e240ba5d73
* Try merging with the queue * Provide github token * Fix syntax * Get GITHUB_TOKEN from vault * Add the PR label * update coverage information --------- Co-authored-by: Arseniy Zaostrovnykh <necto.ne@gmail.com> Co-authored-by: SonarTech <sonartech@sonarsource.com>
130 lines
4.7 KiB
YAML
130 lines
4.7 KiB
YAML
name: Update rule coverage
|
|
on:
|
|
schedule:
|
|
- cron: '17 2 * * *'
|
|
workflow_dispatch: # When manually triggered from a non-default branch, the results will not be pushed
|
|
|
|
jobs:
|
|
update_coverage:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
id-token: write # required by SonarSource/vault-action-wrapper
|
|
contents: write
|
|
checks: read # required by fountainhead/action-wait-for-check
|
|
actions: write # required by andymckay/cancel-action
|
|
env:
|
|
TMP_BRANCH: temporary/coverage_update
|
|
|
|
steps:
|
|
- name: 'get secrets'
|
|
id: secrets
|
|
uses: SonarSource/vault-action-wrapper@v3
|
|
with:
|
|
secrets: |
|
|
development/github/token/SonarSource-rspec-coverage token | coverage_github_token;
|
|
development/kv/data/slack token | slack_token;
|
|
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: true
|
|
fetch-depth: 0
|
|
path: 'rspec'
|
|
token: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }}
|
|
|
|
# - uses: actions/setup-python@v4
|
|
# with:
|
|
# python-version: '3.9'
|
|
|
|
# - name: 'Install Pipenv'
|
|
# run: pip install pipenv
|
|
|
|
# - name: 'Install coverage script dependencies'
|
|
# working-directory: 'rspec/rspec-tools'
|
|
# run: |
|
|
# pipenv --python python3.9 install
|
|
|
|
# - name: 'Regenerate coverage information'
|
|
# env:
|
|
# GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }}
|
|
# id: gen-coverage
|
|
# working-directory: 'rspec/rspec-tools'
|
|
# run: |
|
|
# pipenv run rspec-tools update-coverage --rulesdir ../rules
|
|
# mv ./covered_rules.json ../frontend/public/covered_rules.json
|
|
# if git diff --exit-code ../frontend/public/covered_rules.json; then
|
|
# echo "new_coverage=false" >> "$GITHUB_OUTPUT"
|
|
# else
|
|
# echo "new_coverage=true" >> "$GITHUB_OUTPUT"
|
|
# fi
|
|
|
|
# - name: 'Cancel if coverage did not change'
|
|
# if: steps.gen-coverage.outputs.new_coverage != 'true'
|
|
# uses: andymckay/cancel-action@0.2
|
|
|
|
- name: 'Push the updated coverage file to a new branch'
|
|
id: create-temp-branch
|
|
# if: steps.gen-coverage.outputs.new_coverage == 'true'
|
|
working-directory: 'rspec'
|
|
run: |
|
|
git config --global user.name "SonarTech"
|
|
git config --global user.email "sonartech@sonarsource.com"
|
|
git checkout -b $TMP_BRANCH
|
|
echo "" >> frontend/public/covered_rules.json # TODO remove this line
|
|
git add frontend/public/covered_rules.json
|
|
git commit -m "update coverage information"
|
|
git push --force-with-lease origin $TMP_BRANCH
|
|
|
|
# - name: 'Wait for CI to succeed'
|
|
# if: steps.gen-coverage.outputs.new_coverage == 'true'
|
|
# uses: fountainhead/action-wait-for-check@v1.0.0
|
|
# id: wait-for-build
|
|
# with:
|
|
# token: ${{ secrets.GITHUB_TOKEN }}
|
|
# checkName: all_required_checks
|
|
# ref: ${{ env.TMP_BRANCH }}
|
|
# timeoutSeconds: 2400
|
|
# intervalSeconds: 30
|
|
|
|
- name: 'Create a PR'
|
|
id: crate-github-pr
|
|
working-directory: 'rspec'
|
|
env:
|
|
GH_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }}
|
|
run: |
|
|
PR_URL=$(gh pr create --head ${{ env.TMP_BRANCH }} --title "Update coverage information" --body "" --label "rspec system")
|
|
gh pr merge $PR_URL
|
|
|
|
# - name: 'Push the updated coverage to master'
|
|
# if: |
|
|
# steps.gen-coverage.outputs.new_coverage == 'true' &&
|
|
# steps.wait-for-build.outputs.conclusion == 'success' &&
|
|
# (github.event_name != 'workflow_dispatch' || github.ref == format('refs/heads/{0}', github.event.repository.default_branch))
|
|
# working-directory: 'rspec'
|
|
# run: |
|
|
# git checkout master
|
|
# git merge $TMP_BRANCH
|
|
# git push origin master
|
|
|
|
# - name: 'Delete the temporary branch'
|
|
# if: always() && steps.create-temp-branch.conclusion == 'success'
|
|
# uses: dawidd6/action-delete-branch@v3
|
|
# with:
|
|
# github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
# branches: ${{ env.TMP_BRANCH}}
|
|
|
|
# - name: 'Fail if the change breaks CI'
|
|
# if: |
|
|
# steps.gen-coverage.outputs.new_coverage == 'true' &&
|
|
# steps.wait-for-build.outputs.conclusion != 'success'
|
|
# run: exit 1
|
|
|
|
# - name: 'Notify on slack about the failure'
|
|
# if: ${{ failure() }}
|
|
# env:
|
|
# SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }}
|
|
# working-directory: 'rspec/rspec-tools'
|
|
# run: |
|
|
# pipenv run rspec-tools notify-failure-on-slack \
|
|
# --message "ERROR: failed to update rule coverage. See https://github.com/SonarSource/rspec/actions/runs/$GITHUB_RUN_ID" \
|
|
# --channel team-analysis-rspec
|