From 69e9f8bb6dc5d3720455a8fa6802d35008ce07fe Mon Sep 17 00:00:00 2001 From: didierC Date: Fri, 26 Sep 2025 09:02:41 +0200 Subject: [PATCH 1/2] rewrite java CI to add integration test --- .github/dependatbot.yml | 12 ++ .../workflows/java-continuous-integration.yml | 109 ++++++++++++------ README.md | 2 +- it/audit.sh | 20 ++-- it/it.sh | 10 +- it/sonar-project.properties | 2 +- pom.xml | 24 ++-- settings.xml | 20 +++- sonar-project.properties | 8 ++ 9 files changed, 136 insertions(+), 71 deletions(-) create mode 100644 .github/dependatbot.yml create mode 100644 sonar-project.properties diff --git a/.github/dependatbot.yml b/.github/dependatbot.yml new file mode 100644 index 0000000..943390a --- /dev/null +++ b/.github/dependatbot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#schedule- + schedule: + interval: "monthly" + + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "monthly" \ No newline at end of file diff --git a/.github/workflows/java-continuous-integration.yml b/.github/workflows/java-continuous-integration.yml index eda3b61..5ca478f 100644 --- a/.github/workflows/java-continuous-integration.yml +++ b/.github/workflows/java-continuous-integration.yml @@ -8,69 +8,102 @@ name: Java CI on: [push, pull_request] -env: - MVN_USR: ${{ secrets.MVN_USR }} - MVN_PWD: ${{ secrets.MVN_PWD }} jobs: - + build: permissions: packages: read runs-on: ubuntu-latest - name: Java 17 CI + strategy: + matrix: + java: [ '17', '21' ] + name: Java ${{ matrix.Java }} CI steps: + # the latest version at https://github.com/marketplace/actions/checkout - name: Check out repository code - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 + # the latest version at https://github.com/marketplace/actions/setup-java-jdk - name: Setup java - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: distribution: 'adopt' - java-version: 17 - - name: Cache Maven packages + java-version: ${{ matrix.java }} + cache: 'maven' + # the latest version at https://github.com/actions/cache + - name: Cache target folders uses: actions/cache@v4 with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 + path: "**/target/" + key: ${{ runner.os }}-cache-java-${{ matrix.java }}-${{ github.sha }} - name: Build with Maven - run: mvn -B clean test package -s settings.xml - + run: mvn -B clean install -s settings.xml + env: + MVN_USR: dummy + MVN_PWD: ${{ secrets.GITHUB_TOKEN }} + code-analysis: permissions: packages: read - runs-on: ubuntu-latest + runs-on: ubuntu-latest + needs: build name: SonarCloud Code Analysis # It's not possible to launch an analysis on external pull requests - if: ${{ github.repository_owner == 'cnescatlab' }} + # if: ${{ github.repository_owner == 'cnescatlab' }} steps: + # the latest version at https://github.com/marketplace/actions/checkout - name: Check out repository code - uses: actions/checkout@v2 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Setup java - uses: actions/setup-java@v2 + uses: actions/checkout@v4 with: - distribution: 'adopt' - java-version: '17' - - name: Cache Maven packages - uses: actions/cache@v4 + fetch-depth: 0 + # the latest version at https://github.com/actions/cache + - name: Restore cache + uses: actions/cache/restore@v4 with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 - - name: Cache SonarCloud packages - uses: actions/cache@v4 + path: "**/target/" + fail-on-cache-miss: true + key: ${{ runner.os }}-cache-java-21-${{ github.sha }} + # the latest version at https://github.com/marketplace/actions/official-sonarqube-scan + # Triggering SonarQube analysis as results of it are required by Quality Gate check. + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v6 with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Build and analyze + args: > + -Dsonar.qualitygate.wait=true + -Dsonar.qualitygate.timeout=600 env: - # Needed to get some information about the pull request, if any - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # SonarCloud access token should be generated from https://sonarcloud.io/account/security/ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: mvn clean -s settings.xml org.jacoco:jacoco-maven-plugin:prepare-agent package sonar:sonar -Dsonar.organization=lequal -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=$SONAR_TOKEN + + integration-test: + permissions: + packages: read + runs-on: ubuntu-latest + needs: build + name: TI for SonarQube ${{ matrix.sonarQube }} + strategy: + matrix: + sonarQube: [ '25.1.0.102122-community', 'community'] + steps: + # the latest version at https://github.com/marketplace/actions/docker-setup-compose + - name: Set up Docker Compose + uses: docker/setup-compose-action@v1 + with: + version: latest + # the latest version at https://github.com/marketplace/actions/checkout + - name: Check out repository code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + # the latest version at https://github.com/actions/cache + - name: Restore cache + uses: actions/cache/restore@v4 + with: + path: "**/target/" + fail-on-cache-miss: true + key: ${{ runner.os }}-cache-java-21-${{ github.sha }} + - name: Integration test + run: | + cd it + ./it.sh -S ${{ matrix.sonarQube }} \ No newline at end of file diff --git a/README.md b/README.md index bfeb504..aca768d 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Here is the compatibility matrix of the plugin: | 3.1.1 | 4.1.2 | 7.9 -> 9.9 | Fortran | | 3.1.2 | 5.1.0 | 7.9 -> 9.9 | Fortran | | 5.1.0 | 5.1.0 | 7.9 -> 9.9 | Fortran | -| 5.2.0 | 5.1.0 | 25.1.0 -> 25.9.0 | Fortran | +| 5.2.0 | 5.1.0 | 25.1.0 -> 25.9.0 | Fortran | *Notice: Since 5.X this plugins will follow I-Code versionning. There is no breaking changes between 3.X and 5.X* diff --git a/it/audit.sh b/it/audit.sh index 2390de2..0822b47 100644 --- a/it/audit.sh +++ b/it/audit.sh @@ -29,7 +29,7 @@ echo $SONAR_TOKEN # Audit code echo "Launching scanner..." cd /usr/src/myapp/it -sonar-scanner -X -Dsonar.qualitygate.wait 2>&1 | tee /tmp/scanner.log +sonar-scanner -Dsonar.log.level=DEBUG -Dsonar.verbose=true -Dsonar.qualitygate.wait 2>&1 | tee /tmp/scanner.log if [ $? -ne 0 ] then @@ -64,14 +64,16 @@ if r.status_code != 200: data = r.json() -if data['total'] != 100: - print('Wrong total number of issues: ' + str(data['total']), file=sys.stderr) - sys.exit(1) - issues = 0 if 'f77-rules' in data['issues'][0]['rule'] and data['issues'][0]['line'] == 1: issues += 1 +if data['total'] != 100: + print('Wrong total number of issues: ' + str(data['total']), file=sys.stderr) + sys.exit(1) +else: + print('Validation Fortran 77 OK. Issues found: ' + str(data['total']), file=sys.stdout) + r = requests.get('http://sonarqube:9000/api/issues/search?componentKeys=$SONAR_PROJECT_KEY:src/clanhb.f90&statuses=OPEN', auth=('$SONAR_ADMIN_LOGIN', '$SONAR_ADMIN_PWD')) if r.status_code != 200: print('Invalid server response: ' + str(r.status_code), file=sys.stderr) @@ -79,11 +81,15 @@ if r.status_code != 200: data = r.json() + +if 'f90-rules' in data['issues'][0]['rule'] and data['issues'][0]['line'] == 1: + issues += 1 + if data['total'] != 197: print('Wrong total number of issues: ' + str(data['total']), file=sys.stderr) sys.exit(1) -if 'f90-rules' in data['issues'][0]['rule'] and data['issues'][0]['line'] == 1: - issues += 1 +else: + print('Validation Fortran 90 OK. Issues found: ' + str(data['total']), file=sys.stdout) sys.exit(0 if issues == 2 else 1) diff --git a/it/it.sh b/it/it.sh index 3f0973e..bfe6ea4 100755 --- a/it/it.sh +++ b/it/it.sh @@ -39,11 +39,11 @@ export SCRIPT_DIR=`dirname $0` # Clean-up if needed echo "Cleanup..." -docker-compose -f $SCRIPT_DIR/docker-compose.yml down +docker compose -f $SCRIPT_DIR/docker-compose.yml down # Start containers echo "Starting SonarQube..." -docker-compose -f $SCRIPT_DIR/docker-compose.yml up -d sonarqube +docker compose -f $SCRIPT_DIR/docker-compose.yml up --quiet-pull -d sonarqube CONTAINER_NAME=$(docker ps --format "{{.Names}}" | grep 'it-sonarqube-1.*' | head -1) # Wait for SonarQube to be up grep -q "SonarQube is operational" <(docker logs --follow --tail 0 $CONTAINER_NAME) @@ -54,7 +54,7 @@ MAVEN_VERSION=$(grep '' $SCRIPT_DIR/../pom.xml | head -1 | sed 's/<\/\? echo "Installing the plugin Icode version $MAVEN_VERSION" docker cp $SCRIPT_DIR/../target/sonar-icode-cnes-plugin-$MAVEN_VERSION.jar $CONTAINER_NAME:/opt/sonarqube/extensions/plugins # Restart SonarQube -docker-compose -f $SCRIPT_DIR/docker-compose.yml restart sonarqube +docker compose -f $SCRIPT_DIR/docker-compose.yml restart sonarqube # Wait for SonarQube to be up grep -q "SonarQube is operational" <(docker logs --follow --tail 0 $CONTAINER_NAME) # Check plug-in installation @@ -83,11 +83,11 @@ echo "Plugin successfully installed!" # Audit code echo "Audit test scripts..." -docker-compose -f $SCRIPT_DIR/docker-compose.yml up --build --exit-code-from auditor auditor +docker compose -f $SCRIPT_DIR/docker-compose.yml up --quiet-pull --build --exit-code-from auditor auditor AUDIT_STATUS=$? # Delete containers echo "Cleanup..." -docker-compose -f $SCRIPT_DIR/docker-compose.yml down +docker compose -f $SCRIPT_DIR/docker-compose.yml down exit $AUDIT_STATUS diff --git a/it/sonar-project.properties b/it/sonar-project.properties index a75cfbb..d37e7ab 100644 --- a/it/sonar-project.properties +++ b/it/sonar-project.properties @@ -1,5 +1,5 @@ sonar.projectKey=icode -sonar.projectName=I-Code +sonar.projectName=I-Code TI sonar.projectVersion=1.0 sonar.sources=src sonar.scm.disabled=True diff --git a/pom.xml b/pom.xml index e8c8f40..7cdea5b 100644 --- a/pom.xml +++ b/pom.xml @@ -57,8 +57,8 @@ UTF-8 - 11 - 23 + 17 3.5.3 @@ -73,16 +73,6 @@ src/test/java - - - github - https://maven.pkg.github.com/cnescatlab/i-CodeCNES - - false - - - - org.sonarsource.api.plugin @@ -104,6 +94,7 @@ org.sonarsource.sonarqube sonar-plugin-api-impl ${sonar.version} + test junit @@ -180,20 +171,19 @@ org.sonarsource.sonar-packaging-maven-plugin sonar-packaging-maven-plugin true + 1.23.0.740 org.apache.maven.plugins maven-compiler-plugin - - ${jdk.min.version} - ${jdk.min.version} - + 3.14.1 org.apache.maven.plugins maven-project-info-reports-plugin + 3.9.0 false @@ -202,6 +192,7 @@ org.apache.maven.plugins maven-surefire-plugin + 3.5.4 org.apache.maven.surefire @@ -214,6 +205,7 @@ org.jacoco jacoco-maven-plugin + 0.8.13 prepare-agent diff --git a/settings.xml b/settings.xml index 5906866..0c4d282 100644 --- a/settings.xml +++ b/settings.xml @@ -1,7 +1,6 @@ + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> @@ -10,4 +9,19 @@ ${env.MVN_PWD} - + + + + github + + + github + https://maven.pkg.github.com/cnescatlab/* + + + + + + github + + \ No newline at end of file diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..ea48d39 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,8 @@ +sonar.projectKey=fr.cnes.sonar.plugins:sonar-icode-cnes-plugin +sonar.projectName=Sonar i-Code CNES plugin +sonar.projectDescription=i-Code CNES plugin for SonarQube +sonar.sources=src/main/java +sonar.tests=src/test +sonar.java.binaries=target +sonar.organization=lequal + From d8ab367277979779018591c5dc3fa5ac2c2bcdfa Mon Sep 17 00:00:00 2001 From: didierC Date: Fri, 26 Sep 2025 16:09:41 +0200 Subject: [PATCH 2/2] Use maven for SonarCloud analysis --- .../workflows/java-continuous-integration.yml | 19 +++++++------------ pom.xml | 1 + sonar-project.properties | 8 -------- .../plugins/icode/check/ICodeSensor.java | 7 +++---- .../icode/languages/ICodeQualityProfiles.java | 4 ++-- .../icode/measures/ICodeMetricsProcessor.java | 6 +++--- 6 files changed, 16 insertions(+), 29 deletions(-) delete mode 100644 sonar-project.properties diff --git a/.github/workflows/java-continuous-integration.yml b/.github/workflows/java-continuous-integration.yml index 5ca478f..a7942fa 100644 --- a/.github/workflows/java-continuous-integration.yml +++ b/.github/workflows/java-continuous-integration.yml @@ -8,6 +8,10 @@ name: Java CI on: [push, pull_request] +env: + MVN_USR: dummy + MVN_PWD: ${{ secrets.GITHUB_TOKEN }} + jobs: @@ -39,10 +43,7 @@ jobs: path: "**/target/" key: ${{ runner.os }}-cache-java-${{ matrix.java }}-${{ github.sha }} - name: Build with Maven - run: mvn -B clean install -s settings.xml - env: - MVN_USR: dummy - MVN_PWD: ${{ secrets.GITHUB_TOKEN }} + run: mvn -B clean verify -s settings.xml code-analysis: permissions: @@ -51,7 +52,7 @@ jobs: needs: build name: SonarCloud Code Analysis # It's not possible to launch an analysis on external pull requests - # if: ${{ github.repository_owner == 'cnescatlab' }} + if: ${{ github.repository_owner == 'cnescatlab' }} steps: # the latest version at https://github.com/marketplace/actions/checkout - name: Check out repository code @@ -65,14 +66,8 @@ jobs: path: "**/target/" fail-on-cache-miss: true key: ${{ runner.os }}-cache-java-21-${{ github.sha }} - # the latest version at https://github.com/marketplace/actions/official-sonarqube-scan - # Triggering SonarQube analysis as results of it are required by Quality Gate check. - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v6 - with: - args: > - -Dsonar.qualitygate.wait=true - -Dsonar.qualitygate.timeout=600 + run: mvn -s settings.xml -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/pom.xml b/pom.xml index 7cdea5b..1e246e3 100644 --- a/pom.xml +++ b/pom.xml @@ -71,6 +71,7 @@ CNES src/main/java src/test/java + lequal diff --git a/sonar-project.properties b/sonar-project.properties deleted file mode 100644 index ea48d39..0000000 --- a/sonar-project.properties +++ /dev/null @@ -1,8 +0,0 @@ -sonar.projectKey=fr.cnes.sonar.plugins:sonar-icode-cnes-plugin -sonar.projectName=Sonar i-Code CNES plugin -sonar.projectDescription=i-Code CNES plugin for SonarQube -sonar.sources=src/main/java -sonar.tests=src/test -sonar.java.binaries=target -sonar.organization=lequal - diff --git a/src/main/java/fr/cnes/sonar/plugins/icode/check/ICodeSensor.java b/src/main/java/fr/cnes/sonar/plugins/icode/check/ICodeSensor.java index 62e6026..2e411f4 100644 --- a/src/main/java/fr/cnes/sonar/plugins/icode/check/ICodeSensor.java +++ b/src/main/java/fr/cnes/sonar/plugins/icode/check/ICodeSensor.java @@ -200,7 +200,6 @@ private void executeEmbeddedICode(final SensorContext sensorContext) { filesMap.put(inputFile.uri().getPath(), inputFile); } - // Run all checkers on all files. final List results = analyzer.stableCheck(files, LanguageService.getLanguagesIds(), null); @@ -333,9 +332,9 @@ static void saveIssue(final SensorContext context, final Map newIssue.at(newIssueLocation); newIssue.save(); } else { - LOGGER.error(String.format( - "Issue '%s' on file '%s' has not been saved because source file was not found.", - issue.getAnalysisRuleId(), issue.getResult().getFileName())); + LOGGER.error( + "Issue '{}' on file '{}' has not been saved because source file was not found.", + issue.getAnalysisRuleId(), issue.getResult().getFileName()); } } diff --git a/src/main/java/fr/cnes/sonar/plugins/icode/languages/ICodeQualityProfiles.java b/src/main/java/fr/cnes/sonar/plugins/icode/languages/ICodeQualityProfiles.java index a24e9f8..dab751f 100644 --- a/src/main/java/fr/cnes/sonar/plugins/icode/languages/ICodeQualityProfiles.java +++ b/src/main/java/fr/cnes/sonar/plugins/icode/languages/ICodeQualityProfiles.java @@ -71,7 +71,7 @@ private void createBuiltInProfile(final Context context, final String repository } profile.setDefault(true); profile.done(); - LOGGER.info(String.format("%s rules are activated for the repository %s.", profile.activeRules().size(), - repository)); + LOGGER.info("{} rules are activated for the repository {}.", profile.activeRules().size(), + repository); } } \ No newline at end of file diff --git a/src/main/java/fr/cnes/sonar/plugins/icode/measures/ICodeMetricsProcessor.java b/src/main/java/fr/cnes/sonar/plugins/icode/measures/ICodeMetricsProcessor.java index 67c36e8..5910f85 100644 --- a/src/main/java/fr/cnes/sonar/plugins/icode/measures/ICodeMetricsProcessor.java +++ b/src/main/java/fr/cnes/sonar/plugins/icode/measures/ICodeMetricsProcessor.java @@ -317,9 +317,9 @@ private static void saveMeasure(final SensorContext context, final Map