From d3d141eb0e37bb1243c762170a46b5dd31c2a3e3 Mon Sep 17 00:00:00 2001
From: Alberto Codutti <alberto.codutti@eurotech.com>
Date: Fri, 13 Dec 2024 14:58:23 +0100
Subject: [PATCH] :fire: [Build] Removed Sonar analysis GitHub Actions - CWE-94
Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
---
.github/workflows/prNumberUploader.yaml | 19 --------
.github/workflows/sonarCloud-scan.yaml | 63 -------------------------
2 files changed, 82 deletions(-)
delete mode 100644 .github/workflows/prNumberUploader.yaml
delete mode 100644 .github/workflows/sonarCloud-scan.yaml
diff --git a/.github/workflows/prNumberUploader.yaml b/.github/workflows/prNumberUploader.yaml
deleted file mode 100644
index a99b7774bbc..00000000000
--- a/.github/workflows/prNumberUploader.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: pr-number-uploader
-on: [pull_request] # Triggers the workflow on pull request events
-
-#this workflow is used for the sonarCloud scan.
-#It saves into an artifact the pull request number.
-#In this way, then, the sonarCloud workflow (which is executed externally with respect to the context of the pr) retrieves it and performs the scan
-
-jobs:
- uploader:
- runs-on: ubuntu-latest
- timeout-minutes: 5
- steps:
- - name: Save PR number to file for the sonarCloud scan
- run: echo ${{ github.event.number }} > PR_NUMBER.txt
- - name: Archive PR number
- uses: actions/upload-artifact@v3
- with:
- name: PR_NUMBER
- path: PR_NUMBER.txt
diff --git a/.github/workflows/sonarCloud-scan.yaml b/.github/workflows/sonarCloud-scan.yaml
deleted file mode 100644
index cda479f7103..00000000000
--- a/.github/workflows/sonarCloud-scan.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-name: Sonar
-
-on:
- workflow_run:
- workflows: [ pr-number-uploader ]
- types: [ completed ]
-
-jobs:
- sonar:
- name: Scan code with sonarCould
- runs-on: ubuntu-latest
- if: ${{ github.event.workflow_run.conclusion == 'success' }}
- steps:
- - name: Download PR number artifact
- uses: dawidd6/action-download-artifact@v2
- with:
- workflow: prNumberUploader.yaml
- run_id: ${{ github.event.workflow_run.id }}
- name: PR_NUMBER
- - name: Read PR_NUMBER.txt
- id: pr_number
- uses: juliangruber/read-file-action@v1
- with:
- path: ./PR_NUMBER.txt
- - name: Request GitHub API for PR data
- uses: octokit/request-action@v2.x
- id: get_pr_data
- with:
- route: GET /repos/{full_name}/pulls/{number}
- number: ${{ steps.pr_number.outputs.content }}
- full_name: ${{ github.event.repository.full_name }}
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Checkout into the pr's branch
- uses: actions/checkout@v4
- with:
- repository: ${{ github.event.workflow_run.head_repository.full_name }}
- ref: ${{ github.event.workflow_run.head_branch }}
- fetch-depth: 0
- - name: Fetch base branch from upstream #step needed to calculate the "new lines of code metric" for the scan. Basically, the idea is to synch. with the base branch on the upstream because the fork could be not synched with it
- run: |
- git remote add upstream ${{ github.event.repository.clone_url }}
- git fetch upstream
- git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
- git checkout ${{ github.event.workflow_run.head_branch }}
- git clean -ffdx && git reset --hard HEAD
- - uses: actions/setup-java@v4
- with:
- distribution: 'zulu'
- java-version: 11
- - name: SonarCloud Scan
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- run: mvn -B compile org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- -Dsonar.projectKey=org.eclipse_kapua
- -Dsonar.organization=eclipse
- -Dsonar.host.url=https://sonarcloud.io
- -Dsonar.pullrequest.provider=github
- -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
- -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }}
- -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }}
- -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
\ No newline at end of file