From 90e026514d03d640ea3db2175a7ec3a378e8dc1b Mon Sep 17 00:00:00 2001 From: ff137 Date: Wed, 11 Dec 2024 11:30:52 +0200 Subject: [PATCH 1/6] :arrow_up: Upgrade deprecated `sonarcloud-github-action` to `sonarqube-scan-action` --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 77bcf8531..c502fd7de 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -45,7 +45,7 @@ jobs: steps: - name: Analyze with SonarCloud - uses: SonarSource/sonarcloud-github-action@v4.0.0 + uses: SonarSource/sonarqube-scan-action@v4.1.0 env: GITHUB_TOKEN: ${{ github.token }} # Needed to get PR information SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) From 7f4944e7c9fe5fe4221f0a29dd83d059bf7cae34 Mon Sep 17 00:00:00 2001 From: ff137 Date: Wed, 11 Dec 2024 11:31:09 +0200 Subject: [PATCH 2/6] :wrench: Add coverage exclusion rule for test files --- .github/workflows/sonarcloud.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index c502fd7de..008895b72 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -56,6 +56,7 @@ jobs: # mandatory -Dsonar.projectKey=didx-xyz_aries-cloudapi-python -Dsonar.organization=didx-xyz + -Dsonar.coverage.exclusions=**/tests/** # Comma-separated paths to directories containing main source files. #-Dsonar.sources= # optional, default is project base directory # When you need the analysis to take place in a directory other than the one from which it was launched From c87fbad16b5f4a77ebf3dcca63a1b04600346eb8 Mon Sep 17 00:00:00 2001 From: ff137 Date: Wed, 11 Dec 2024 11:31:37 +0200 Subject: [PATCH 3/6] :wrench: Update coverage omit setting --- pyproject.toml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 3237176a7..a01706e0d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,12 +6,7 @@ authors = ["Mourits de Beer "] package-mode = false [tool.coverage.run] -omit = [ - "app/tests/*", - "endorser/tests/*", - "trustregistry/tests/*", - "waypoint/tests/*", -] +omit = ["*/tests/*"] [tool.isort] profile = "black" From 2c04b4f9f4f4862629156f08f526bae554b93153 Mon Sep 17 00:00:00 2001 From: ff137 Date: Wed, 11 Dec 2024 13:23:18 +0200 Subject: [PATCH 4/6] :construction_worker: Configure test coverage for SonarCloud --- .github/workflows/sonarcloud.yml | 38 +++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 008895b72..d53a3d20f 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -43,25 +43,37 @@ jobs: runs-on: ubuntu-latest steps: - - name: Analyze with SonarCloud + # Checkout the repository + - name: Checkout Repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 # Required for proper blame data in SonarCloud + + # Setup Python + - name: Setup Python + uses: actions/setup-python@v2 + with: + python-version: "3.12" + # Install dependencies + - name: Install dependencies with Poetry + run: mise run poetry:install + + # Run tests and generate coverage report + - name: Run Tests with Coverage + run: | + pytest --cov --cov-report=xml --ignore=app/tests/e2e/ --ignore=trustregistry/tests/e2e/ + + # Analyze with SonarCloud + - name: Analyze with SonarCloud uses: SonarSource/sonarqube-scan-action@v4.1.0 env: GITHUB_TOKEN: ${{ github.token }} # Needed to get PR information SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) with: - # Additional arguments for the sonarcloud scanner - args: - # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) - # mandatory + # Additional arguments for the SonarCloud scanner + args: > -Dsonar.projectKey=didx-xyz_aries-cloudapi-python -Dsonar.organization=didx-xyz -Dsonar.coverage.exclusions=**/tests/** - # Comma-separated paths to directories containing main source files. - #-Dsonar.sources= # optional, default is project base directory - # When you need the analysis to take place in a directory other than the one from which it was launched - #-Dsonar.projectBaseDir= # optional, default is . - # Comma-separated paths to directories containing test source files. - #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ - # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. - #-Dsonar.verbose= # optional, default is false + -Dsonar.python.coverage.reportPaths=coverage.xml From dd9e69f97cc9a648d77ec6ddc37d5738307fb3d1 Mon Sep 17 00:00:00 2001 From: ff137 Date: Wed, 11 Dec 2024 14:17:43 +0200 Subject: [PATCH 5/6] :construction_worker: Simplify and use mise for workflow --- .github/workflows/sonarcloud.yml | 42 ++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index d53a3d20f..cb8f524fe 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -49,11 +49,37 @@ jobs: with: fetch-depth: 0 # Required for proper blame data in SonarCloud - # Setup Python - - name: Setup Python - uses: actions/setup-python@v2 + - name: Overwrite .mise.toml # Simplify mise in this workflow + run: | + cat < .mise.toml + [tools] + python = "3.12" + "pipx:poetry" = "1.8" + uv = "0.4" + + [settings] + experimental = true + jobs = 1 + pipx_uvx = true + python_compile = false + + [env] + # Use Python/Mise managed virtual environment + POETRY_VIRTUALENVS_CREATE = "false" + # Setup Python Virtual Environment + _.python.venv = { path = ".venv", create = true } + + [tasks."poetry:install"] + description = "Poetry Install dependencies for all submodules" + depends = ["poetry:install:*"] + EOF + + - name: Install dependencies + uses: jdx/mise-action@v2 with: - python-version: "3.12" + cache: true + experimental: true + install: true # Install dependencies - name: Install dependencies with Poetry @@ -62,7 +88,13 @@ jobs: # Run tests and generate coverage report - name: Run Tests with Coverage run: | - pytest --cov --cov-report=xml --ignore=app/tests/e2e/ --ignore=trustregistry/tests/e2e/ + source .venv/bin/activate + set +e + + cp .env.example .env + source .env + + poetry run pytest --cov --cov-report=xml --ignore=app/tests/e2e/ --ignore=trustregistry/tests/e2e/ # Analyze with SonarCloud - name: Analyze with SonarCloud From f83f9062e88b230ae18c662ad67277e74dde4123 Mon Sep 17 00:00:00 2001 From: ff137 Date: Wed, 11 Dec 2024 20:41:51 +0200 Subject: [PATCH 6/6] :art: Use latest actions/checkout --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index cb8f524fe..64cdc4a72 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -45,7 +45,7 @@ jobs: steps: # Checkout the repository - name: Checkout Repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 # Required for proper blame data in SonarCloud