Improve GHA (#31)

* rename GHA actions * migrate sonar to GHA * fix GHA names * format GHA files
opentibiabr · May 21, 2021 · 2bb0288 · 2bb0288
1 parent 24cec5b
commit 2bb0288
Show file tree

Hide file tree

Showing 16 changed files with 401 additions and 265 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -24,6 +24,6 @@ indent_style = tab
 indent_size = 2
 
 # YAML, JSON, SQL
-[*.{yml,yaml,json, sql}]
+[*.{yml,yaml,yamllint,json,sql}]
 indent_style = space
 indent_size = 2
diff --git a/.github/workflows/codacy-analysis.yml → .github/workflows/analysis-codacy.yml b/.github/workflows/codacy-analysis.yml → .github/workflows/analysis-codacy.yml
@@ -1,15 +1,13 @@
 ---
-
-name: Codacy Security Scan
+name: Analysis - Codacy Security Scan
 
 on: [push, pull_request]
 
 jobs:
-  codacy-security-scan:
+  codacy:
     name: Codacy Security Scan
     runs-on: ubuntu-latest
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v2
 
@@ -23,7 +21,7 @@ jobs:
           gh-code-scanning-compat: true
           max-allowed-issues: 2147483647
 
-      - name: Upload SARIF results file
+      - name: Upload SARIF results file>
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/analysis-codeql.yml b/.github/workflows/analysis-codeql.yml
@@ -0,0 +1,71 @@
+---
+name: Analysis - CodeQL
+
+on: [push, pull_request]
+
+env:
+  VCPKG_BUILD_TYPE: release
+  CMAKE_BUILD_PARALLEL_LEVEL: 2
+  MAKEFLAGS: '-j 2'
+  NODE_OPTIONS: ' --max-old-space-size=8192 '
+
+jobs:
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['cpp', 'python']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Install Linux Dependencies
+        if: ${{ matrix.language == 'cpp' }}
+        run: >
+          sudo apt-get update && sudo apt-get install ccache build-essential
+          libluajit-5.1-dev zip
+
+      - name: CCache
+        id: ccache
+        uses: actions/cache@v2
+        with:
+          path: /home/runner/.ccache
+          key: ccache-${{ runner.os }}-RelWithDebInfo-${{ hashFiles('**/src') }}
+          restore-keys: |
+            ccache-${{ runner.os }}-RelWithDebInfo-
+            ccache-${{ runner.os }}-
+
+      - name: Restore artifacts, or setup vcpkg (do not install any package)
+        if: ${{ matrix.language == 'cpp' }}
+        uses: lukka/run-vcpkg@v7
+        with:
+          setupOnly: true
+          vcpkgDirectory: ${{ github.workspace }}/vcpkg
+          appendedCacheKey: ${{ hashFiles( '**/vcpkg.json' ) }}
+          vcpkgTriplet: x64-linux
+          additionalCachedPaths: ${{ github.workspace }}/build/vcpkg_installed
+          vcpkgGitCommitId: b9cd2a7958dec657fb869ec487d2a98cf39a8d48
+
+      - name: Get latest CMake and ninja
+        uses: lukka/get-cmake@latest
+
+      - name: Run CMake
+        if: ${{ matrix.language == 'cpp' }}
+        uses: lukka/run-cmake@v3
+        with:
+          cmakeListsTxtPath: ${{ github.workspace }}/CMakeLists.txt
+          useVcpkgToolchainFile: true
+          buildDirectory: ${{ github.workspace }}/build/
+          cmakeBuildType: RelWithDebInfo
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/analysis-reviewdog.yml b/.github/workflows/analysis-reviewdog.yml
@@ -0,0 +1,164 @@
+---
+name: Analysis - Review Dog
+on: [pull_request]
+jobs:
+
+  cppcheck:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: Setup reviewdog
+        uses: reviewdog/action-setup@v1
+
+      - name: Setup cppcheck
+        run: sudo apt-get update && sudo apt-get install -y cppcheck
+
+      - name: cppcheck
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cd ${{ runner.workspace }}/canary
+          cppcheck --version
+          reviewdog -reporter=github-pr-review -runners=cppcheck
+
+  cpplint:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: cpplint
+        uses: reviewdog/action-cpplint@master
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-review
+          flags: --linelength=120
+          filter: "-build/c++14\
+            ,-build/include\
+            ,-build/include_subdir\
+            ,-build/include_alpha\
+            ,-build/include_order\
+            ,-build/include_what_you_use\
+            ,-build/namespaces\
+            ,-readability/braces\
+            ,-readability/casting\
+            ,-readability/namespace\
+            ,-readability/todo\
+            ,-runtime/int\
+            ,-runtime/references\
+            ,-whitespace/blank_line\
+            ,-whitespace/braces\
+            ,-whitespace/comments\
+            ,-whitespace/empty_conditional_body\
+            ,-whitespace/empty_if_body\
+            ,-whitespace/empty_loop_body\
+            ,-whitespace/end_of_line\
+            ,-whitespace/ending_newline\
+            ,-whitespace/forcolon\
+            ,-whitespace/indent\
+            ,-whitespace/line_length\
+            ,-whitespace/newline\
+            ,-whitespace/operators\
+            ,-whitespace/parens
+            "
+
+  luac:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: Setup reviewdog
+        uses: reviewdog/action-setup@v1
+
+      - name: Setup Lua/Luacheck
+        run: sudo apt-get update && sudo apt-get install -y lua5.1 liblua5.1-0-dev lua-check
+
+      - name: luac
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cd ${{ runner.workspace }}/canary
+          luac -v
+          reviewdog -reporter=github-pr-review -runners=luac
+
+  luacheck:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: Setup reviewdog
+        uses: reviewdog/action-setup@v1
+
+      - name: Setup Lua/Luacheck
+        run: sudo apt-get update && sudo apt-get install -y lua5.1 liblua5.1-0-dev lua-check
+
+      - name: luacheck
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          luacheck --version
+          cd ${{ runner.workspace }}/canary
+          reviewdog -reporter=github-pr-review -runners=luacheck
+
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: shellcheck
+        uses: reviewdog/action-shellcheck@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-review
+          pattern: '*.sh'
+          exclude: './.git/*'
+
+  xmllint:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: Setup reviewdog
+        uses: reviewdog/action-setup@v1
+
+      - name: Setup xmllint
+        run: sudo apt-get update && sudo apt-get install -y libxml2-utils
+
+      - name: xmllint
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cd ${{ runner.workspace }}/canary
+          xmllint --version
+          reviewdog -reporter=github-pr-review -runners=xmllint
+
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code.
+        uses: actions/checkout@master
+
+      - name: Run yamllint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-review
+
+      - name: Run yamllint
+        uses: reviewdog/action-yamllint@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-review
diff --git a/.github/workflows/analysis-sonarcloud.yml b/.github/workflows/analysis-sonarcloud.yml
@@ -0,0 +1,74 @@
+---
+name: Analysis - SonarCloud
+
+on: [push, pull_request]
+
+env:
+  VCPKG_BUILD_TYPE: release
+  CMAKE_BUILD_PARALLEL_LEVEL: 2
+  MAKEFLAGS: '-j 2'
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Linux Dependencies
+        run: >
+          sudo apt-get update && sudo apt-get install ccache build-essential
+          libluajit-5.1-dev zip
+
+      - name: CCache
+        id: ccache
+        uses: actions/cache@v2
+        with:
+          path: /home/runner/.ccache
+          key: ccache-${{ runner.os}}-${{ matrix.buildtype }}-${{ hashFiles('**/src') }}
+          restore-keys: |
+            ccache-${{ runner.os}}-${{ matrix.buildtype }}-
+            ccache-${{ runner.os}}-
+
+      - name: Sonar cache
+        uses: actions/[email protected]
+        with:
+          path: /home/runner/.cfamily
+          key: sonar-${{ runner.os}}-${{ matrix.buildtype }}-${{ hashFiles('**/src') }}
+          restore-keys: |
+            sonar-${{ runner.os}}-${{ matrix.buildtype }}-
+            sonar-${{ runner.os}}-
+
+      - name: Restore artifacts, or setup vcpkg (do not install any package)
+        uses: lukka/run-vcpkg@v7
+        with:
+          setupOnly: true
+          vcpkgDirectory: '${{ github.workspace }}/vcpkg'
+          appendedCacheKey: ${{ hashFiles( '**/vcpkg.json' ) }}
+          vcpkgTriplet: ${{ matrix.triplet }}
+          additionalCachedPaths: ${{ github.workspace }}/build/vcpkg_installed
+          vcpkgGitCommitId: b9cd2a7958dec657fb869ec487d2a98cf39a8d48
+
+      - name: Prepare Sonar scanner
+        run: |
+          wget -nv https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip
+          unzip -q sonar-scanner-cli-4.6.0.2311-linux.zip
+          echo "${PWD}/sonar-scanner-4.6.0.2311-linux/bin/" >> $GITHUB_PATH
+          wget -nv https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
+          unzip -q build-wrapper-linux-x86.zip
+          echo "${PWD}/build-wrapper-linux-x86" >> $GITHUB_PATH
+
+      - name: SonarCloud Scan
+        run: |
+          NUMBER_OF_PROCESSORS=$(nproc --all)
+          mkdir -p build
+          cd build
+          cmake -DCMAKE_TOOLCHAIN_FILE=$VCPKG_ROOT/scripts/buildsystems/vcpkg.cmake ..
+          cd ..
+          build-wrapper-linux-x86-64 --out-dir bw-output cmake --build build/
+          sonar-scanner -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=opentibiabr -Dsonar.login=$SONAR_TOKEN -Dsonar.cfamily.threads=${NUMBER_OF_PROCESSORS} -Dsonar.cfamily.cache.enabled=true -Dsonar.cfamily.cache.path=$HOME/.cfamily
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}