Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions .github/workflows/UpdateRuleMetadata.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Update Rule Metadata
on: workflow_dispatch

env:
PR_BRANCH_NAME: gh-action/update-rule-metadata
PR_BRANCH_NAME: "gh-action/update-rule-metadata.${{ github.run_id }}"

jobs:
UpdateRuleMetadata_job:
Expand Down Expand Up @@ -38,12 +38,22 @@ jobs:
distribution: 'temurin'
java-version: '21'

- name: Getting Vault Secrets
id: secrets
uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
with:
secrets: |
development/github/token/{REPO_OWNER_NAME_DASH}-rspec token | GITHUB_TOKEN_RSPEC;

- name: Update Files
env:
GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN_RSPEC }}
run: |
java -jar "/tmp/rule-api.jar" update
sed --in-place='' -e 's/rule:java:S3649/rule:javasecurity:S3649/g' 'sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S2077.html'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need to store this replacement as a regular thing? Probably it should be removed?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I verified locally that this sed command is still applicable.

I just ran rule-api update and it did change S2077.html. While I am not aware of the context, our release instructions ("Release sonar-java" on the xtranet) very specifically say "Warning: Make sure we not replace {rule:javasecurity:S3649} by {rule:java:S3649}."

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I see the problem, it's related to lack of configuration in sonar-rule-api repository when generating templates for rules. Probably it makes sense to create a task to fix such cases (for CFamily squad).


- name: Create PR
id: create-pr
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
Expand All @@ -52,4 +62,10 @@ jobs:
git checkout -b "${{ env.PR_BRANCH_NAME }}"
git commit -m 'Update rule metadata' -a
git push --set-upstream origin "${{ env.PR_BRANCH_NAME }}"
gh pr create -B master --title 'Update rule metadata' --body ''
URL=$(gh pr create -B master --title 'Update rule metadata' --body '')
echo "url=${URL}" >> $GITHUB_OUTPUT

- name: Summary
run: |
echo "Generated ${{steps.create-pr.outputs.url}}." >> $GITHUB_STEP_SUMMARY
echo "Tip: close and reopen the PR to trigger CI. " >> $GITHUB_STEP_SUMMARY
Loading