Merge pull request #966 from research-software-directory/965-sonarclo…

…ud-improvements

Improve SonarCloud actions

.github/workflows/authentication_tests.yml

@@ -0,0 +1,49 @@
+# SPDX-FileCopyrightText: 2022 - 2023 Ewan Cahen (Netherlands eScience Center) <[email protected]>
+# SPDX-FileCopyrightText: 2022 - 2023 Netherlands eScience Center
+# SPDX-FileCopyrightText: 2022 Dusan Mijatovic (dv4all)
+# SPDX-FileCopyrightText: 2022 dv4all
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: authentication tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "authentication/**"
+  pull_request:
+    paths:
+      - "authentication/**"
+
+jobs:
+  authentication-tests:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: "Maven JUnit tests and JaCoCo test report"
+        working-directory: authentication
+        run: |
+          JAVA_HOME=$JAVA_HOME_17_X64 mvn verify
+      - name: SonarCloud Scan authentication
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        working-directory: authentication
+        run: JAVA_HOME=$JAVA_HOME_17_X64 mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=nl.research-software:authentication -Pcoverage

.github/workflows/database_scan.yml

@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: 2023 Ewan Cahen (Netherlands eScience Center) <[email protected]>
+# SPDX-FileCopyrightText: 2023 Netherlands eScience Center
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: database scan
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "database/**"
+  pull_request:
+    paths:
+      - "database/**"
+
+jobs:
+  build:
+    name: Build and analyse with SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: SonarCloud Scan database
+        uses: sonarsource/sonarcloud-github-action@master
+        with:
+          projectBaseDir: database
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/frontend_tests.yml

@@ -1,6 +1,7 @@
 # SPDX-FileCopyrightText: 2022 - 2023 Dusan Mijatovic (dv4all)
 # SPDX-FileCopyrightText: 2022 - 2023 dv4all
 # SPDX-FileCopyrightText: 2023 Dusan Mijatovic (Netherlands eScience Center)
+# SPDX-FileCopyrightText: 2023 Ewan Cahen (Netherlands eScience Center) <[email protected]>
 # SPDX-FileCopyrightText: 2023 Netherlands eScience Center
 #
 # SPDX-License-Identifier: Apache-2.0
@@ -23,6 +24,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: "install node v18.5 and cash yarn"
         uses: actions/setup-node@v3
         with:
@@ -38,6 +41,19 @@ jobs:
       - name: "run unit test"
         working-directory: frontend
         run: yarn test:coverage
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: SonarCloud Scan frontend
+        uses: sonarsource/sonarcloud-github-action@master
+        with:
+          projectBaseDir: frontend
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: "run build test"
         working-directory: frontend
         run: yarn build

.github/workflows/scrapers_tests.yml

@@ -1,13 +1,19 @@
+# SPDX-FileCopyrightText: 2022 - 2023 Ewan Cahen (Netherlands eScience Center) <[email protected]>
+# SPDX-FileCopyrightText: 2022 - 2023 Netherlands eScience Center
 # SPDX-FileCopyrightText: 2022 Dusan Mijatovic (dv4all)
-# SPDX-FileCopyrightText: 2022 Ewan Cahen (Netherlands eScience Center) <[email protected]>
-# SPDX-FileCopyrightText: 2022 Netherlands eScience Center
 # SPDX-FileCopyrightText: 2022 dv4all
 #
 # SPDX-License-Identifier: Apache-2.0
 
 name: scrapers tests
 
 on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "scrapers/**"
   pull_request:
     paths:
       - "scrapers/**"
@@ -17,8 +23,27 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
-      - name: "Maven JUnit tests"
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: "Maven JUnit tests and JaCoCo test report"
         working-directory: scrapers
         run: |
-          JAVA_HOME=$JAVA_HOME_17_X64 mvn test
-
+          JAVA_HOME=$JAVA_HOME_17_X64 mvn verify
+      - name: SonarCloud Scan scrapers
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        working-directory: scrapers
+        run: JAVA_HOME=$JAVA_HOME_17_X64 mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=nl.research-software:scrapers -Pcoverage

authentication/pom.xml

@@ -63,6 +63,32 @@ SPDX-License-Identifier: Apache-2.0
 				<artifactId>maven-surefire-plugin</artifactId>
 				<version>3.0.0-M6</version>
 			</plugin>
+
+			<!-- https://docs.sonarcloud.io/enriching/test-coverage/java-test-coverage/ -->
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+				<version>0.8.10</version>
+				<executions>
+					<execution>
+						<id>prepare-agent</id>
+						<goals>
+							<goal>prepare-agent</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>report</id>
+						<goals>
+							<goal>report</goal>
+						</goals>
+						<configuration>
+							<formats>
+								<format>XML</format>
+							</formats>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 

frontend/package.json

@@ -12,6 +12,7 @@
     "test": "jest",
     "test:watch": "jest --watch --detectOpenHandles",
     "test:coverage": "jest --coverage",
+    "test:coveragememlimit": "jest --coverage --workerIdleMemoryLimit=0.1 --maxWorkers=2",
     "test:memory": "node --expose-gc ./node_modules/.bin/jest --logHeapUsage",
     "test:inspect": "node --inspect-brk --expose-gc ./node_modules/.bin/jest --logHeapUsage",
     "test:memlimit": "jest --workerIdleMemoryLimit=0.1 --maxWorkers=2"

frontend/package.json.license

@@ -1,8 +1,9 @@
 SPDX-FileCopyrightText: 2021 - 2023 Dusan Mijatovic (dv4all)
 SPDX-FileCopyrightText: 2021 - 2023 dv4all
+SPDX-FileCopyrightText: 2022 - 2023 Netherlands eScience Center
 SPDX-FileCopyrightText: 2022 Jesús García Gonzalez (Netherlands eScience Center) <[email protected]>
-SPDX-FileCopyrightText: 2022 Netherlands eScience Center
 SPDX-FileCopyrightText: 2023 Dusan Mijatovic (dv4all) (dv4all)
+SPDX-FileCopyrightText: 2023 Ewan Cahen (Netherlands eScience Center) <[email protected]>
 
 SPDX-License-Identifier: Apache-2.0
 SPDX-License-Identifier: CC-BY-4.0

frontend/sonar-project.properties

@@ -16,3 +16,6 @@ sonar.organization=research-software-directory
 
 # Encoding of the source code. Default is default system encoding
 #sonar.sourceEncoding=UTF-8
+
+# Test coverage report, see https://docs.sonarcloud.io/enriching/test-coverage/javascript-typescript-test-coverage/
+sonar.javascript.lcov.reportPaths=./coverage/lcov.info

scrapers/pom.xml

@@ -63,6 +63,32 @@ SPDX-License-Identifier: Apache-2.0
 				<artifactId>maven-surefire-plugin</artifactId>
 				<version>3.0.0-M6</version>
 			</plugin>
+
+			<!-- https://docs.sonarcloud.io/enriching/test-coverage/java-test-coverage/ -->
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+				<version>0.8.10</version>
+				<executions>
+					<execution>
+						<id>prepare-agent</id>
+						<goals>
+							<goal>prepare-agent</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>report</id>
+						<goals>
+							<goal>report</goal>
+						</goals>
+						<configuration>
+							<formats>
+								<format>XML</format>
+							</formats>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>