Skip to content

ci : fix failing sonar pipeline by moving sonar publish step to workflow_run #7151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ci : fix failing sonar pipeline by moving sonar publish step to workflow_run #7151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .github/workflows/sonar-pr-report-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#
# Copyright (C) 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

name: Sonar PR Report Publish

on:
workflow_run:
workflows: [Sonar PR Report Request]
types:
- completed

concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs.
group: ci-sonar-kubernetes-client-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
sonar:
name: Sonar
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BASE_BRANCH: main
PR_BRANCH: ${{ github.event.workflow_run.head_branch }}
PR_AUTHOR: ${{ github.event.sender.login }}
GITHUB_REPO: ${{ github.repository }}
SONAR_LOGIN_TOKEN: ${{ secrets.SONAR_LOGIN_TOKEN }}
steps:
- name: Setup Java 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Get PR number
run: |
PR_QUERY_RESULT=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/$GITHUB_REPO/pulls?head=$PR_AUTHOR:$PR_BRANCH&state=open" | jq '.[0].number')
if [ "$PR_QUERY_RESULT" = "null" ] || [ -z "$PR_QUERY_RESULT" ]; then
echo "Could not find PR number for $PR_AUTHOR:$PR_BRANCH"
exit 1
fi
echo "PR_NUMBER=$PR_QUERY_RESULT" >> $GITHUB_ENV
Comment on lines +51 to +58
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand this part is checking that the PR exists and hasn't been merged before proceeding to publish the PR results.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part is extracting pull request number using GitHub API. Actually, I couldn't find GitHub pull request number in github event payload. Therefore using GitHub REST API to fetch it. This pull request number is passed in sonar.pullrequest.key property

- name: Checkout
uses: actions/checkout@v4
with:
ref: refs/pull/${{ env.PR_NUMBER }}/head
# Shallow clones should be disabled for a better relevancy of analysis
fetch-depth: 0
- name: Sonar
run: make sonar-pr-report
Comment on lines +65 to +66
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow-up to https://github.com/fabric8io/kubernetes-client/pull/7151/files#r2191435582

How are the results from the build in the PR branch evaluated here? there are no intermediate artifacts stored.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be merged to work. As of now there is no workflow_run workflow present in main repository.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But still I don't understand where are the (or where would the) intermediate artifacts or sonar scanner results be fetched from

Copy link
Member Author

@rohanKanojia rohanKanojia Jul 9, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are no intermediate artifacts, it would trigger a fresh sonar analysis in workflow_run

I had tested it on my fork by creating test PR (from another account of mine) rohanKanojia#198

It triggered this workflow https://github.com/rohanKanojia/kubernetes-client/actions/runs/16107925671

It posted sonar analysis on this pull request on fabric8io/kubernetes-client (due to projectId set in sonar properties) #198 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, but this is actually running the sonar analysis on main (unless I'm mistaken), so it's not checking the code in the PR (see the link to your workflow run):

https://github.com/rohanKanojia/kubernetes-client/actions/runs/16107925671/job/45446507952#step:2:810

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you're right, thanks for noticing.

47 changes: 47 additions & 0 deletions .github/workflows/sonar-pr-report-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#
# Copyright (C) 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

name: Sonar PR Report Request

on:
pull_request:
paths-ignore:
- 'doc/**'
- 'ide-config/**'
- '**.md'

concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs.
group: ci-sonar-kubernetes-client-${{ github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
sonar:
name: Sonar
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Java 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build Project before requesting for Sonar Analysis
run: mvn ${MAVEN_ARGS} install
Comment on lines +46 to +47
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is building the project, but I'm not sure I follow why.
Is it to ensure that the project builds and the tests pass?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, before invoking workflow_run request on the main repository. We just make sure that build is not failing.

5 changes: 0 additions & 5 deletions .github/workflows/sonar.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,6 @@ on:
push:
branches:
- main
# pull_request:
# paths-ignore:
# - 'doc/**'
# - 'ide-config/**'
# - '**.md'

concurrency:
# Only run once for latest commit per ref and cancel other (previous) runs.
Expand Down
9 changes: 9 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,15 @@ sonar: clean
# $(MAVEN_ARGS) ---> -T 1C won't work with sonar analysis (yet)
mvn -Psonar install sonar:sonar

.PHONY: sonar-pr-report
sonar-pr-report: clean
mvn -Psonar install sonar:sonar \
-Dsonar.login=${SONAR_LOGIN_TOKEN} \
-Dsonar.pullrequest.key=${PR_NUMBER} \
-Dsonar.pullrequest.branch=${PR_BRANCH} \
-Dsonar.pullrequest.base=${BASE_BRANCH} \
-Dsonar.pullrequest.provider=GitHub

.PHONY: javadoc
javadoc: clean
mvn $(MAVEN_ARGS) install javadoc:jar -DskipTests -Pjavadoc-test
Expand Down
Loading