-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathaction.yml
More file actions
281 lines (242 loc) · 10.6 KB
/
action.yml
File metadata and controls
281 lines (242 loc) · 10.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
name: Update Rule Metadata
description: |
This workflow updates rule metadata across all supported languages using the rule-api tooling.
It checks for changes and creates a pull request if any updates are made.
inputs:
rule-api-version:
description: |
Version of the rule-api tooling to be used for the workflow.
Leave empty to use the latest.
required: false
sonarpedia-files:
description: |
Comma-separated list of sonarpedia files to be updated.
By default, it will update all Sonarpedia files in the repository.
branch:
description: |
Branch to run the check against and create the PR for.
default: master
rspec-branch:
description: |
Branch of the rspec repository to be used.
If not specified, the 'master' branch of the rspec repository will be used.
default: master
labels:
description: 'Labels to add to the PR'
default: skip-qa
post-update:
description: 'Additional commands to run after rule-api.jar update'
required: false
rspec-token-suffix:
description: 'Suffix for the RSpec token if different from "rspec-read".'
required: false
outputs:
has-changes:
description: 'Indicates whether rule metadata changes were detected.'
value: ${{ steps.check-changes.outputs.has-changes }}
pull-request-url:
description: 'URL of the created pull request if changes were detected.'
value: ${{ steps.create-pr.outputs.pull-request-url }}
summary:
description: 'Summary of the rule metadata update.'
value: ${{ steps.generate-summary.outputs.summary }}
runs:
using: "composite"
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.branch }}
- name: Get vault secrets
id: secrets
uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1
with:
secrets: |
development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader role | ARTIFACTORY_ROLE;
development/github/token/{REPO_OWNER_NAME_DASH}-${{ inputs.rspec-token-suffix || 'rspec-read' }} token | GITHUB_TOKEN;
- name: Cache rule-api jar
id: cache-rule-api
if: ${{ inputs.rule-api-version != '' }}
uses: actions/cache@v4
with:
path: rule-api.jar
key: rule-api-${{ inputs.rule-api-version }}
- name: Setup JFrog
if: ${{ inputs.rule-api-version == '' }}
uses: SonarSource/jfrog-setup-wrapper@v3
with:
artifactoryRoleSuffix: private-reader
- name: Download rule-api jar
id: download
if: ${{ steps.cache-rule-api.outputs.cache-hit != 'true' }}
env:
REPOX_USER: vault-${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ROLE }}
REPOX_PASS: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
RULE_API_VERSION: ${{ inputs.rule-api-version }}
shell: bash
run: |
if [[ -n "$RULE_API_VERSION" ]]; then
echo "Downloading rule-api.jar version '$RULE_API_VERSION' from Artifactory"
curl -u $REPOX_USER:$REPOX_PASS -o rule-api.jar "https://repox.jfrog.io/artifactory/sonarsource-private-releases/com/sonarsource/rule-api/rule-api/$RULE_API_VERSION/rule-api-$RULE_API_VERSION.jar"
echo "Downloaded rule-api.jar ($(ls -lh rule-api.jar | awk '{print $5}'))"
echo "rule-api-version=$RULE_API_VERSION" >> $GITHUB_OUTPUT
else
echo "Downloading the latest rule-api release."
jfrog rt curl -sLf "sonarsource-private-releases/com/sonarsource/rule-api/rule-api/%5BRELEASE%5D/rule-api-%5BRELEASE%5D.jar" -o rule-api.jar
jar xf rule-api.jar META-INF/MANIFEST.MF
grep 'Implementation-Version' META-INF/MANIFEST.MF | sed 's/Implementation-Version: /rule-api-version=/' >> $GITHUB_OUTPUT
rm -rf META-INF
fi
- name: Install Java to run rule-api
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Run rule-api to update metadata
shell: bash
env:
GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
run: |
echo "" > rule-api-logs.txt
# Check if specific sonarpedia-files input is provided
if [ -n "${{ inputs.sonarpedia-files}}" ]; then
echo "Using specified sonarpedia files: ${{ inputs.sonarpedia-files}}"
# Convert comma-separated list to array and process each file
IFS=',' read -ra SONARPEDIA_FILES <<< "${{ inputs.sonarpedia-files}}"
sonarpedia_dirs=""
for file in "${SONARPEDIA_FILES[@]}"; do
# Trim whitespace
file=$(echo "$file" | xargs)
# Check if file exists
if [ -f "$file" ]; then
# Get directory containing the file
dir=$(dirname "$file")
sonarpedia_dirs="$sonarpedia_dirs$dir"$'\n'
else
echo "Warning: Specified sonarpedia file not found: $file"
fi
done
# Remove empty lines and duplicates
sonarpedia_dirs=$(echo "$sonarpedia_dirs" | grep -v '^$' | sort | uniq)
else
echo "No specific files provided, discovering all sonarpedia.json files in repository"
# Find all directories containing sonarpedia.json files
sonarpedia_dirs=$(find . -name "sonarpedia.json" -type f | sed 's|/sonarpedia.json$||' | sort | uniq)
fi
if [ -z "$sonarpedia_dirs" ]; then
echo "No sonarpedia.json files found to process"
exit 1
fi
echo "Found sonarpedia.json files in the following directories:"
echo "$sonarpedia_dirs"
echo ""
# Store the original directory
original_dir=$(pwd)
log_file="$original_dir/rule-api-logs.txt"
# Loop through each directory containing sonarpedia.json
while IFS= read -r dir; do
if [ -d "$dir" ]; then
echo "Processing directory: $dir"
cd "$dir"
# Extract a meaningful name for logging (use last part of path)
dir_name=$(basename "$dir")
parent_dir=$(dirname "$dir")
if [ "$parent_dir" != "." ]; then
dir_name="${parent_dir##*/}/${dir_name}"
fi
echo "=== $dir_name/sonarpedia.json ===" >> $log_file
# Calculate relative path to rule-api.jar from current directory
rel_path=$(realpath --relative-to="$PWD" "$original_dir/rule-api.jar")
from_branch="${{ inputs.rspec-branch }}"
# Run rule-api generate if rspec-branch is set and not master, else run update
if [[ "$from_branch" != "" && "$from_branch" != "master" ]]; then
echo "Running rule-api generate from branch '$from_branch'" >> $log_file
java -jar "$rel_path" generate -branch "$from_branch" 2>&1 | tee -a $log_file
else
echo "Running rule-api update" >> $log_file
java -jar "$rel_path" update 2>&1 | tee -a $log_file
fi
# Return to the original directory
cd "$original_dir"
fi
done <<< "$sonarpedia_dirs"
- name: Run Post Update Script
if: ${{ inputs.post-update }}
shell: bash
run: ${{ inputs.post-update }}
- name: Remove rule-api jar
shell: bash
run: |
rm rule-api.jar
- name: Generate summary
id: generate-summary
shell: bash
run: |
summary_file="rule-api-summary.md"
current_sonarpedia=""
has_entries=false
total_rules=0
# Build a markdown table
echo "| Sonarpedia | Rules to update |" > "$summary_file"
echo "|---|---:|" >> "$summary_file"
while IFS= read -r line; do
if [[ $line == "=== "* ]]; then
current_sonarpedia=$(echo "$line" | sed 's/=== \(.*\) ===/\1/')
elif [[ $line == *"Found "* && $line == *" rule(s) to update"* ]]; then
rule_count=$(echo "$line" | grep -o 'Found [0-9]\+' | grep -o '[0-9]\+')
if [[ -n "$rule_count" && "$rule_count" != "0" && -n "$current_sonarpedia" ]]; then
echo "| \`${current_sonarpedia}\` | ${rule_count} |" >> "$summary_file"
total_rules=$((total_rules + rule_count))
has_entries=true
fi
fi
done < rule-api-logs.txt
if [[ "$has_entries" == "true" ]]; then
echo "| **Total** | **${total_rules}** |" >> "$summary_file"
fi
echo -e "\nRule API Version: ${{ steps.download.outputs.rule-api-version }}" >> "$summary_file"
# Write summary to output using delimiter to preserve newlines
if [[ "$has_entries" == "false" ]]; then
echo "summary=Update rule metadata" >> $GITHUB_OUTPUT
else
{
echo "summary<<EOF"
cat "$summary_file"
echo "EOF"
} >> $GITHUB_OUTPUT
fi
rm rule-api-logs.txt
rm -f "$summary_file"
- name: Check Rule Metadata Changes
id: check-changes
shell: bash
run: |
echo "Checking for rule metadata changes (excluding sonarpedia.json files)..."
# Show the diff excluding sonarpedia.json files
if git diff --quiet HEAD -- . ':!*sonarpedia.json'; then
echo "No changes detected (excluding sonarpedia.json files)"
echo "has-changes=false" >> $GITHUB_OUTPUT
else
echo "Changes detected in rule metadata files:"
echo ""
echo "=== Git Diff (excluding sonarpedia.json) ==="
git diff HEAD -- . ':!*sonarpedia.json'
echo "=== End of Git Diff ==="
echo ""
echo "has-changes=true" >> $GITHUB_OUTPUT
fi
- name: Create PR
if: ${{ steps.check-changes.outputs.has-changes == 'true' }}
id: create-pr
uses: SonarSource/release-github-actions/create-pull-request@v1
with:
commit-message: Update rule metadata
title: Update rule metadata
body: |
## Rule Metadata Update Summary
${{ steps.generate-summary.outputs.summary }}
This PR was automatically generated to update rule metadata across all supported languages.
base: ${{ inputs.branch }}
branch: bot/update-rule-metadata
branch-suffix: timestamp
labels: ${{ inputs.labels }}