chore: minor fixes to the new analysis workflow (#172)

Signed-off-by: Nathan Klick <nathan@swirldslabs.com>
hashgraph · Jul 11, 2023 · 2a18bb6 · 2a18bb6
1 parent 1da604d
commit 2a18bb6
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 82 deletions.
diff --git a/.github/workflows/flow-build-application.yaml b/.github/workflows/flow-build-application.yaml
@@ -86,6 +86,7 @@ jobs:
       - code
     if: ${{ github.event_name == 'push' || github.event.inputs.enable-unit-tests == 'true' }}
     with:
+      custom-job-label: Source Code
       java-version: ${{ github.event.inputs.java-version || '17.0.7' }}
       java-distribution: ${{ github.event.inputs.java-distribution || 'temurin' }}
       gradle-version: ${{ github.event.inputs.gradle-version || 'wrapper' }}

diff --git a/.github/workflows/flow-pull-request-analysis.yaml b/.github/workflows/flow-pull-request-analysis.yaml
diff --git a/.github/workflows/flow-pull-request-checks.yaml b/.github/workflows/flow-pull-request-checks.yaml
@@ -51,3 +51,39 @@ jobs:
     with:
       custom-job-label: Standard
       enable-unit-tests: true
+
+  codecov:
+    name: CodeCov
+    uses: ./.github/workflows/zxc-code-analysis.yaml
+    needs:
+      - unit-tests
+    if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && github.actor != 'dependabot[bot]' }}
+    with:
+      custom-job-label: Standard
+      enable-codecov-analysis: true
+    secrets:
+      codecov-token: ${{ secrets.CODECOV_TOKEN }}
+
+  sonar:
+    name: Sonar Scan
+    uses: ./.github/workflows/zxc-code-analysis.yaml
+    needs:
+      - unit-tests
+    if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && github.actor != 'dependabot[bot]' }}
+    with:
+      custom-job-label: Standard
+      enable-sonar-analysis: true
+    secrets:
+      sonar-token: ${{ secrets.SONAR_TOKEN }}
+
+  snyk:
+    name: Snyk Scan
+    uses: ./.github/workflows/zxc-code-analysis.yaml
+    needs:
+      - unit-tests
+    if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && github.actor != 'dependabot[bot]' }}
+    with:
+      custom-job-label: Standard
+      enable-snyk-scan: true
+    secrets:
+      snyk-token: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/zxc-code-analysis.yaml b/.github/workflows/zxc-code-analysis.yaml
@@ -87,9 +87,11 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
 
-      - name: Expand Shallow Clone for SonarQube and Spotless
-        if: ${{ (inputs.enable-sonar-analysis || inputs.enable-spotless-check) && !cancelled() }}
+      - name: Expand Shallow Clone for SonarQube
+        if: ${{ inputs.enable-sonar-analysis && !cancelled() }}
         run: git fetch --unshallow --no-recurse-submodules
 
       - name: Setup Java
@@ -108,16 +110,14 @@ jobs:
         with:
           node-version: ${{ inputs.node-version }}
 
-      - name: Cache JaCoCo Analysis
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
-        if: ${{ (inputs.enable-sonar-analysis || inputs.enable-codecov-analysis) && !cancelled() }}
+      - name: Download Coverage Reports
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        if: ${{ (inputs.enable-codecov-analysis || inputs.enable-sonar-analysis) && !cancelled() && !failure() }}
         with:
-          path: '**/jacocoTestReport.xml'
-          key: unit-test-jacoco-rid-${{ github.event.workflow_run.id }}
-          fail-on-cache-miss: true
+          name: Coverage Reports
 
       - name: Publish To Codecov
-        if: ${{ inputs.enable-codecov-analysis && !cancelled() }}
+        if: ${{ inputs.enable-codecov-analysis && !cancelled() && !failure() }}
         uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # pin@v3
         env:
           CODECOV_TOKEN: ${{ secrets.codecov-token }}
@@ -126,7 +126,7 @@ jobs:
         id: sonar-cloud
         env:
           IS_PULL_REQUEST: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
-        if: ${{ inputs.enable-sonar-analysis && !cancelled() }}
+        if: ${{ inputs.enable-sonar-analysis && !cancelled() && !failure() }}
         run: |
           SONAR_OPTS="-Dsonar.branch.name=${{ github.ref_name }}"
           if [[ "${IS_PULL_REQUEST}" == true ]]; then
@@ -141,33 +141,33 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.access-token }}
           SONAR_TOKEN: ${{ secrets.sonar-token }}
           SONAR_OPTS: ${{ steps.sonar-cloud.outputs.options }}
-        if: ${{ inputs.enable-sonar-analysis && !cancelled() }}
+        if: ${{ inputs.enable-sonar-analysis && !cancelled() && !failure() }}
         with:
           gradle-version: ${{ inputs.gradle-version }}
           arguments: sonar --info --scan ${{ steps.sonar-cloud.outputs.options }}
 
       - name: Setup Snyk
         env:
           SNYK_TOKEN: ${{ secrets.snyk-token }}
-        if: ${{ inputs.enable-snyk-scan && !cancelled() }}
+        if: ${{ inputs.enable-snyk-scan && !cancelled() && !failure() }}
         run: npm install -g snyk snyk-to-html @wcj/html-to-markdown-cli
 
       - name: Snyk Scan
         id: snyk
         env:
           SNYK_TOKEN: ${{ secrets.snyk-token }}
-        if: ${{ inputs.enable-snyk-scan && !cancelled() }}
+        if: ${{ inputs.enable-snyk-scan && !cancelled() && !failure() }}
         run: snyk test --all-sub-projects --severity-threshold=high --json-file-output=snyk-test.json
 
       - name: Snyk Code
         id: snyk-code
         env:
           SNYK_TOKEN: ${{ secrets.snyk-token }}
-        if: ${{ inputs.enable-snyk-scan && !cancelled() }}
+        if: ${{ inputs.enable-snyk-scan && !cancelled() && !failure() }}
         run: snyk code test --severity-threshold=high --json-file-output=snyk-code.json
 
       - name: Publish Snyk Results
-        if: ${{ inputs.enable-snyk-scan && !cancelled() }}
+        if: ${{ inputs.enable-snyk-scan && !cancelled() && !failure() }}
         run: |
           if [[ -f snyk-test.json ]]; then
             snyk-to-html -i snyk-test.json -o snyk-test.html --summary
@@ -183,7 +183,7 @@ jobs:
 
       - name: Publish Snyk Reports
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3
-        if: ${{ inputs.enable-snyk-scan && !cancelled() }}
+        if: ${{ inputs.enable-snyk-scan && !cancelled() && !failure() }}
         with:
           name: Snyk Reports
           path: |

diff --git a/.github/workflows/zxc-compile-code.yaml b/.github/workflows/zxc-compile-code.yaml
@@ -130,13 +130,6 @@ jobs:
           gradle-version: ${{ inputs.gradle-version }}
           arguments: spotlessCheck --scan
 
-      - name: Cache JaCoCo Analysis
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
-        if: ${{ inputs.enable-unit-tests && !cancelled() }}
-        with:
-          path: '**/jacocoTestReport.xml'
-          key: unit-test-jacoco-rid-${{ github.run_id }}
-
       - name: Unit Testing
         id: gradle-test
         uses: gradle/gradle-build-action@3fbe033aaae657f011f88f29be9e65ed26bd29ef # pin@v2
@@ -161,6 +154,13 @@ jobs:
           gradle-version: ${{ inputs.gradle-version }}
           arguments: jacocoTestReport --scan
 
+      - name: Publish Jacoco Coverage Report
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3
+        if: ${{ inputs.enable-unit-tests && !cancelled() }}
+        with:
+          name: Coverage Reports
+          path: '**/jacocoTestReport.xml'
+
       - name: Publish Test Reports
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3
         if: ${{ inputs.enable-unit-tests && steps.gradle-build.conclusion == 'success' && !cancelled() }}