Adapt code logic UTs, ITs, document

SonarSource · Apr 4, 2024 · 0cd339f · 0cd339f
1 parent fab35dc
commit 0cd339f
Show file tree

Hide file tree

Showing 62 changed files with 839 additions and 2,294 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1 +1,3 @@
 tests
+build
+.github
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,38 @@
+name: Build
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@d0877ce7085bc313bd7a7b99c4e4489d42fb40e1 # 3.0.0
+        with:
+          secrets: |
+              development/kv/data/sonarcloud token | sonarcloud_token;
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: "3.10"
+      - name: Build
+        working-directory: .
+        run: |
+          python -m pip install --upgrade pip pipenv
+          make test
+          sed -i "s|<source>${GITHUB_WORKSPACE}|<source>/github/workspace|g" "${GITHUB_WORKSPACE}/build/coverage.xml"
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # v2.1.1
+        env:
+          SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).sonarcloud_token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
diff --git a/.github/workflows/it-test.yml b/.github/workflows/it-test.yml
@@ -0,0 +1,65 @@
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+permissions:
+  id-token: write
+
+jobs:
+  it-tests-use-unknown-version-values-output:
+    name: "IT Test - releasability checks should fail on sonar-dummy with a wrong version"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Given the gh-action is used with default values
+        id: test-data
+        uses: ./
+        with:
+         organization: "SonarSource"
+         repository: "sonar-dummy"
+         branch: "master"
+         version: "4242.42.42.43"
+         commit-sha: "e01f0f6545c31755d6ca128c5a3a14f6bf"
+         ignore-failure: true
+      - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2
+        name: Then outputs.status value must be 1 as there is no way this version exists within Jira
+        with:
+          expected: 1
+          actual: ${{ steps.test-data.outputs.status }}
+          comparison: exact
+
+  it-tests-use-unknown-version-values-logs:
+    name: "IT Test - releasability checks should print failing Jira checks on sonar-dummy with a wrong version"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Given the gh-action is used with default values
+        id: test-data
+        uses: ./
+        with:
+         organization: "SonarSource"
+         repository: "sonar-dummy"
+         branch: "master"
+         version: "4242.42.42.43"
+         commit-sha: "e01f0f6545c31755d6ca128c5a3a14f6bf"
+         ignore-failure: true
+      - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2
+        name: Then outputs.logs value must contains a Jira failing check
+        with:
+          expected: "❌ Jira  - version not found in Jira"
+          actual: ${{ steps.test-data.outputs.logs }}
+          comparison: contains
+
+  it-tests:
+    name: "All IT Tests have to pass"
+    runs-on: ubuntu-latest
+    if: always()
+    needs:
+      # Add your tests here so that they prevent the merge of broken changes
+      - it-tests-use-unknown-version-values-output
+      - it-tests-use-unknown-version-values-logs
+    steps:
+      - uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
+        with:
+          jobs: ${{ toJSON(needs) }}
diff --git a/.github/workflows/releasability_checks.yml b/.github/workflows/releasability_checks.yml
@@ -38,7 +38,7 @@ jobs:
                 echo "Commit SHA ${{ github.event.inputs.commit-sha }}"
 
           - name: Trigger releasability checks
-            uses: SonarSource/gh-action_releasability@BUILD-4613-Provide-a-way-to-trigger-releasability-checks-before-creating-a-release
+            uses: SonarSource/gh-action_releasability@master
             with:
               organization: ${{ github.event.inputs.organization }}
               repository:  ${{ github.event.inputs.repository }}

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,8 @@
+.vscode
+__pycache__
+.idea/
+*.iml
+src/.coverage
+src/build/
+out/
+coverage.xml
diff --git a/DEV.md b/DEV.md
@@ -0,0 +1,42 @@
+# Developer notes
+
+> You want to contribute to this project ? Please read the following
+
+## IT Tests
+
+This project define integrations tests in `.github/workflows/it-test.yml`.
+
+Test assertions are done using [nick-fields/assert-action](https://github.com/nick-fields/assert-action).
+
+### Side note
+
+At the moment, GitHub branch protection do not allow to define checks based
+on a REGEX as we can find in other CI tools such as Jenkins.
+
+In order to work around this limitation this project make
+use of [re-actors/alls-green](https://github.com/re-actors/alls-green).
+
+All tests have to be declared in `.github/workflows/it-test.yml`
+the job called `it-tests` declares a list of needs:
+
+```yaml
+    ...
+    needs:
+       ...
+      - it-tests-output-logs-failure
+      - it-tests-output-logs-success
+      - < your new test > <-------------- Add your tests here
+```
+
+## PyCharm users
+
+There is currently a bug in pycharm to support pytest properly.
+To run the tests locally either comment the line:
+
+```ini
+addopts = --cov=src --cov-report html:build/coverage-html \
+--cov-report xml:build/coverage.xml \
+--cov-report term
+```
+
+in pytest.ini or delete pytest.ini locally
diff --git a/Dockerfile b/Dockerfile
@@ -11,4 +11,4 @@ COPY --from=build-env /app /app
 
 ENV PYTHONPATH=/app
 ENTRYPOINT ["/usr/local/bin/python"]
-CMD ["/app/release/main.py"]
+CMD ["/app/src/main.py"]
diff --git a/Makefile b/Makefile
@@ -2,13 +2,8 @@ SHELL := /bin/bash
 
 test:
 	pipenv install --dev
-	PYTHONPATH=${PWD} pipenv run pytest \
-		--cov-report html:build/coverage-html \
-		--cov-report xml:build/coverage.xml \
-		--cov-report term \
-		--cov=release/ \
-		tests/
+	pipenv run pytest
 
 releasability-check:
 	pipenv install
-	PYTHONPATH=${PWD} pipenv run releasability_check
+	pipenv run releasability_check
diff --git a/Pipfile b/Pipfile
@@ -21,4 +21,4 @@ parametrized = "*"
 python_version = "3.10"
 
 [scripts]
-releasability_check = "python release/releasability_check.py"
+releasability_check = "python main/main.py"
diff --git a/README.md b/README.md
@@ -1,3 +1,64 @@
-# gh-action_releasability
+# SonarSource GitHub Action for releasability checks
 
-SonarSource GitHub releasability action
+![GitHub Release](https://img.shields.io/github/v/release/SonarSource/gh-action_releasability)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=SonarSource_gh-action_releasability&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=SonarSource_gh-action_releasability)
+[![.github/workflows/it-test.yml](https://github.com/SonarSource/gh-action_releasability/actions/workflows/it-test.yml/badge.svg)](https://github.com/SonarSource/gh-action_releasability/actions/workflows/it-test.yml)
+
+Trigger [ops-releasability checks](https://github.com/SonarSource/ops-releasability) and collect results.
+
+## Usage
+
+### Verify that all releasability checks pass before actually doing a new release
+
+Trigger manually:
+[releasability_checks.yml](https://github.com/SonarSource/gh-action_releasability/actions/workflows/releasability_checks.yml)
+
+![Form](doc/assets/releasability_checks_workflow_dispatch.png)
+
+### Use as a step in another workflow
+
+Within an existing GitHub workflow:
+
+```yaml
+
+...
+    steps:
+      - uses: SonarSource/gh-action_releasability@0.0.1 <--- replace with last tag
+        id: releasability-checks
+        with:
+          organization:
+          repository:
+          branch:
+          version:
+          commit-sha:
+```
+
+The following permission is required:
+
+```yaml
+permissions:
+  id-token: write
+```
+
+## Options
+
+| Option name      | Description                                                                                             | Default |
+|------------------|---------------------------------------------------------------------------------------------------------|---------|
+| `organization`   | Used to specify the GitHub organization used (i.e: SonarSource)                                         | -       |
+| `repository`     | Used to specify the GitHub repository name                                                              | -       |
+| `branch`         | Used to specify the GitHub repository branch name                                                       | -       |
+| `version`        | Used to specify the version to check (Using Sonar org format: `x.x.x.x` `major.minor.patch.build_number`) | -       |
+| `commit-sha`     | Used to specify the GitHub commit sha to use                                                            | -       |
+| `ignore-failure` | Used to not fail the gh-action in case of releasability check failure                                   | `false` |
+
+## Versioning
+
+This project is using [Semantic Versioning](https://semver.org/).
+
+The `master` branch shall not be referenced by end-users,
+please use tags instead and [Renovate](https://docs.renovatebot.com/) or
+[Dependabot](https://docs.github.com/en/code-security/dependabot) to stay up to date.
+
+## Contribute
+
+Contributions are welcome, please have a look at [DEV.md](./DEV.md)
diff --git a/action.yml b/action.yml
@@ -6,11 +6,67 @@ inputs:
     description: Optional, do not fail the gh-action in case of pre-commit check failure
     required: false
     default: "false"
+  organization:
+    description: GitHub organization name
+    required: true
+  repository:
+    description: GitHub repository name
+    required: true
+  branch:
+    description: Branch name
+    required: true
+  version:
+    description: The version to check
+    required: true
+  commit-sha:
+    description: The GitHub commit SHA to use
+    required: true
 outputs:
   status:
-    description: Provide the exit code returned by pre-commit run command
+    description: Provide the exit code returned by the releasability checks
+    value: ${{ steps.checks.outputs.status }}
   logs:
-    description: Logs from the pre-commit run command
+    description: Logs from releasability checks
+    value: ${{ steps.checks.outputs.logs }}
 runs:
-  using: "docker"
-  image: "Dockerfile"
+    using: "composite"
+    steps:
+      - id: setup_python
+        name: Setup python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version: '3.10'
+      -   name: Install requirements
+          run: |
+              python -m pip install --upgrade pip
+              pip install pipenv
+              pipenv requirements > requirements.txt
+              pip install --quiet -r requirements.txt
+          shell: bash
+      -   name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+          with:
+              aws-region: eu-central-1
+              role-to-assume: "arn:aws:iam::064493320159:role/ReleasbilityChecksCICDRole"
+      -   name: Trigger releasability checks
+          id: checks
+          shell: bash
+          run: python3 src/main.py
+          env:
+              INPUT_ORGANIZATION: ${{ inputs.organization }}
+              INPUT_REPOSITORY: ${{ inputs.repository }}
+              INPUT_BRANCH: ${{ inputs.branch }}
+              INPUT_VERSION: ${{ inputs.version }}
+              INPUT_COMMIT_SHA: ${{ inputs.commit-sha}}
+              PYTHONUNBUFFERED: "1" # that way logs are printed live
+      - name: Print execution
+        run: |
+          echo "${{ steps.checks.outputs.logs }}"
+          echo "Exit code: ${{ steps.checks.outputs.status }}"
+        shell: bash
+      - name: Check status and fail if necessary
+        if: ${{ inputs.ignore-failure == 'false' && steps.checks.outputs.status != 0 }}
+        run: |
+          echo "::error:: Releasability checks reported some errors."
+          exit 1
+        shell: bash
diff --git a/doc/assets/releasability_checks_workflow_dispatch.png b/doc/assets/releasability_checks_workflow_dispatch.png
diff --git a/pytest.ini b/pytest.ini
@@ -0,0 +1,5 @@
+[pytest]
+minversion = 6.0
+addopts = --cov=src --cov-report html:build/coverage-html --cov-report xml:build/coverage.xml --cov-report term
+pythonpath = src
+testpaths = tests
diff --git a/release/exceptions/invalid_input_parameters_exception.py b/release/exceptions/invalid_input_parameters_exception.py
-Original file line number
+Diff line change
@@ -1 +1,3 @@
     tests
+    build
+    .github