[MGDSTRM-6791] Separate Sonar analysis to stand-alone workflow (#216)

Signed-off-by: Michael Edgar <[email protected]>

.github/workflows/integration.yaml

@@ -1,4 +1,4 @@
-name: Integration tests
+name: Build
 on:
   push:
     branches: [ 'main' ]
@@ -7,50 +7,57 @@ on:
     types: [ opened, reopened, synchronize ]
 
 jobs:
-  integration:
+  build:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - run: |
-          git fetch --prune --unshallow --tags --force
 
       - name: Set up JDK 17
         uses: actions/setup-java@v2
         with:
           java-version: '17'
           distribution: 'adopt'
 
-      - name: setup-docker
+      - name: Setup Docker
         uses: docker-practice/actions-setup-docker@v1
 
-      - name: Cache Sonar
-        uses: actions/cache@v1
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-
-      - name: Cache m2 repo
+      - name: Cache Maven Packages
         uses: actions/cache@v1
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-
 
-      - name: "Integration tests"
+      - name: Build and Test
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
           SONAR_ORG: ${{secrets.SONAR_ORG}}
           SONAR_PROJECT: ${{secrets.SONAR_PROJECT}}
           SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
         run: |
-          mvn verify -B --no-transfer-progress org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage -Dsonar.organization=${SONAR_ORG} -Dsonar.projectKey=${SONAR_PROJECT} -Dsonar.login=${SONAR_TOKEN}
+          mvn verify -B --no-transfer-progress -Pcoverage
 
-      - name: Archive results
+      - name: Archive Results
         uses: actions/upload-artifact@v2
         if: failure()
         with:
           name: artifacts
           path: systemtests/target/failsafe-reports/
+
+      ## Save the context information for use in Sonar analysis
+      - name: Save Build Context
+        run: echo "$GITHUB_CONTEXT" > target/build-context.json
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+
+      ## Attach the target directory for use in Sonar analysis
+      - name: Attach Build Output
+        uses: actions/upload-artifact@v2
+        with:
+          name: target
+          path: |
+            target/
+            kafka-admin/target/
+            systemtests/target/

.github/workflows/sonar-analysis.yml

@@ -0,0 +1,128 @@
+name: "SonarCloud"
+
+on:
+  workflow_run:
+    workflows: [ Build ]
+    types: [ completed ]
+
+jobs:
+  analyze:
+    if: ${{ github.repository == 'bf2fc6cc711aee1a0c2a/kafka-admin-api' && github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    name: Analyze
+    steps:
+      - name: Display Github Event Context
+        run: echo "$GITHUB_CONTEXT"
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+
+      ## Checkout the source of the event that triggered this workflow, 
+      ## PR commit (pull_request event) or commit (push event).
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          ref: ${{ github.event.workflow_run.head_sha }}
+          fetch-depth: 0
+
+      ## Retrieve the `target` directory from the build job
+      - name: Fetch Build Result
+        uses: actions/[email protected]
+        with:
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{ github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "target"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/target.zip', Buffer.from(download.data));
+
+      ## Extract the `target` directory from the build job
+      - name: Extract Build Result
+        run: |
+          unzip target.zip
+
+      ## Load the context from the build job - runs for any trigger to allow templates with `steps.build_context.outputs.content` 
+      ## to be accepted by GitHub Actions.
+      - name: Read Build Context
+        id: build_context
+        uses: juliangruber/read-file-action@v1
+        with:
+          path: ./target/build-context.json
+
+      ## (PRs Only) Check out the base branch (target of the PR)
+      - name: Checkout Base Branch (PR Only)
+        if: github.event.workflow_run.event == 'pull_request'
+        env:
+          BASE_BRANCH: ${{ fromJson(steps.build_context.outputs.content).base_ref }}
+        run: |
+          git remote add upstream ${{ github.event.repository.clone_url }}
+          git fetch upstream --prune --tags --force
+          git checkout -B $BASE_BRANCH upstream/$BASE_BRANCH
+
+          git checkout ${{ github.event.workflow_run.head_sha }}
+
+          git clean -ffdx --exclude=target/ && git reset --hard HEAD
+
+      - name: Setup JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      ## (PRs Only) Run Sonar analysis against the results of the build job, providing PR information
+      - name: SonarCloud Analysis (PR Only)
+        if: github.event.workflow_run.event == 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_ORG: ${{secrets.SONAR_ORG}}
+          SONAR_PROJECT: ${{secrets.SONAR_PROJECT}}
+          SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
+        run: |
+          mvn -B --no-transfer-progress org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -Dsonar.organization=${SONAR_ORG} \
+            -Dsonar.projectKey=${SONAR_PROJECT} \
+            -Dsonar.login=${SONAR_TOKEN}
+            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \
+            -Dsonar.pullrequest.key=${{ fromJson(steps.build_context.outputs.content).event.number }} \
+            -Dsonar.pullrequest.branch=${{ fromJson(steps.build_context.outputs.content).head_ref }} \
+            -Dsonar.pullrequest.base=${{ fromJson(steps.build_context.outputs.content).base_ref }}
+
+      ## (Push Only) Run Sonar analysis against the results of the build job
+      - name: SonarCloud Analysis (Push Only)
+        if: github.event.workflow_run.event == 'push'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_ORG: ${{secrets.SONAR_ORG}}
+          SONAR_PROJECT: ${{secrets.SONAR_PROJECT}}
+          SONAR_TOKEN: ${{secrets.SONAR_TOKEN}}
+        run: |
+          mvn -B --no-transfer-progress org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -Dsonar.organization=${SONAR_ORG} \
+            -Dsonar.projectKey=${SONAR_PROJECT} \
+            -Dsonar.login=${SONAR_TOKEN}
+            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }} \
+            -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}