Update rule coverage #1490
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update rule coverage | |
| on: | |
| schedule: | |
| - cron: '17 2 * * *' | |
| workflow_dispatch: # When manually triggered from a non-default branch, the results will not be pushed | |
| jobs: | |
| update_coverage: | |
| runs-on: sonar-runner-large | |
| permissions: | |
| id-token: write # required by SonarSource/vault-action-wrapper | |
| contents: write | |
| actions: write # required by andymckay/cancel-action | |
| env: | |
| TMP_BRANCH: coverage-update | |
| steps: | |
| - name: 'get secrets' | |
| id: secrets | |
| uses: SonarSource/vault-action-wrapper@v3 | |
| with: | |
| secrets: | | |
| development/github/token/SonarSource-rspec-coverage token | coverage_github_token; | |
| development/kv/data/slack token | slack_token; | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: true | |
| fetch-depth: 0 | |
| path: 'rspec' | |
| token: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }} | |
| ref: 'master' | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.12' | |
| - name: 'Install Pipenv' | |
| run: pip install pipenv | |
| - name: 'Install coverage script dependencies' | |
| working-directory: 'rspec/rspec-tools' | |
| run: | | |
| pipenv install | |
| - name: 'Regenerate coverage information' | |
| env: | |
| GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).coverage_github_token }} | |
| id: gen-coverage | |
| working-directory: 'rspec/rspec-tools' | |
| run: | | |
| pipenv run rspec-tools update-coverage --rulesdir ../rules | |
| mv ./covered_rules.json ../frontend/public/covered_rules.json | |
| if git diff --exit-code ../frontend/public/covered_rules.json; then | |
| echo "new_coverage=false" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "new_coverage=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: 'Cancel if coverage did not change' | |
| if: steps.gen-coverage.outputs.new_coverage != 'true' | |
| uses: andymckay/cancel-action@0.2 | |
| - name: 'Push the updated coverage file to the coverage branch' | |
| id: push-to-branch | |
| if: steps.gen-coverage.outputs.new_coverage == 'true' | |
| working-directory: 'rspec' | |
| run: | | |
| git config --global user.name "SonarTech" | |
| git config --global user.email "sonartech@sonarsource.com" | |
| git checkout -b $TMP_BRANCH | |
| git add frontend/public/covered_rules.json | |
| git commit -m "update coverage information" | |
| git push --force-with-lease origin $TMP_BRANCH:$TMP_BRANCH | |
| git push --force-with-lease origin $TMP_BRANCH:dogfood/$TMP_BRANCH | |
| - name: 'Notify on slack about the failure' | |
| if: ${{ failure() }} | |
| env: | |
| SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }} | |
| working-directory: 'rspec/rspec-tools' | |
| run: | | |
| pipenv run rspec-tools notify-failure-on-slack \ | |
| --message "ERROR: failed to update rule coverage. See https://github.com/SonarSource/rspec/actions/runs/$GITHUB_RUN_ID" \ | |
| --channel team-analysis-rspec |