Test split poetry install action

joke1196 · joke1196 · commit 394994ab9bc8 · 2025-10-21T16:33:26.000+02:00
diff --git a/.github/actions/config-poetry/action.yml b/.github/actions/config-poetry/action.yml
@@ -0,0 +1,53 @@
+---
+name: Configure Poetry
+description: GitHub Action to configure a poetry project
+
+outputs:
+  project-version:
+    description: The project version from pyproject.toml with BUILD_NUMBER
+    value: ${{ steps.build.outputs.project-version }}
+  BUILD_NUMBER:
+    description: The build number, incremented or reused if already cached
+    value: ${{ steps.get_build_number.outputs.BUILD_NUMBER }}
+
+runs:
+  using: composite
+  steps:
+    - name: Set build parameters
+      shell: bash
+      env:
+        ARTIFACTORY_READER_ROLE: private-reader
+      run: |
+        echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV"
+    - uses: SonarSource/ci-github-actions/get-build-number@v1
+      id: get_build_number
+    - name: Cache local Poetry cache
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+      with:
+        path: ${{ github.workspace }}/.cache/pypoetry
+        key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
+        restore-keys: poetry-${{ runner.os }}-
+    - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
+      with:
+        version: 2025.7.12
+        install_args: "jfrog-cli@2.77.0 poetry@2.2.1"
+    - name: Vault
+      # yamllint disable rule:line-length
+      id: secrets
+      uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0
+      with:
+        secrets: |
+          development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN;
+      # yamllint enable rule:line-length
+    - name: Config Poetry
+      id: config
+      shell: bash
+      env:
+        ARTIFACTORY_URL: https://repox.jfrog.io/artifactory
+        ARTIFACTORY_PYPI_REPO: sonarsource-pypi
+        ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
+      run: |
+        mise use -g poetry@2.2.1
+        mise use -g jfrog-cli@2.77.0
+        ${GITHUB_ACTION_PATH}/config-poetry.sh
+
diff --git a/.github/actions/config-poetry/config-poetry.sh b/.github/actions/config-poetry/config-poetry.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Config script for SonarSource Poetry projects.
+
+set -euo pipefail
+
+: "${ARTIFACTORY_URL:?}"
+: "${ARTIFACTORY_PYPI_REPO:?}" "${ARTIFACTORY_ACCESS_TOKEN:?}" 
+: "${BUILD_NUMBER:?}" "${GITHUB_REPOSITORY:?}" 
+
+set_build_env() {
+  export PROJECT=${GITHUB_REPOSITORY#*/}
+  echo "PROJECT: $PROJECT"
+}
+
+config_poetry() {
+  jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_ACCESS_TOKEN"
+  jf poetry-config --server-id-resolve repox --repo-resolve "$ARTIFACTORY_PYPI_REPO"
+  jf poetry install --build-name="$PROJECT" --build-number="$BUILD_NUMBER"
+}
+
+main() {
+  set_build_env
+  config_poetry
+}
+
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  main "$@"
+fi
diff --git a/.github/scripts/run_its.sh b/.github/scripts/run_its.sh
@@ -15,4 +15,5 @@ cd -
 unset SONAR_TOKEN
 unset SONAR_HOST_URL
 
+poetry install 
 poetry run pytest --its tests/its
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -29,7 +29,6 @@ jobs:
           artifactory-deployer-role: qa-deployer
           deploy-pull-request: true
 
-
   formatting:
     name: "Formatting"
     runs-on: github-ubuntu-latest-s
@@ -38,16 +37,7 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
-      - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
-        with:
-          install_args: "poetry@2.2.1"
-      - run: mise use -g poetry@2.2.1
-      - uses: SonarSource/ci-github-actions/build-poetry@v1
-        with:
-          sonar-platform: none                                 
-          artifactory-reader-role: private-reader        
-          artifactory-deployer-role: qa-deployer
-      - run: poetry install
+      - uses: ./.github/actions/config-poetry
       - run: |
           poetry run black src/ tests/ --check
           poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/
@@ -66,33 +56,52 @@ jobs:
         with:
           install_args: "poetry@2.2.1"
       - run: mise use -g poetry@2.2.1
-      - run: poetry install
       - run: |
           poetry run python tools/generate_cli_documentation.py
           git diff --exit-code CLI_ARGS.md
 
+  coverage:
+    name: "Coverage report generation"
+    runs-on: github-ubuntu-latest-s
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: ./.github/actions/config-poetry
+      - run: |
+          poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
+          poetry run mypy src/ > mypy-report.txt || true
+      - name: Upload coverage artifacts
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: coverage-reports
+          path: |
+            coverage.xml
+            mypy-report.txt
+
   analysis:
     name: "NEXT Analysis"
     runs-on: github-ubuntu-latest-s
+    needs: [coverage]
     permissions:
       id-token: write
       contents: write
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - name: Download coverage artifacts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: coverage-reports
       - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
         with:
           install_args: "poetry@2.2.1"
-      - run: |
-          mise use -g poetry@2.2.1
+      - run: mise use -g poetry@2.2.1
       - uses: SonarSource/ci-github-actions/build-poetry@v1
         with:
-          sonar-platform: next                                 
-          artifactory-reader-role: private-reader            
+          sonar-platform: next
+          artifactory-reader-role: private-reader
           artifactory-deployer-role: qa-deployer
-      - run: poetry install
-      - run: |
-          poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
-          poetry run mypy src/ > mypy-report.txt || true
 
   qa:
     name: "Test Python ${{ matrix.python-version }}"
@@ -105,17 +114,7 @@ jobs:
         python-version: ["3.9.18", "3.9.6", "3.10.13", "3.11.7", "3.12.1", "3.13.2"]
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
-      - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
-        with:
-          install_args: "poetry@2.2.1"
-      - run: mise use -g poetry@2.2.1
-      - uses: SonarSource/ci-github-actions/build-poetry@v1
-        with:
-          sonar-platform: none                                 
-          python-version: ${{ matrix.python-version }}
-          artifactory-reader-role: private-reader        
-          artifactory-deployer-role: qa-deployer
-      - run: poetry install
+      - uses: ./.github/actions/config-poetry
       - run: |
           poetry run pytest tests/
 
@@ -127,15 +126,7 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
-      - uses: jdx/mise-action@e3d7b8d67a7958d1207f6ed871e83b1ea780e7b0 #v3.3.1
-        with:
-          install_args: "poetry@2.2.1"
-      - uses: SonarSource/ci-github-actions/build-poetry@v1
-        with:
-          sonar-platform: none                                 
-          artifactory-reader-role: private-reader        
-          artifactory-deployer-role: qa-deployer
-      - run: poetry install
+      - uses: ./.github/actions/config-poetry
       - run: |
           poetry run pytest tests/
 
@@ -148,7 +139,7 @@ jobs:
     steps:
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: Cache SonarQube
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: sonarqube_cache/
           key: sonarqube-25.3.0.104237
@@ -160,10 +151,8 @@ jobs:
           fi
         env:
           SONARQUBE_VERSION: 25.3.0.104237
-      - uses: SonarSource/ci-github-actions/build-poetry@v1
-        with:
-          sonar-platform: none
-          script: .github/scripts/run_its.sh
+      - uses: ./.github/actions/config-poetry
+      - run: ./.github/scripts/run_its.sh
 
   promote:
     name: "Promote"
