From b61e84bbf13a83588f7e3e2bd6c7466d50bda181 Mon Sep 17 00:00:00 2001
From: EkelmansPh <58972933+EkelmansPh@users.noreply.github.com>
Date: Fri, 28 Nov 2025 14:11:46 +0100
Subject: [PATCH 1/2] chore: re-enable sonar scanning
---
.devcontainer/Dockerfile | 3 +-
.github/workflows/static-analysis.yml | 42 +++++++++++++--------------
2 files changed, 21 insertions(+), 24 deletions(-)
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 7b4c7a6..0418bf8 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,3 +1,2 @@
-FROM ghcr.io/philips-software/amp-devcontainer-cpp:v5.1.4@sha256:46239906460dedb3baf3c33d9275f3de4f17d7a237fc136c2013b021589a6dbd
-
+FROM ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9
HEALTHCHECK NONE
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index 8bc8c02..a6abdfc 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -18,46 +18,44 @@ jobs:
sonar:
name: SonarCloud
runs-on: ubuntu-latest
- container: ghcr.io/philips-software/amp-devcontainer-cpp:5.1.4@sha256:46239906460dedb3baf3c33d9275f3de4f17d7a237fc136c2013b021589a6dbd # 5.1.4
- env:
- SONAR_SCANNER_VERSION: 5.0.1.3006
- SONAR_SERVER_URL: "https://sonarcloud.io"
+ container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 # v6.6.1
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
fetch-depth: 0 # Disable shallow clone to enable blame information
persist-credentials: false
- - name: Install Sonar Scanner
- run: |
- wget -qN "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip"
- unzip -qqo "sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip"
- echo "${PWD}/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> "$GITHUB_PATH"
- uses: hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639 # v1.2.20
with:
key: ${{ github.job }}
max-size: 2G
- - name: Build & Collect Coverage
+ - name: Build for coverage
+ uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
+ with:
+ configurePreset: "coverage"
+ buildPreset: "coverage"
+ testPreset: "coverage"
+ configurePresetAdditionalArgs: "['-DCMAKE_C_COMPILER_LAUNCHER=ccache', '-DCMAKE_CXX_COMPILER_LAUNCHER=ccache']"
+ env:
+ GTEST_OUTPUT: "xml:${{ github.workspace }}/testresults/"
+ - name: Collect coverage
run: |
- cmake --preset coverage -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
- cmake --build --preset coverage
- GTEST_OUTPUT="xml:${PWD}/testresults/" ctest --preset coverage
- gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort();' --exclude-unreachable-branches --exclude-throw-branches -j 2 --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.*
- - name: Convert Results
+ gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort\(\);' --exclude-unreachable-branches --exclude-throw-branches -j "$(nproc)" --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.*
+ - uses: philips-software/sonarqube-issue-conversion@9e9958764ba5fd1d302b039779dc902bedfa4d01 # v1.2.0
+ with:
+ input: ${{ github.workspace }}/testresults/*.xml
+ output: execution.xml
+ transformation: gtest-to-generic-execution
+ - name: Convert results
run: |
{ echo ''; xsltproc .github/formatters/gtest-to-generic-execution.xslt testresults/*.xml; echo ''; } | tee execution.xml > /dev/null
cp build/coverage/compile_commands.json compile_commands.json
- - name: Run Analysis
- # skip the analysis step for dependabot PRs since dependabot does not have access to secrets
- if: ${{ false && github.actor != 'dependabot[bot]' }}
+ - uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
env:
- # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- run: sonar-scanner -D sonar.host.url="${{ env.SONAR_SERVER_URL }}"
codeql:
name: CodeQL
runs-on: ubuntu-latest
- container: ghcr.io/philips-software/amp-devcontainer-cpp:5.1.4@sha256:46239906460dedb3baf3c33d9275f3de4f17d7a237fc136c2013b021589a6dbd # 5.1.4
+ container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 # v6.6.1
permissions:
security-events: write
steps:
From 797a98dd9e123457d1171d89cfbb695f89680d39 Mon Sep 17 00:00:00 2001
From: EkelmansPh <58972933+EkelmansPh@users.noreply.github.com>
Date: Fri, 28 Nov 2025 14:25:42 +0100
Subject: [PATCH 2/2] re-enable the old way
---
.github/workflows/static-analysis.yml | 38 +++++++++++++--------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index a6abdfc..e3286f2 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -19,39 +19,39 @@ jobs:
name: SonarCloud
runs-on: ubuntu-latest
container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 # v6.6.1
+ env:
+ SONAR_SCANNER_VERSION: 5.0.1.3006
+ SONAR_SERVER_URL: "https://sonarcloud.io"
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
fetch-depth: 0 # Disable shallow clone to enable blame information
persist-credentials: false
+ - name: Install Sonar Scanner
+ run: |
+ wget -qN "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip"
+ unzip -qqo "sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip"
+ echo "${PWD}/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> "$GITHUB_PATH"
- uses: hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639 # v1.2.20
with:
key: ${{ github.job }}
max-size: 2G
- - name: Build for coverage
- uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
- with:
- configurePreset: "coverage"
- buildPreset: "coverage"
- testPreset: "coverage"
- configurePresetAdditionalArgs: "['-DCMAKE_C_COMPILER_LAUNCHER=ccache', '-DCMAKE_CXX_COMPILER_LAUNCHER=ccache']"
- env:
- GTEST_OUTPUT: "xml:${{ github.workspace }}/testresults/"
- - name: Collect coverage
+ - name: Build & Collect Coverage
run: |
- gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort\(\);' --exclude-unreachable-branches --exclude-throw-branches -j "$(nproc)" --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.*
- - uses: philips-software/sonarqube-issue-conversion@9e9958764ba5fd1d302b039779dc902bedfa4d01 # v1.2.0
- with:
- input: ${{ github.workspace }}/testresults/*.xml
- output: execution.xml
- transformation: gtest-to-generic-execution
- - name: Convert results
+ cmake --preset coverage -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
+ cmake --build --preset coverage
+ GTEST_OUTPUT="xml:${PWD}/testresults/" ctest --preset coverage
+ gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort();' --exclude-unreachable-branches --exclude-throw-branches -j 2 --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.*
+ - name: Convert Results
run: |
{ echo ''; xsltproc .github/formatters/gtest-to-generic-execution.xslt testresults/*.xml; echo ''; } | tee execution.xml > /dev/null
cp build/coverage/compile_commands.json compile_commands.json
- - uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
+ - name: Run Analysis
env:
+ # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ run: sonar-scanner -D sonar.host.url="${{ env.SONAR_SERVER_URL }}"
codeql:
name: CodeQL
runs-on: ubuntu-latest
@@ -73,4 +73,4 @@ jobs:
configurePreset: "continuous-integration"
buildPreset: "continuous-integration"
configurePresetAdditionalArgs: "['-DCMAKE_C_COMPILER_LAUNCHER=ccache', '-DCMAKE_CXX_COMPILER_LAUNCHER=ccache']"
- - uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
+ - uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
\ No newline at end of file