diff options
author | 2021-11-21 17:20:32 +0100 | |
---|---|---|
committer | 2021-11-21 18:16:44 +0100 | |
commit | e1ffa041414eb80d1abe26daf282d2532f599be9 (patch) | |
tree | a3b8cdd4ce94fbd7f5ed147db1d1757a42f21e57 /.github/workflows/build.yml | |
parent | chore: remove MANIFEST.MF (diff) | |
download | refinery-e1ffa041414eb80d1abe26daf282d2532f599be9.tar.gz refinery-e1ffa041414eb80d1abe26daf282d2532f599be9.tar.zst refinery-e1ffa041414eb80d1abe26daf282d2532f599be9.zip |
ci: make sonar analysis conditional
Check for the presence of the secret directly (instead of whether we're
in a pull request) for a more robust CI.
We check the secret according to
https://github.community/t/how-can-i-test-if-secrets-are-available-in-an-action/17911
To determine the clone depth (deep for sonar analysis, shallow
otherwise) we use the "fake ternary" method from
https://github.community/t/do-expressions-support-ternary-operators-to-change-their-returned-value/18114
Diffstat (limited to '.github/workflows/build.yml')
-rw-r--r-- | .github/workflows/build.yml | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c2893a9..de55ffcf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -2,7 +2,8 @@ name: Build | |||
2 | on: | 2 | on: |
3 | push: | 3 | push: |
4 | branches: | 4 | branches: |
5 | - main | 5 | - '**' |
6 | - '!gh-pages' | ||
6 | pull_request: | 7 | pull_request: |
7 | types: [opened, synchronize, reopened] | 8 | types: [opened, synchronize, reopened] |
8 | jobs: | 9 | jobs: |
@@ -10,10 +11,16 @@ jobs: | |||
10 | name: Build | 11 | name: Build |
11 | runs-on: ubuntu-latest | 12 | runs-on: ubuntu-latest |
12 | steps: | 13 | steps: |
14 | - name: Check for Sonar secret | ||
15 | id: check-secret | ||
16 | env: | ||
17 | SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
18 | run: | | ||
19 | echo "::set-output name=is_SONAR_TOKEN_set::${{ env.SONAR_TOKEN != '' }}" | ||
13 | - name: Checkout code | 20 | - name: Checkout code |
14 | uses: actions/checkout@v2 | 21 | uses: actions/checkout@v2 |
15 | with: | 22 | with: |
16 | fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of SonarCloud analysis | 23 | fetch-depth: ${{ !steps.check-secret.is_SONAR_TOKEN_set && 1 || 0 }} # Shallow clones should be disabled for a better relevancy of SonarCloud analysis |
17 | - name: Set up JDK 17 | 24 | - name: Set up JDK 17 |
18 | uses: actions/setup-java@v1 | 25 | uses: actions/setup-java@v1 |
19 | with: | 26 | with: |
@@ -27,11 +34,13 @@ jobs: | |||
27 | restore-keys: ${{ runner.os }}-gradle | 34 | restore-keys: ${{ runner.os }}-gradle |
28 | - name: Cache Sonar packages | 35 | - name: Cache Sonar packages |
29 | uses: actions/cache@v2 | 36 | uses: actions/cache@v2 |
37 | if: ${{ steps.check-secret.is_SONAR_TOKEN_set }} | ||
30 | with: | 38 | with: |
31 | path: ~/.sonar/cache | 39 | path: | |
40 | ~/.sonar/cache | ||
32 | key: ${{ runner.os }}-sonar | 41 | key: ${{ runner.os }}-sonar |
33 | restore-keys: ${{ runner.os }}-sonar | 42 | restore-keys: ${{ runner.os }}-sonar |
34 | - name: Cache yarn packages | 43 | - name: Cache node distribution |
35 | uses: actions/cache@v2 | 44 | uses: actions/cache@v2 |
36 | with: | 45 | with: |
37 | path: | | 46 | path: | |
@@ -45,12 +54,14 @@ jobs: | |||
45 | **/.yarn/cache | 54 | **/.yarn/cache |
46 | key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | 55 | key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} |
47 | restore-keys: ${{ runner.os }}-yarn | 56 | restore-keys: ${{ runner.os }}-yarn |
57 | - name: Gradle build | ||
58 | if: ${{ !steps.check-secret.is_SONAR_TOKEN_set }} | ||
59 | run: | | ||
60 | ./gradlew build -Pci --info | ||
48 | - name: Gradle build and Sonar analyze | 61 | - name: Gradle build and Sonar analyze |
49 | if: ${{ github.event_name != 'pull_request' }} | 62 | if: ${{ steps.check-secret.is_SONAR_TOKEN_set }} |
50 | env: | 63 | env: |
51 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any | 64 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed by Sonar to get PR information, if any |
52 | SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | 65 | SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
53 | run: ./gradlew build sonarqube -Pci --info | 66 | run: | |
54 | - name: Gradle build for pull request | 67 | ./gradlew build sonarqube -Pci --info |
55 | if: ${{ github.event_name == 'pull_request' }} | ||
56 | run: ./gradlew build --info | ||