Add sonarcloud analysis (#1363)

Jamie Brynes · web-flow · commit f69d120acf69 · 2020-05-15T11:57:47.000+01:00
diff --git a/.buildkite/premerge.steps.yaml b/.buildkite/premerge.steps.yaml
@@ -13,7 +13,7 @@ windows: &windows
     - "environment=production"
     - "permission_set=builder"
     - "platform=windows"
-    - "queue=${WINDOWS_BUILDER_QUEUE:-v4-20-03-27-114536-bk10005-d340403f-d}"
+    - "queue=${WINDOWS_BUILDER_QUEUE:-v4-20-05-14-120002-bk11367-f5a4805a-d}"
     - "scaler_version=2"
     - "minimum_instances=1"
     - "agent_count=1"
@@ -77,6 +77,13 @@ steps:
     artifact_paths:
       - logs/**/*
 
+  - label: ":windows: ~ sonar scanner :sonarqube:"
+    depends_on:
+      - step: "test-windows"
+    command: bash -c ci/sonar-scanner.sh
+    soft_fail: true # TODO: Remove once we've ran with this a bit more.
+    <<: *windows
+
   - label: ":darwin: ~ test"
     id: "test-darwin"
     command: bash -c ci/test.sh
diff --git a/ci/sonar-scanner.sh b/ci/sonar-scanner.sh
@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+
+set -e -u -o pipefail
+
+if [[ -n "${DEBUG-}" ]]; then
+  set -x
+fi
+
+cd "$(dirname "$0")/../"
+
+PROJECT_DIR="$(pwd)"
+
+source .shared-ci/scripts/pinned-tools.sh
+
+# TODO: Add a more specific secret-type to vault and swap these around
+TOKEN=$(imp-ci secrets read --environment="production" --buildkite-org="improbable" --secret-type="generic-token" --secret-name="gdk-for-unity-bot-sonarcloud-token" --field="token")
+
+args=()
+args+=("-k:spatialos_gdk-for-unity")
+args+=("-o:spatialos")
+args+=("-d:sonar.login=${TOKEN}")
+args+=("-d:sonar.project_key=spatialos_gdk-for-unity")
+args+=("-d:sonar.host.url=https://sonarcloud.io")
+args+=("-d:sonar.buildString=${BUILDKITE_MESSAGE}")
+args+=("-d:sonar.log.level=${SONAR_LOG_LEVEL:-"INFO"}")
+
+# Exclude all generated code from analysis.
+args+=("-d:sonar.exclusions=Assets/Generated/Source/**/*.cs")
+
+if [[ -n "${DEBUG-}" ]]; then
+  args+=("-d:sonar.verbose=true")
+fi
+
+if [[ -n "${SONAR_PROJECT_DATE:-}" ]]; then
+  # For historical analysis. Note - can only supply a date later than the most recent one in the database.
+  args+=("-d:sonar.projectDate=${SONAR_PROJECT_DATE}")
+fi
+
+if [[ -n "${SONAR_REVISION:-}" ]]; then
+  # Override revision. Useful during historical analysis (i.e. override it to a tag that's being analysed).
+  args+=("-d:sonar.scm.revision=${SONAR_REVISION}")
+fi
+
+if [[ -n "${BUILDKITE_PULL_REQUEST:-}" && "${BUILDKITE_PULL_REQUEST}" != "false" ]]; then
+  # PR analysis, relies on BK building PRs
+  # https://docs.sonarqube.org/latest/analysis/pull-request/
+  args+=("-d:sonar.pullrequest.key=${BUILDKITE_PULL_REQUEST}")
+  args+=("-d:sonar.pullrequest.branch=${BUILDKITE_BRANCH}")
+  args+=("-d:sonar.pullrequest.base=${BUILDKITE_PULL_REQUEST_BASE_BRANCH}")
+else
+  # Branch analysis, allows for diff-level reporting on short-lived branches
+  # https://docs.sonarqube.org/latest/branches/overview/
+  args+=("-d:sonar.branch.name=${BUILDKITE_BRANCH}")
+fi
+
+# The way Sonar Scanner for MSBuild/dotnet works is:
+#   1. You need to run `dotnet-sonarscanner begin` which installs hooks into MSBuild and applies your quality profiles (from sonarcloud.io)
+#   2. Build the project using `msbuild`
+#   3. Run `dotnet-sonarscanner end` which runs post-processing. (This looks like it runs an embedded version of the generic sonar-scanner CLI which requires the JRE).
+#
+# To enable this to work with Unity, we first need to generate the `.sln` and `.csproj` files in order to build them with `msbuild`
+# For ease of use, we execute msbuild through `dotnet`! 
+pushd "workers/unity"
+
+  echo "--- Downloading Buildkite artifacts :buildkite:"
+
+  # Download test coverage reports from previous build step.
+  buildkite-agent artifact download \
+      logs\\coverage-results\\*.xml \
+      . \
+      --step ":windows: ~ test"
+
+  # This finds all .xml files in the logs/ directory and concatentates their relative path together, separated by comma:
+  # E.g. - -d:sonar.cs.opencover.reportsPath=./logs/coverage-results/my-first-report.xml,./logs/coverage-results/my-second-report.xml
+  # Wildcards don't appear to play nice with this.
+  args+=("-d:sonar.cs.opencover.reportsPaths=$(find ./logs -name "*.xml" | paste -sd "," -)")
+
+  echo "--- Generate csproj & sln files :csharp:"
+  dotnet run -p "${PROJECT_DIR}/.shared-ci/tools/RunUnity/RunUnity.csproj" -- \
+      -batchmode \
+      -projectPath "${PROJECT_DIR}/workers/unity" \
+      -quit \
+      -executeMethod UnityEditor.SyncVS.SyncSolution
+  
+  echo "--- Execute sonar-scanner :sonarqube:"
+  dotnet-sonarscanner begin "${args[@]}"
+  dotnet msbuild ./unity.sln -t:Rebuild -nr:false
+  dotnet-sonarscanner end "-d:sonar.login=${TOKEN}"
+popd
+
