SonarQube适用于Objective-C的Github Action

huangapple go评论74阅读模式
英文:

SonarQube Github Action for Objective-C

问题

我正在尝试为托管在Github上的项目设置SonarQube。 SonarQube UI提供的设置很好,尽管项目使用Objective-C编程语言。 我正在使用的Github Action是

jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

并且它失败了

ERROR: Error during SonarScanner execution
java.lang.UnsupportedOperationException: 

唯一获取C/C++/Objective-C文件准确分析的方法是使用SonarSource build-wrapper并设置属性"sonar.cfamily.build-wrapper-output"
或者使用Clang Compilation Database并设置属性"sonar.cfamily.compile-commands"。 这两个选项都未指定。

是否有某个Github Action可以运行SonarSource build-wrapper,或者接下来最好的步骤是什么?

英文:

I am trying to setup SonarQube for a project hosted on Github. The settings offered in the SonarQube UI are good, despite the fact that the project uses the Objective-C programming language. The Github Action I am using is

jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

and it fails with

ERROR: Error during SonarScanner execution
java.lang.UnsupportedOperationException: 

The only way to get an accurate analysis of C/C++/Objective-C files is by using the
SonarSource build-wrapper and setting the property "sonar.cfamily.build-wrapper-output" 
or by using Clang Compilation Database and setting the property 
"sonar.cfamily.compile-commands". None of these two options were specified.

Is there some Github Action that will run the SonarSource build-wrapper, or what would be the best next step?

答案1

得分: 0

所以我扩展了我的工作流程如下。有一些注意事项:

  • 有一个不错的Github Action 'SonarSource/sonarcloud-github-c-cpp@v1'。这足以分析Objective-C项目吗?

  • Git checkout会删除不必要的目录。因此,你必须在checkout源代码后安装SonarQube。

  • Build包装器只监视实际的构建,因此你仍然需要运行Sonar Scanner。

这是生成的代码:

jobs:
  SonarQube:
    runs-on: ubuntu-latest
    env:
      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory

    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  # 浅克隆应禁用以获得更好的分析相关性
          submodules: recursive
      
      - name: 安装sonar-scanner和build-wrapper
        uses: SonarSource/sonarcloud-github-c-cpp@v1

      - name: 运行build-wrapper
        run: |
          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make -f Makefile pkg-posix-nightly HOST_ARCH=$(uname -m)

      - name: 运行sonar-scanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} # 将你的令牌的名称放在这里
        run: |
          sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
英文:

So I extended my workflow as follows. There are a few caveats:

  • there is a nice Github Action 'SonarSource/sonarcloud-github-c-cpp@v1'. Is this sufficient to analyze Objective-C projects?

  • Git checkout will remove unnecessary directories. Hence you must install SonarQube AFTER having checkout out your source

  • The build wrapper just monitors the actual build, so you still have to run the Sonar Scanner afterwards

Here is the resulting code:

jobs:
  SonarQube:
    runs-on: ubuntu-latest
    env:
      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory

    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
          submodules: recursive
      
      - name: Install sonar-scanner and build-wrapper
        uses: SonarSource/sonarcloud-github-c-cpp@v1

      - name: Run build-wrapper
        run: |
          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make -f Makefile pkg-posix-nightly HOST_ARCH=$(uname -m)

      - name: Run sonar-scanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} # Put the name of your token here
        run: |
          sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"

huangapple
  • 本文由 发表于 2023年4月17日 02:42:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/76029695.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定