci-github-actions/build-poetry@v1
        with:
          sonar-platform: next
          artifactory-reader-role: private-reader
          artifactory-deployer-role: qa-deployer

  qa:
    name: "Test Python ${{ matrix.python-version }}"
    runs-on: github-ubuntu-latest-s
    needs: [install_deps]
    permissions:
      id-token: write
      contents: write
    strategy:
      fail-fast: false
      matrix:
        python-version:
          ["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2", "3.14.0"]
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Configure poetry
        uses: ./.github/actions/config-poetry
        with:
          python-version: ${{ matrix.python-version }}
      - name: Execute the test suite
        run: |
          poetry run pytest tests/

  qa-windows:
    name: "Test Windows"
    runs-on: github-windows-latest-s
    needs: [install_deps]
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Configure poetry for Windows
        uses: ./.github/actions/config-poetry
      - name: Execute the test suite
        run: |
          poetry run pytest tests/

  its:
    name: "Integration Tests"
    runs-on: github-ubuntu-latest-s
    permissions:
      id-token: write
      contents: write
    env:
      SONARQUBE_VERSION: 25.3.0.104237
      SKIP_DOCKER: true
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Cache SonarQube
        uses: SonarSource/gh-action_cache@v1
        id: sonarqube-cache
        with:
          path: sonarqube_cache/
          key: sonarqube-${{ env.SONARQUBE_VERSION }}
          restore-keys: sonarqube-
      - name: Download SonarQube
        if: ${{ !steps.sonarqube-cache.outputs.cache-hit }}
        run: |
          mkdir -p sonarqube_cache
          if [ ! -f sonarqube_cache/sonarqube.zip ]; then
            wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip
          fi
      - name: Configure poetry
        uses: ./.github/actions/config-poetry
      - name: Execute the integration tests
        run: ./.github/scripts/run_its.sh

  promote:
    name: "Promote"
    needs:
      [
        build,
        formatting,
        documentation,
        coverage,
        analysis,
        qa,
        qa-windows,
        its,
      ]
    runs-on: github-ubuntu-latest-s
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Promote
        uses: SonarSource/ci-github-actions/promote@v1
        with:
          promote-pull-request: true
          build-name: sonar-scanner-python
        env:
          BUILD_NUMBER: ${{ needs.build.outputs.build-number }}