Skip to content

Bump SonarSource/sonarqube-scan-action from 6.0.0 to 8.0.0 #1006

Bump SonarSource/sonarqube-scan-action from 6.0.0 to 8.0.0

Bump SonarSource/sonarqube-scan-action from 6.0.0 to 8.0.0 #1006

Workflow file for this run

name: "Pytest tests"
on:
push:
branches: ["devel"]
pull_request:
branches: ["devel"]
# Explicitly set read-only permissions for security
permissions:
contents: read
jobs:
pytest:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: metrics_service
POSTGRES_USER: metrics_service
POSTGRES_PASSWORD: metrics_service
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- name: "Checkout repository"
uses: actions/checkout@v6
with:
# Explicitly checkout the PR HEAD (not the GitHub-created merge commit) so that
# coverage.xml line numbers match exactly what sonar_checks.yml checks out via
# `gh pr checkout`. Without this, files modified in devel after the PR was branched
# will have different line counts between the coverage and the sonar scan.
ref: ${{ github.event.pull_request.head.sha || github.sha }}
fetch-depth: 0
- name: "Install uv"
uses: astral-sh/setup-uv@v7
- name: "Set up Python"
uses: actions/setup-python@v6
with:
python-version-file: "pyproject.toml"
- name: "Remove stale coverage report"
run: rm -f coverage.xml .coverage
- name: "Run pytest"
env:
METRICS_SERVICE_DATABASES__default__HOST: localhost
METRICS_SERVICE_DATABASES__default__PORT: 5432
METRICS_SERVICE_DATABASES__default__USER: metrics_service
METRICS_SERVICE_DATABASES__default__PASSWORD: metrics_service
METRICS_SERVICE_DATABASES__default__NAME: metrics_service
METRICS_SERVICE_DATABASES__default__OPTIONS__sslmode: disable
METRICS_SERVICE_DATABASES__awx__HOST: "127.0.0.1"
METRICS_SERVICE_DATABASES__awx__PASSWORD: mypassword
DJANGO_SETTINGS_MODULE: metrics_service.settings
METRICS_SERVICE_MODE: test
run: |
uv run pytest -s -v --cov --cov-report=xml
- name: "Upload code coverage report"
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@v7
with:
name: coverage-report
path: coverage.xml
- name: "Save off PR number"
if: github.event_name == 'pull_request'
env:
PR_NUM: ${{ github.event.pull_request.number }}
run: echo "PR $PR_NUM" > pr_number.txt
- name: "Upload PR number"
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@v7
with:
name: pr_number
path: pr_number.txt
- name: "Send code coverage report to SonarCloud (on push)"
if: github.event_name == 'push'
uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432
env:
SONAR_HOST_URL: https://sonarcloud.io
SONAR_ORGANIZATION: ansible
SONAR_PROJECT_KEY: ansible_metrics-service
SONAR_TOKEN: ${{ secrets.CICD_ORG_SONAR_TOKEN_CICD_BOT }}
with:
projectBaseDir: .
args: >
-Dsonar.python.coverage.reportPaths=coverage.xml