Chore/qa 1202 sonarqube integration (#506)

* SonarQube initial setup
smartcontractkit · Sep 13, 2023 · 26fdcf3 · 26fdcf3
1 parent 680240b
commit 26fdcf3
Show file tree

Hide file tree

Showing 10 changed files with 263 additions and 60 deletions.
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -4,36 +4,59 @@ on:
   pull_request:
 
 jobs:
-  golang_lint:
+  golang_lint_ops:
     name: Golang Lint
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-      - uses: smartcontractkit/[email protected]
-        id: tool-versions
-      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: Install Nix
+        uses: cachix/install-nix-action@29bd9290ef037a3ecbdafe83cbd2185e9dd0fa0a # v20
         with:
-          go-version-file: "go.mod"
-          check-latest: true
+          nix_path: nixpkgs=channel:nixos-unstable
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        run: nix develop -c make lint-go-ops
+      - name: Store lint report artifact
+        if: always()
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
         with:
-          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v${{ steps.tool-versions.outputs.golangci-lint_version }}
+          name: golangci-lint-ops-report
+          path: ./ops/golangci-lint-ops-report.xml
 
-          # Optional: working directory, useful for monorepos
-          # working-directory: somedir
-
-          # Optional: golangci-lint command line arguments.
-          args: --enable=gofmt --tests=false --exclude-use-default --timeout=5m0s
-
-          # Optional: show only new issues if it's a pull request. The default value is `false`.
-          only-new-issues: true
-
-          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
-          # skip-pkg-cache: true
+  golang_lint_integration_tests:
+    name: Golang Lint Integration Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: Install Nix
+        uses: cachix/install-nix-action@29bd9290ef037a3ecbdafe83cbd2185e9dd0fa0a # v20
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - name: golangci-lint
+        run: nix develop -c make lint-go-integration-tests
+      - name: Store lint report artifact
+        if: always()
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: golangci-lint-integration-tests-report
+          path: ./integration-tests/golangci-lint-integration-tests-report.xml
 
-          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
-          # skip-build-cache: true
+  golang_lint_relay:
+    name: Golang Lint Relay tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: Install Nix
+        uses: cachix/install-nix-action@29bd9290ef037a3ecbdafe83cbd2185e9dd0fa0a # v20
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - name: golangci-lint
+        run: nix develop -c make lint-go-relay
+      - name: Store lint report artifact
+        if: always()
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: golangci-lint-relay-report
+          path: ./pkg/golangci-lint-relay-report.xml
diff --git a/.github/workflows/relay.yml b/.github/workflows/relay.yml
@@ -25,6 +25,14 @@ jobs:
       - name: Build
         run: go build -v ./pkg/...
       - name: Test
-        run: go test ./pkg/... -v -tags integration
+        run: go test ./pkg/... -v -tags integration -covermode=atomic -coverpkg=./... -coverprofile=integration_coverage.txt
       - name: Test with the race detector enabled
-        run: go test ./pkg/... -v -race -count=10 -timeout=15m
+        run: go test ./pkg/... -v -race -count=10 -timeout=15m -covermode=atomic -coverpkg=./... -coverprofile=race_coverage.txt
+      - name: Upload Go test results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: go-relay-test-results
+          path: |
+            ./race_coverage.txt
+            ./integration_coverage.txt
diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml
@@ -0,0 +1,112 @@
+name: Static analysis
+
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+
+jobs:
+  wait_for_workflows:
+    name: Wait for workflows
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }}
+
+      - name: Wait for Workflows
+        id: wait
+        uses: smartcontractkit/chainlink-github-actions/utils/wait-for-workflows@main
+        with:
+          max-timeout: "1200"
+          polling-interval: "30"
+          exclude-workflow-names: "Lint GH Workflows,e2e_tests_custom_cl"
+          exclude-workflow-ids: ""
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          DEBUG: "true"
+  tools:
+    name: Get tool-versions
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out Code
+        uses: actions/checkout@v3
+      - name: Parse tool-versions file
+        uses: smartcontractkit/[email protected]
+        id: tool-versions
+    outputs:
+      go-version: ${{ steps.tool-versions.outputs.golang_version }}
+      golangci-lint-version: ${{ steps.tool-versions.outputs.golangci-lint_version }}
+
+  sonarqube:
+    name: SonarQube Scan
+    needs: [wait_for_workflows]
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    steps:
+      - name: Fetch blame information
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports
+
+      - name: Download Golangci ops reports
+        uses: dawidd6/[email protected]
+        with:
+          workflow: golangci-lint.yml
+          workflow_conclusion: ""
+          name_is_regexp: true
+          name: golangci-lint-ops-report
+          if_no_artifact_found: warn
+
+      - name: Download Golangci integration tests reports
+        uses: dawidd6/[email protected]
+        with:
+          workflow: golangci-lint.yml
+          workflow_conclusion: ""
+          name_is_regexp: true
+          name: golangci-lint-integration-tests-report
+          if_no_artifact_found: warn
+
+      - name: Download Golangci relay reports
+        uses: dawidd6/[email protected]
+        with:
+          workflow: golangci-lint.yml
+          workflow_conclusion: ""
+          name_is_regexp: true
+          name: golangci-lint-relay-report
+          if_no_artifact_found: warn
+
+      - name: Download Relayer unit tests report
+        uses: dawidd6/[email protected]
+        with:
+          workflow: relay.yml
+          workflow_conclusion: ""
+          name_is_regexp: true
+          name: go-relay-test-results
+          if_no_artifact_found: warn
+
+      - name: Set SonarQube Report Paths
+        id: sonarqube_report_paths
+        shell: bash
+        run: |
+          {
+            echo "sonarqube_tests_report_paths=$(find . -type f -name output.txt | paste -sd "," -)"
+            echo "sonarqube_coverage_report_paths=$(find . -type f -name '*coverage.txt' | paste -sd "," -)"
+            echo "sonarqube_golangci_report_paths=$(find . -type f -name 'golangci-*-report.xml' -printf "%p,")"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@a6ba0aafc293e03de5437af7edbc97f7d3ebc91a # v1.2.0
+        with:
+          args: >
+            -Dsonar.go.tests.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_tests_report_paths }}
+            -Dsonar.go.coverage.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_coverage_report_paths }}
+            -Dsonar.go.golangci-lint.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_golangci_report_paths }}
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+
diff --git a/.gitignore b/.gitignore
@@ -42,3 +42,9 @@ tests/e2e/smoke/contracts-chaos-state.json
 tmp-manifest-*
 tests-smoke-report.xml
 .env.test*
+
+# Test & linter reports
+*report.xml
+*report.json
+*.out
+*coverage*
diff --git a/.tool-versions b/.tool-versions
@@ -2,7 +2,7 @@ nodejs 16.13.2
 yarn 1.22.19
 rust 1.59.0
 golang 1.20.1
-golangci-lint 1.51.1
+golangci-lint 1.52.1
 pulumi 3.40.1
 ginkgo 2.5.1
 actionlint 1.6.22

diff --git a/Makefile b/Makefile
@@ -92,3 +92,15 @@ gomodtidy:
 	go mod tidy
 	cd ./integration-tests && go mod tidy
 	cd ./ops && go mod tidy
+
+.PHONY: lint-go-ops
+lint-go-ops:
+	cd ./ops && golangci-lint --color=always --exclude=dot-imports --timeout 10m --out-format checkstyle:golangci-lint-ops-report.xml run || true
+
+.PHONY: lint-go-integration-tests
+lint-go-integration-tests:
+	cd ./integration-tests && golangci-lint --color=always --exclude=dot-imports --timeout 10m --out-format checkstyle:golangci-lint-integration-tests-report.xml run || true
+
+.PHONY: lint-go-relay
+lint-go-relay:
+	cd ./pkg && golangci-lint --color=always --exclude=dot-imports --timeout 10m --out-format checkstyle:golangci-lint-relay-report.xml run || true
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -5,24 +5,13 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     flake-utils.url = "github:numtide/flake-utils";
     rust-overlay.url = "github:oxalica/rust-overlay";
-    # saber-overlay.url = "github:saber-hq/saber-overlay";
-    # saber-overlay.inputs.rust-overlay.follows = "rust-overlay";
-    # naersk.url = "github:nmattia/naersk";
   };
 
   outputs = inputs@{ self, nixpkgs, rust-overlay, flake-utils, ... }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = import nixpkgs { inherit system; overlays = [ rust-overlay.overlays.default ]; };
-        # naerskLib = pkgs.callPackage naersk {
-        #   inherit (pkgs.rust-bin.nightly.latest) rustc cargo;
-        # };
       in rec {
-        # packages.program = naerskLib.buildPackage {
-        #   pname = "program";
-        #   root = ./.;
-        # };
-        # defaultPackage = packages.program;
         devShell = pkgs.callPackage ./shell.nix {};
       });
 }