From b61e84bbf13a83588f7e3e2bd6c7466d50bda181 Mon Sep 17 00:00:00 2001 From: EkelmansPh <58972933+EkelmansPh@users.noreply.github.com> Date: Fri, 28 Nov 2025 14:11:46 +0100 Subject: [PATCH 1/2] chore: re-enable sonar scanning --- .devcontainer/Dockerfile | 3 +- .github/workflows/static-analysis.yml | 42 +++++++++++++-------------- 2 files changed, 21 insertions(+), 24 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 7b4c7a6..0418bf8 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,3 +1,2 @@ -FROM ghcr.io/philips-software/amp-devcontainer-cpp:v5.1.4@sha256:46239906460dedb3baf3c33d9275f3de4f17d7a237fc136c2013b021589a6dbd - +FROM ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 HEALTHCHECK NONE diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 8bc8c02..a6abdfc 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -18,46 +18,44 @@ jobs: sonar: name: SonarCloud runs-on: ubuntu-latest - container: ghcr.io/philips-software/amp-devcontainer-cpp:5.1.4@sha256:46239906460dedb3baf3c33d9275f3de4f17d7a237fc136c2013b021589a6dbd # 5.1.4 - env: - SONAR_SCANNER_VERSION: 5.0.1.3006 - SONAR_SERVER_URL: "https://sonarcloud.io" + container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 # v6.6.1 steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 # Disable shallow clone to enable blame information persist-credentials: false - - name: Install Sonar Scanner - run: | - wget -qN "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip" - unzip -qqo "sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip" - echo "${PWD}/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> "$GITHUB_PATH" - uses: hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639 # v1.2.20 with: key: ${{ github.job }} max-size: 2G - - name: Build & Collect Coverage + - name: Build for coverage + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 + with: + configurePreset: "coverage" + buildPreset: "coverage" + testPreset: "coverage" + configurePresetAdditionalArgs: "['-DCMAKE_C_COMPILER_LAUNCHER=ccache', '-DCMAKE_CXX_COMPILER_LAUNCHER=ccache']" + env: + GTEST_OUTPUT: "xml:${{ github.workspace }}/testresults/" + - name: Collect coverage run: | - cmake --preset coverage -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache - cmake --build --preset coverage - GTEST_OUTPUT="xml:${PWD}/testresults/" ctest --preset coverage - gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort();' --exclude-unreachable-branches --exclude-throw-branches -j 2 --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.* - - name: Convert Results + gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort\(\);' --exclude-unreachable-branches --exclude-throw-branches -j "$(nproc)" --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.* + - uses: philips-software/sonarqube-issue-conversion@9e9958764ba5fd1d302b039779dc902bedfa4d01 # v1.2.0 + with: + input: ${{ github.workspace }}/testresults/*.xml + output: execution.xml + transformation: gtest-to-generic-execution + - name: Convert results run: | { echo ''; xsltproc .github/formatters/gtest-to-generic-execution.xslt testresults/*.xml; echo ''; } | tee execution.xml > /dev/null cp build/coverage/compile_commands.json compile_commands.json - - name: Run Analysis - # skip the analysis step for dependabot PRs since dependabot does not have access to secrets - if: ${{ false && github.actor != 'dependabot[bot]' }} + - uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 env: - # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: sonar-scanner -D sonar.host.url="${{ env.SONAR_SERVER_URL }}" codeql: name: CodeQL runs-on: ubuntu-latest - container: ghcr.io/philips-software/amp-devcontainer-cpp:5.1.4@sha256:46239906460dedb3baf3c33d9275f3de4f17d7a237fc136c2013b021589a6dbd # 5.1.4 + container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 # v6.6.1 permissions: security-events: write steps: From 797a98dd9e123457d1171d89cfbb695f89680d39 Mon Sep 17 00:00:00 2001 From: EkelmansPh <58972933+EkelmansPh@users.noreply.github.com> Date: Fri, 28 Nov 2025 14:25:42 +0100 Subject: [PATCH 2/2] re-enable the old way --- .github/workflows/static-analysis.yml | 38 +++++++++++++-------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index a6abdfc..e3286f2 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -19,39 +19,39 @@ jobs: name: SonarCloud runs-on: ubuntu-latest container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.6.1@sha256:9ba2d20db24a646edd6ea7a8a075e76239ce63d1542cc823242e680901e792f9 # v6.6.1 + env: + SONAR_SCANNER_VERSION: 5.0.1.3006 + SONAR_SERVER_URL: "https://sonarcloud.io" steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 # Disable shallow clone to enable blame information persist-credentials: false + - name: Install Sonar Scanner + run: | + wget -qN "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip" + unzip -qqo "sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip" + echo "${PWD}/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> "$GITHUB_PATH" - uses: hendrikmuhs/ccache-action@5ebbd400eff9e74630f759d94ddd7b6c26299639 # v1.2.20 with: key: ${{ github.job }} max-size: 2G - - name: Build for coverage - uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 - with: - configurePreset: "coverage" - buildPreset: "coverage" - testPreset: "coverage" - configurePresetAdditionalArgs: "['-DCMAKE_C_COMPILER_LAUNCHER=ccache', '-DCMAKE_CXX_COMPILER_LAUNCHER=ccache']" - env: - GTEST_OUTPUT: "xml:${{ github.workspace }}/testresults/" - - name: Collect coverage + - name: Build & Collect Coverage run: | - gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort\(\);' --exclude-unreachable-branches --exclude-throw-branches -j "$(nproc)" --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.* - - uses: philips-software/sonarqube-issue-conversion@9e9958764ba5fd1d302b039779dc902bedfa4d01 # v1.2.0 - with: - input: ${{ github.workspace }}/testresults/*.xml - output: execution.xml - transformation: gtest-to-generic-execution - - name: Convert results + cmake --preset coverage -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache + cmake --build --preset coverage + GTEST_OUTPUT="xml:${PWD}/testresults/" ctest --preset coverage + gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort();' --exclude-unreachable-branches --exclude-throw-branches -j 2 --exclude=.*/generated/.* --exclude=.*/examples/.* --exclude=.*/tracing/.* --exclude=.*/test/.* + - name: Convert Results run: | { echo ''; xsltproc .github/formatters/gtest-to-generic-execution.xslt testresults/*.xml; echo ''; } | tee execution.xml > /dev/null cp build/coverage/compile_commands.json compile_commands.json - - uses: sonarsource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 + - name: Run Analysis env: + # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: sonar-scanner -D sonar.host.url="${{ env.SONAR_SERVER_URL }}" codeql: name: CodeQL runs-on: ubuntu-latest @@ -73,4 +73,4 @@ jobs: configurePreset: "continuous-integration" buildPreset: "continuous-integration" configurePresetAdditionalArgs: "['-DCMAKE_C_COMPILER_LAUNCHER=ccache', '-DCMAKE_CXX_COMPILER_LAUNCHER=ccache']" - - uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + - uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 \ No newline at end of file