Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ENH: add sonar configuration #162

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ENH: add sonar configuration #162

wants to merge 2 commits into from

Conversation

fedorov
Copy link
Member

@fedorov fedorov commented Nov 27, 2024

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 27, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@fedorov
Copy link
Member Author

fedorov commented Nov 27, 2024

@igoroctaviano @pedrokohler I can't figure out why SONAR_TOKEN is empty inside the action workflow... Any ideas?

@pedrokohler
Copy link
Collaborator

@igoroctaviano @pedrokohler I can't figure out why SONAR_TOKEN is empty inside the action workflow... Any ideas?

I don't have access to this link https://sonarcloud.io/project/configuration/GitHubActions?id=ImagingDataCommons_dicom-microscopy-viewer... it redirects to https://sonarcloud.io/summary/new_code?id=ImagingDataCommons_dicom-microscopy-viewer so I can't tell what are the instructions there to be able to help you effectively.

However I'm curious... what happens if you remove this?
image

@igoroctaviano
Copy link
Collaborator

@igoroctaviano @pedrokohler I can't figure out why SONAR_TOKEN is empty inside the action workflow... Any ideas?

@igoroctaviano @pedrokohler I can't figure out why SONAR_TOKEN is empty inside the action workflow... Any ideas?

Try:

  - name: Check SONAR_TOKEN
    run: echo "SONAR_TOKEN length is $(echo -n $SONAR_TOKEN | wc -c)"
    env:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

@fedorov
Copy link
Member Author

fedorov commented Nov 28, 2024

@igoroctaviano no difference. It's as if the action does not have access to the secret.

image

@fedorov
Copy link
Member Author

fedorov commented Nov 28, 2024

However I'm curious... what happens if you remove this?

@pedrokohler that is just a printout to test whether that secret is accessible at all. If it prints out 0, it means there is no access. Removing it will just remove the ability to debug.

@igoroctaviano
Copy link
Collaborator

@fedorov a different env declaration is:

name: Build
permissions:
  contents: read
  pull-requests: read

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

on:
  push:
    branches:
      - master
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  sonarcloud:
    name: SonarQube Cloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
          
      - name: Check SONAR_TOKEN
        run: echo "SONAR_TOKEN length is $(echo -n $SONAR_TOKEN | wc -c)"
        
      - name: Install dependencies
        run: yarn
        
      - name: Test and coverage
        run: yarn jest --coverage
        
      - name: SonarQube Cloud Scan
        uses: SonarSource/sonarcloud-github-action@master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igoroctaviano igoroctaviano Awaiting requested review from igoroctaviano

@pedrokohler pedrokohler Awaiting requested review from pedrokohler

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fedorov @pedrokohler @igoroctaviano