From bff0de0c88558b8b5b59ce2b78c8521056a32f8e Mon Sep 17 00:00:00 2001
From: Carlos Rodriguez <carlos@interchain.io>
Date: Wed, 6 Mar 2024 13:14:55 +0100
Subject: [PATCH] ci: replace codecov with sonarcloud

---
 .codecov.yml                                  | 57 ------------------
 .github/PULL_REQUEST_TEMPLATE.md              |  2 +-
 .github/workflows/callbacks.yml               |  8 +++
 .github/workflows/capability.yml              |  8 +++
 .github/workflows/e2e-wasm.yaml               | 38 +++++++-----
 .github/workflows/e2e.yaml                    | 38 +++++++-----
 .github/workflows/repo-analysis.yaml          | 60 +++++++++++++++++++
 .github/workflows/test.yml                    | 48 +--------------
 .github/workflows/wasm-client.yml             |  8 +++
 README.md                                     |  4 +-
 docs/dev/development-setup.md                 |  2 +-
 .../apps/callbacks/sonar-project.properties   | 14 +++++
 modules/capability/sonar-project.properties   | 14 +++++
 .../08-wasm/sonar-project.properties          | 14 +++++
 sonar-project.properties                      | 20 +++++++
 15 files changed, 195 insertions(+), 140 deletions(-)
 delete mode 100644 .codecov.yml
 create mode 100644 .github/workflows/repo-analysis.yaml
 create mode 100644 modules/apps/callbacks/sonar-project.properties
 create mode 100644 modules/capability/sonar-project.properties
 create mode 100644 modules/light-clients/08-wasm/sonar-project.properties
 create mode 100644 sonar-project.properties

diff --git a/.codecov.yml b/.codecov.yml
deleted file mode 100644
index 88f51441f92..00000000000
--- a/.codecov.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# This codecov.yml is the default configuration for
-# all repositories on Codecov. You may adjust the settings
-# below in your own codecov.yml in your repository.
-#
-coverage:
-  precision: 2
-  round: down
-  range: 70...100
-
-  status:
-    # Learn more at https://docs.codecov.io/docs/commit-status
-    project:
-      default:
-        threshold: 1% # allow this much decrease on project
-      app:
-        target: 70%
-        flags:
-          - app
-      modules:
-        target: 70%
-        flags:
-          - modules
-      client:
-        flags:
-          - client
-    changes: false
-
-comment:
-  layout: "reach, diff, files"
-  behavior: default # update if exists else create new
-  require_changes: true
-
-flags:
-  app:
-    paths:
-      - "app/"
-      - "baseapp/"
-  modules:
-    paths:
-      - "core/"
-      - "!modules/core/**/client/" # ignore client package
-  client:
-    paths:
-      - "client/"
-      - "core/**/client/"
-
-ignore:
-  - "docs"
-  - "*.md"
-  - "**/*.pb.go"
-  - "**/*.pb.gw.go"
-  - "modules/**/**/**/*.pb.go"
-  - "modules/**/**/**/*.pb.gw.go"
-  - "modules/**/**/**/test_common.go"
-  - "testing/"
-  - "scripts/"
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index bedc75f1f52..77b4c150453 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -49,4 +49,4 @@ write a little note why.
 - [ ] Added relevant `godoc` [comments](https://blog.golang.org/godoc-documenting-go-code).
 - [ ] Provide a [commit message](https://github.com/cosmos/ibc-go/blob/main/docs/dev/pull-requests.md#commit-messages) to be used for the changelog entry in the PR description for review.
 - [ ] Re-reviewed `Files changed` in the Github PR explorer.
-- [ ] Review `Codecov Report` in the comment section below once CI passes.
+- [ ] Review `SonarCloud Report` in the comment section below once CI passes.
diff --git a/.github/workflows/callbacks.yml b/.github/workflows/callbacks.yml
index 836edcc29fb..0bd4191a71f 100644
--- a/.github/workflows/callbacks.yml
+++ b/.github/workflows/callbacks.yml
@@ -48,3 +48,11 @@ jobs:
         run: |
           cd modules/apps/callbacks
           go test -v -mod=readonly ./...
+      - name: sonarcloud
+        if: ${{ env.GIT_DIFF && !github.event.pull_request.draft && env.SONAR_TOKEN != null }}
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          projectBaseDir: modules/apps/callbacks/
diff --git a/.github/workflows/capability.yml b/.github/workflows/capability.yml
index 89274a5c145..5a49d66d39a 100644
--- a/.github/workflows/capability.yml
+++ b/.github/workflows/capability.yml
@@ -34,3 +34,11 @@ jobs:
         run: |
           cd modules/capability
           go test -v -mod=readonly ./...
+      - name: sonarcloud
+        if: ${{ env.GIT_DIFF && !github.event.pull_request.draft && env.SONAR_TOKEN != null }}
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          projectBaseDir: modules/capability/
diff --git a/.github/workflows/e2e-wasm.yaml b/.github/workflows/e2e-wasm.yaml
index e75da52a156..3dc5a0e068a 100644
--- a/.github/workflows/e2e-wasm.yaml
+++ b/.github/workflows/e2e-wasm.yaml
@@ -49,19 +49,25 @@ jobs:
     # we skip the job in this case.
     if: ${{ !github.event.pull_request.draft && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
     needs: determine-image-tag # we are required to have a docker tag before we can build any images.
-    uses: ./.github/workflows/e2e-test-workflow-call.yml
-    # unless we explicitly tell the workflow to inherit secrets, required secrets such as GITHUB_TOKEN will not be
-    # provided to the workflow. This would cause privileged operations to fail.
-    secrets: inherit
-    with:
-      # with each test, we build an image from the current code.
-      build-and-push-docker-image-wasm: true
-      # if the test fails, we upload logs so that we can download them from the UI.
-      upload-logs: true
-      chain-image: ghcr.io/cosmos/ibc-go-wasm-simd
-      # with regular tests, both images are the same.
-      chain-a-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
-      chain-b-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
-      chain-binary: 'simd'
-      # only run the grandpa test suite for wasm tests.
-      test-entry-point: 'TestGrandpaTestSuite'
+    steps:
+      - uses: ./.github/workflows/e2e-test-workflow-call.yml
+        # unless we explicitly tell the workflow to inherit secrets, required secrets such as GITHUB_TOKEN will not be
+        # provided to the workflow. This would cause privileged operations to fail.
+        secrets: inherit
+        with:
+          # with each test, we build an image from the current code.
+          build-and-push-docker-image-wasm: true
+          # if the test fails, we upload logs so that we can download them from the UI.
+          upload-logs: true
+          chain-image: ghcr.io/cosmos/ibc-go-wasm-simd
+          # with regular tests, both images are the same.
+          chain-a-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
+          chain-b-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
+          chain-binary: 'simd'
+          # only run the grandpa test suite for wasm tests.
+          test-entry-point: 'TestGrandpaTestSuite'
+      - uses: actions/upload-artifact@v4
+          if: env.GIT_DIFF
+          with:
+            name: '${{ github.sha }}-e2e-wasm-coverage'
+            path: ./${{ matrix.part }}profile.out
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 7bea58b5913..d4ae4f763a1 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -48,19 +48,25 @@ jobs:
     # we skip the job in this case.
     if: ${{ !github.event.pull_request.draft && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
     needs: determine-image-tag # we are required to have a docker tag before we can build any images.
-    uses: ./.github/workflows/e2e-test-workflow-call.yml
-    # unless we explicitly tell the workflow to inherit secrets, required secrets such as GITHUB_TOKEN will not be
-    # provided to the workflow. This would cause privileged operations to fail.
-    secrets: inherit
-    with:
-      # with each test, we build an image from the current code.
-      build-and-push-docker-image: true
-      # if the test fails, we upload logs so that we can download them from the UI.
-      upload-logs: true
-      chain-image: ghcr.io/cosmos/ibc-go-simd
-      # with regular tests, both images are the same.
-      chain-a-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
-      chain-b-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
-      chain-binary: 'simd'
-      # on regular PRs we won't run upgrade tests.
-      test-exclusions: 'TestUpgradeTestSuite,TestGrandpaTestSuite,TestIBCWasmUpgradeTestSuite'
+    steps:
+      - uses: ./.github/workflows/e2e-test-workflow-call.yml
+        # unless we explicitly tell the workflow to inherit secrets, required secrets such as GITHUB_TOKEN will not be
+        # provided to the workflow. This would cause privileged operations to fail.
+        secrets: inherit
+        with:
+          # with each test, we build an image from the current code.
+          build-and-push-docker-image: true
+          # if the test fails, we upload logs so that we can download them from the UI.
+          upload-logs: true
+          chain-image: ghcr.io/cosmos/ibc-go-simd
+          # with regular tests, both images are the same.
+          chain-a-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
+          chain-b-tag: '${{ needs.determine-image-tag.outputs.simd-tag }}'
+          chain-binary: 'simd'
+          # on regular PRs we won't run upgrade tests.
+          test-exclusions: 'TestUpgradeTestSuite,TestGrandpaTestSuite,TestIBCWasmUpgradeTestSuite'
+      - uses: actions/upload-artifact@v4
+          if: env.GIT_DIFF
+          with:
+            name: '${{ github.sha }}-e2e-coverage'
+            path: ./${{ matrix.part }}profile.out
diff --git a/.github/workflows/repo-analysis.yaml b/.github/workflows/repo-analysis.yaml
new file mode 100644
index 00000000000..7209d64058b
--- /dev/null
+++ b/.github/workflows/repo-analysis.yaml
@@ -0,0 +1,60 @@
+
+name: Repo analysis
+#  Tests / Code Coverage workflow runs unit tests and uploads a code coverage report
+#  This workflow is run on pushes to main & every Pull Requests where a .go, .mod, .sum have been changed
+on:
+  workflow_run:
+    workflows: ["Tests / Code Coverage", "Tests / E2E", "Tests / E2E Wasm"]
+    branches: [main]
+    types: 
+      - completed
+  pull_request:
+  push:
+    branches:
+      - main
+
+repo-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: technote-space/get-diff-action@v6.1.2
+        id: git_diff
+        with:
+          PATTERNS: |
+            **/*.go
+            go.mod
+            go.sum
+            **/go.mod
+            **/go.sum
+      - uses: actions/download-artifact@v4
+        if: env.GIT_DIFF
+        with:
+          name: '${{ github.sha }}-00-coverage'
+      - uses: actions/download-artifact@v4
+        if: env.GIT_DIFF
+        with:
+          name: '${{ github.sha }}-01-coverage'
+      - uses: actions/download-artifact@v4
+        if: env.GIT_DIFF
+        with:
+          name: '${{ github.sha }}-02-coverage'
+      - uses: actions/download-artifact@v4
+        if: env.GIT_DIFF
+        with:
+          name: '${{ github.sha }}-03-coverage'
+      - uses: actions/download-artifact@v4
+        if: env.GIT_DIFF
+        with:
+          name: '${{ github.sha }}-e2e-coverage'
+        continue-on-error: true
+      - uses: actions/download-artifact@v4
+        if: env.GIT_DIFF
+        with:
+          name: '${{ github.sha }}-e2e-wasm-coverage'
+        continue-on-error: true
+      - name: sonarcloud
+        if: ${{ env.GIT_DIFF && !github.event.pull_request.draft }}
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index da37c93fa73..b1fd4608bb0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -104,53 +104,7 @@ jobs:
           cat pkgs.txt.part.${{ matrix.part }} | xargs go test -mod=readonly -timeout 30m -coverprofile=${{ matrix.part }}profile.out -covermode=atomic -tags='ledger test_ledger_mock'
         if: env.GIT_DIFF
       - uses: actions/upload-artifact@v4
+        if: env.GIT_DIFF
         with:
           name: '${{ github.sha }}-${{ matrix.part }}-coverage'
           path: ./${{ matrix.part }}profile.out
-
-  upload-coverage-report:
-    runs-on: ubuntu-latest
-    needs: tests
-    steps:
-      - uses: actions/checkout@v4
-      - uses: technote-space/get-diff-action@v6.1.2
-        with:
-          PATTERNS: |
-            **/**.go
-            go.mod
-            go.sum
-      - uses: actions/download-artifact@v4
-        with:
-          name: '${{ github.sha }}-00-coverage'
-        if: env.GIT_DIFF
-      - uses: actions/download-artifact@v4
-        with:
-          name: '${{ github.sha }}-01-coverage'
-        if: env.GIT_DIFF
-      - uses: actions/download-artifact@v4
-        with:
-          name: '${{ github.sha }}-02-coverage'
-        if: env.GIT_DIFF
-      - uses: actions/download-artifact@v4
-        with:
-          name: '${{ github.sha }}-03-coverage'
-        if: env.GIT_DIFF
-      - run: |
-          cat ./*profile.out | grep -v "mode: atomic" >> coverage.txt
-        if: env.GIT_DIFF
-      - name: filter out DONTCOVER
-        run: |
-          excludelist="$(find ./ -type f -name '*.go' | xargs grep -l 'DONTCOVER')"
-          excludelist+=" $(find ./ -type f -name '*.pb.go')"
-          excludelist+=" $(find ./ -type f -name '*.pb.gw.go')"
-          excludelist+=" $(find ./ -type f -path './tests/mocks/*.go')"
-          for filename in ${excludelist}; do
-            filename=$(echo $filename | sed 's/^./github.com\/cosmos\/cosmos-sdk/g')
-            echo "Excluding ${filename} from coverage report..."
-            sed -i.bak "/$(echo $filename | sed 's/\//\\\//g')/d" coverage.txt
-          done
-        if: env.GIT_DIFF
-      - uses: codecov/codecov-action@v4
-        with:
-          file: ./coverage.txt
-        if: env.GIT_DIFF
diff --git a/.github/workflows/wasm-client.yml b/.github/workflows/wasm-client.yml
index a2a3990ae3e..f1d73686398 100644
--- a/.github/workflows/wasm-client.yml
+++ b/.github/workflows/wasm-client.yml
@@ -55,3 +55,11 @@ jobs:
         run: |
           cd modules/light-clients/08-wasm
           go test -v -mod=readonly ./...
+      - name: sonarcloud
+        if: ${{ env.GIT_DIFF && !github.event.pull_request.draft && env.SONAR_TOKEN != null }}
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          projectBaseDir: modules/lightclients/08-wasm/
diff --git a/README.md b/README.md
index 6eb557c4653..0661d5a24f4 100644
--- a/README.md
+++ b/README.md
@@ -17,8 +17,8 @@
   <a href="https://goreportcard.com/report/github.com/cosmos/ibc-go">
     <img alt="Go report card" src="https://goreportcard.com/badge/github.com/cosmos/ibc-go" />
   </a>
-  <a href="https://codecov.io/gh/cosmos/ibc-go">
-    <img alt="Code Coverage" src="https://codecov.io/gh/cosmos/ibc-go/branch/main/graph/badge.svg" />
+  <a href="https://sonarcloud.io/summary/overall?id=cosmos_ibc-go">
+    <img alt="Code Coverage" src="https://sonarcloud.io/api/project_badges/measure?project=cosmos_ibc-go&metric=coverage" />
   </a>
 </div>
 <div align="center">
diff --git a/docs/dev/development-setup.md b/docs/dev/development-setup.md
index 3c0d7c03ace..b1687859e56 100644
--- a/docs/dev/development-setup.md
+++ b/docs/dev/development-setup.md
@@ -52,7 +52,7 @@ When testing a function under a variety of different inputs, we prefer to use [t
 
 All unit tests should use the testing package. Please see the testing package [README](../../testing/README.md) for more information.
 
-Test coverage is continuously deployed at [codecov](https://app.codecov.io/github/cosmos/ibc-go). PRs that improve test coverage are welcome, but in general the test coverage should be used as a guidance for finding API use cases that are not covered by tests. We don't recommend adding tests that only improve coverage but not actually test a meaning use case.
+Test coverage is continuously deployed at [SonarCloud](https://sonarcloud.io/project/overview?id=cosmos_ibc-go). PRs that improve test coverage are welcome, but in general the test coverage should be used as a guidance for finding API use cases that are not covered by tests. We don't recommend adding tests that only improve coverage but not actually test a meaning use case.
 
 ## Documentation
 
diff --git a/modules/apps/callbacks/sonar-project.properties b/modules/apps/callbacks/sonar-project.properties
new file mode 100644
index 00000000000..15684f17c39
--- /dev/null
+++ b/modules/apps/callbacks/sonar-project.properties
@@ -0,0 +1,14 @@
+sonar.projectKey=ibc-go-callbacks
+sonar.organization=cosmos
+
+sonar.projectName=ibc-go - Callbacks
+sonar.project.monorepo.enabled=true
+
+sonar.sources=.
+sonar.exclusions=**/*_test.go
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+sonar.go.coverage.reportPaths=coverage.out
+
+sonar.sourceEncoding=UTF-8
+sonar.scm.provider=git
\ No newline at end of file
diff --git a/modules/capability/sonar-project.properties b/modules/capability/sonar-project.properties
new file mode 100644
index 00000000000..4b0d5147597
--- /dev/null
+++ b/modules/capability/sonar-project.properties
@@ -0,0 +1,14 @@
+sonar.projectKey=ibc-go-capability
+sonar.organization=cosmos
+
+sonar.projectName=ibc-go - Capability
+sonar.project.monorepo.enabled=true
+
+sonar.sources=.
+sonar.exclusions=**/*_test.go
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+sonar.go.coverage.reportPaths=coverage.out
+
+sonar.sourceEncoding=UTF-8
+sonar.scm.provider=git
\ No newline at end of file
diff --git a/modules/light-clients/08-wasm/sonar-project.properties b/modules/light-clients/08-wasm/sonar-project.properties
new file mode 100644
index 00000000000..a6dda8e144e
--- /dev/null
+++ b/modules/light-clients/08-wasm/sonar-project.properties
@@ -0,0 +1,14 @@
+sonar.projectKey=ibc-go-08-wasm
+sonar.organization=cosmos
+
+sonar.projectName=ibc-go - 08-wasm
+sonar.project.monorepo.enabled=true
+
+sonar.sources=.
+sonar.exclusions=**/*_test.go
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+sonar.go.coverage.reportPaths=coverage.out
+
+sonar.sourceEncoding=UTF-8
+sonar.scm.provider=git
\ No newline at end of file
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 00000000000..32d5decda91
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,20 @@
+sonar-projects.propertiessonar.projectKey=cosmos_ibc-go
+sonar.organization=cosmos
+
+sonar.projectName=ibc-go
+sonar.project.monorepo.enabled=true
+
+sonar.sources=.
+sonar.exclusions=**/*_test.go,**/testing/**,e2e/**,**/*.pb.go,**/*.pb.gw.go,**/*.pulsar.go,docs/**,**/*.md,scripts/**,
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go,**/testing/**,e2e/**,**/testutil/**
+sonar.go.coverage.reportPaths=coverage.out,*profile.out
+
+sonar.python.version=3
+sonar.sourceEncoding=UTF-8
+sonar.scm.provider=git
+
+# Exclude C/C++/Objective-C files from analysis
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-
\ No newline at end of file