Build

SLVS-2718 Add checkbox to GeneralOptionsDialogPage #248

Summary
Jobs
- Build
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Build

	on:
	push:
	branches:
	- master
	- dogfood-on-*
	- branch-*
	- sign-*
	pull_request:
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	permissions:
	id-token: write
	contents: write
	checks: write

	jobs:
	build:
	runs-on: warp-custom-sonarlint-visualstudio
	name: Build
	env:
	SONARSOURCE_SNK_FILE: "/tmp/SonarSource.snk"
	SM_CLIENT_CERT_FILE: "/tmp/digicert_signing_certificate.p12"
	SM_CLIENT_CRT_FILE: "/tmp/digicert_signing_certificate.crt"

	steps:
	- uses: actions/checkout@v5
	with:
	fetch-depth: '0'

	- name: Fetch vault secrets
	id: secrets
	uses: SonarSource/vault-action-wrapper@v3
	with:
	secrets: \|
	development/kv/data/repox url \| ARTIFACTORY_URL;
	development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader username \| ARTIFACTORY_USER;
	development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token \| ARTIFACTORY_ACCESS_TOKEN;
	development/artifactory/token/{REPO_OWNER_NAME_DASH}-qa-deployer access_token \| ARTIFACTORY_DEPLOY_TOKEN;
	development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token \| ARTIFACTORY_PROMOTE_ACCESS_TOKEN;
	development/kv/data/sign key \| SIGN_KEY;
	development/kv/data/sign passphrase \| SIGN_PASSPHRASE;
	development/kv/data/sign/digicert apikey \| SM_API_KEY;
	development/kv/data/sign/digicert cert_fp \| SM_CERT_FP;
	development/kv/data/sign/digicert cert \| SM_CERT;
	development/kv/data/sign/digicert client_cert_file_base64 \| SM_CLIENT_CERT_FILE_BASE64;
	development/kv/data/sign/digicert client_cert_password \| SM_CLIENT_CERT_PASSWORD;
	development/kv/data/sign/digicert cert \| SM_CLIENT_CRT;
	development/kv/data/sign/digicert host \| SM_HOST;
	development/team/languages/kv/data/strong_named_key SonarSourceSecret_snk \| SONARSOURCE_SNK;
	development/kv/data/sonarcloud url \| SONAR_URL;
	development/kv/data/sonarcloud token \| SONAR_TOKEN;
	development/aws/sts/downloads access_key \| AWS_ACCESS_KEY_ID;
	development/aws/sts/downloads secret_key \| AWS_SECRET_ACCESS_KEY;
	development/aws/sts/downloads security_token \| AWS_SESSION_TOKEN;
	development/github/token/{REPO_OWNER_NAME_DASH}-promotion token \| GITHUB_PROMOTION_TOKEN;
	development/kv/data/slack token \| SLACK_BOT_TOKEN;

	- uses: SonarSource/ci-github-actions/get-build-number@v1

	- name: Get branch name
	shell: bash
	id: branch-name
	run: \|
	if [ "${{ github.event_name }}" == "pull_request" ]; then
	echo "BRANCH_NAME=${{ github.head_ref }}" >> $GITHUB_OUTPUT
	else
	echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
	fi

	- name: Prepare Build
	shell: bash
	env:
	ARTIFACTORY_USER: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USER }}
	ARTIFACTORY_PASSWORD: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
	run: \|
	versionProps=$(cat build/Version.props)
	sonarProjectVersion=$(echo "$versionProps" \| sed -n 's:.<MainVersion>$.$</MainVersion>.*:\1:p')
	PROJECT_VERSION="${sonarProjectVersion}.${BUILD_NUMBER}"
	PROJECT_VERSION_WITHOUT_BUILD_NUMBER="${sonarProjectVersion}"
	echo "PROJECT_VERSION=${PROJECT_VERSION}" >> $GITHUB_ENV
	echo "PROJECT_VERSION_WITHOUT_BUILD_NUMBER=${PROJECT_VERSION_WITHOUT_BUILD_NUMBER}" >> $GITHUB_ENV
	echo "PROJECT_VERSION: ${PROJECT_VERSION}"
	echo "PROJECT_VERSION_WITHOUT_BUILD_NUMBER: $PROJECT_VERSION_WITHOUT_BUILD_NUMBER"
	msbuild.exe build/ChangeVersion.proj -p:Sha1=${GITHUB_SHA} -p:BranchName=${BRANCH_NAME} -p:BuildNumber=${BUILD_NUMBER} -p:BuildConfiguration=Release
	msbuild.exe build/DownloadDependencies -p:VsVersion=17.0 -p:VsTargetVersion=2022
	dotnet restore "SonarQube.VisualStudio.sln" --locked-mode

	- name: Update GitHub Actions Summary
	shell: bash
	run: \|
	echo "## 📦 Build Information" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "\| Property \| Value \|" >> $GITHUB_STEP_SUMMARY
	echo "\|----------\|-------\|" >> $GITHUB_STEP_SUMMARY
	echo "\| Project Version \| \`${PROJECT_VERSION}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Build Number \| \`${BUILD_NUMBER}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Branch \| \`${{ steps.branch-name.outputs.BRANCH_NAME }}\` \|" >> $GITHUB_STEP_SUMMARY

	- name: Prepare Analysis
	shell: bash
	env:
	SONAR_PROJECT_KEY: ${{ github.event.repository.name }}
	SONAR_URL: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_URL }}
	SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
	COVERAGE_FILE: ${{ github.workspace }}/coverage.xml
	run: .github/scripts/sonarqube-analysis.sh

	- name: Build Unsigned
	if: ${{ github.ref_name != 'master' && !startsWith(github.ref_name, 'branch-') && !startsWith(github.ref_name, 'sign-') }}
	shell: bash
	run: \|
	msbuild.exe "SonarQube.VisualStudio.sln" -p:VsVersion=17.0 -p:VsTargetVersion=2022 -p:SignArtifacts=false -p:DeployExtension=false -p:Sha1="${GITHUB_SHA}" -p:BuildNumber="${BUILD_NUMBER}" -p:Configuration=Release

	- name: Build Signed
	if: ${{ github.ref_name == 'master' \|\| startsWith(github.ref_name, 'branch-') \|\| startsWith(github.ref_name, 'sign-') }}
	shell: bash
	env:
	SM_API_KEY: ${{ fromJSON(steps.secrets.outputs.vault).SM_API_KEY }}
	SM_CERT_FP: ${{ fromJSON(steps.secrets.outputs.vault).SM_CERT_FP }}
	SM_CERT: ${{ fromJSON(steps.secrets.outputs.vault).SM_CERT }}
	SM_CLIENT_CERT_FILE_BASE64: ${{ fromJSON(steps.secrets.outputs.vault).SM_CLIENT_CERT_FILE_BASE64 }}
	SM_CLIENT_CERT_PASSWORD: ${{ fromJSON(steps.secrets.outputs.vault).SM_CLIENT_CERT_PASSWORD }}
	SM_CLIENT_CRT: ${{ fromJSON(steps.secrets.outputs.vault).SM_CLIENT_CRT }}
	SM_HOST: ${{ fromJSON(steps.secrets.outputs.vault).SM_HOST }}
	SM_KP: key_1361216169
	SONARSOURCE_SNK: ${{ fromJSON(steps.secrets.outputs.vault).SONARSOURCE_SNK }}
	SIGN_KEY: ${{ fromJSON(steps.secrets.outputs.vault).SIGN_KEY }}
	SIGN_PASSPHRASE: ${{ fromJSON(steps.secrets.outputs.vault).SIGN_PASSPHRASE }}
	run: \|
	echo "${SONARSOURCE_SNK}" \| base64 -d > "${SONARSOURCE_SNK_FILE}"
	echo "${SM_CLIENT_CERT_FILE_BASE64}" \| base64 -d > "${SM_CLIENT_CERT_FILE}"
	echo "${SM_CLIENT_CRT}" > "${SM_CLIENT_CRT_FILE}"
	smctl windows certsync
	msbuild.exe "SonarQube.VisualStudio.sln" -p:VsVersion=17.0 -p:VsTargetVersion=2022 -p:SignArtifacts=true -p:AssemblyOriginatorKeyFile="${SONARSOURCE_SNK_FILE}" -p:DeployExtension=false -p:Sha1="${GITHUB_SHA}" -p:BuildNumber="${BUILD_NUMBER}" -p:Configuration=Release
	nuget sign "binaries/SonarLint.VSIX-${PROJECT_VERSION}-2022.vsix" -HashAlgorithm SHA256 -CertificateFingerprint ${SM_CERT_FP} -Timestamper http://timestamp.digicert.com -TimestampHashAlgorithm SHA256
	sbomname="SonarLint.visualstudio.sbom-${PROJECT_VERSION}-2022.json"
	echo "${SIGN_KEY}" \| gpg --batch --passphrase "${SIGN_PASSPHRASE}" --allow-secret-key-import --import
	gpg --list-secret-keys
	dotnet CycloneDX "SonarQube.VisualStudio.sln" -t -j -o binaries
	cd binaries
	mv bom.json $sbomname
	gpg --pinentry-mode loopback --passphrase "${SIGN_PASSPHRASE}" --armor --detach-sig --default-key [email protected] "$sbomname"
	echo "signed $sbomname"

	- name: Test with Coverage
	shell: bash
	env:
	MSVC: C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\VC\Tools\MSVC\14.40.33807\bin\Hostx64\x64\cl.exe # Required for CFamily integration tests
	run: \|
	vstest.console.exe --EnableCodeCoverage --Logger:trx --ResultsDirectory:"TestResults" src//bin//Sonar.Tests.dll
	dotnet-coverage merge -o "coverage.xml" -f xml "*/.coverage"

	- name: Report Test Results
	uses: dorny/test-reporter@v2
	if: success() \|\| failure()
	with:
	name: Test Results
	path: TestResults/*.trx
	reporter: dotnet-trx
	list-tests: failed

	- name: Analyze on SonarQubeCloudEU
	shell: bash
	env:
	SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).SONAR_TOKEN }}
	run: \|
	dotnet sonarscanner end -d:sonar.token="${SONAR_TOKEN}"

	- name: Upload binaries artifact
	uses: actions/upload-artifact@v4
	with:
	name: binaries
	path: binaries/*

	- name: Publish to Repox
	shell: bash
	env:
	ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }}
	ARTIFACTORY_DEPLOY_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_DEPLOY_TOKEN }}
	REPO_NAME: ${{ github.event.repository.name }}
	run: \|
	jf config add repox --artifactory-url ${ARTIFACTORY_URL} --access-token "${ARTIFACTORY_DEPLOY_TOKEN}"
	jf rt upload "binaries/*" sonarsource-public-qa/org/sonarsource/sonarlint/visualstudio/${REPO_NAME}/${PROJECT_VERSION}/ --flat --build-name ${REPO_NAME} --build-number ${BUILD_NUMBER} --module="org.sonarsource.sonarlint.visualstudio:${REPO_NAME}:${PROJECT_VERSION}"
	jf rt bp ${REPO_NAME} ${BUILD_NUMBER}

	- name: Promote Build
	if: ${{ github.ref_name == 'master' \|\| startsWith(github.ref_name, 'branch-') }}
	shell: bash
	env:
	ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_URL }}
	ARTIFACTORY_PROMOTE_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_PROMOTE_ACCESS_TOKEN }}
	GH_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_PROMOTION_TOKEN }}
	REPO_NAME: ${{ github.event.repository.name }}
	run: \|
	jf config remove repox
	jf config add repox --artifactory-url ${ARTIFACTORY_URL} --access-token "${ARTIFACTORY_PROMOTE_ACCESS_TOKEN}"
	jf rt bpr --status "it-passed" "${REPO_NAME}" "${BUILD_NUMBER}" "sonarsource-public-builds"
	# Post promotion status to GitHub
	longDescription="Latest promoted build of '${PROJECT_VERSION}' from branch '${GITHUB_REF}'"
	shortDescription=${longDescription:0:140}
	buildUrl="${ARTIFACTORY_URL%/*}/ui/builds/${REPO_NAME}/${BUILD_NUMBER}/"
	githubApiUrl="https://api.github.com/repos/${GITHUB_REPOSITORY}/statuses/${GITHUB_SHA}"
	gh api -X POST -H "X-GitHub-Api-Version: 2022-11-28" "$githubApiUrl" -H "Content-Type: application/json" --input - <<EOF
	{
	"state": "success",
	"target_url": "$buildUrl",
	"description": "$shortDescription",
	"context": "repox-${GITHUB_REF_NAME}"
	}
	EOF

	- name: Publish to Dogfood
	if: ${{ github.ref_name == 'master' \|\| startsWith(github.ref_name, 'branch-') \|\| startsWith(github.ref_name, 'dogfood-on-') }}
	shell: bash
	env:
	AWS_ACCESS_KEY_ID: ${{ fromJSON(steps.secrets.outputs.vault).AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ fromJSON(steps.secrets.outputs.vault).AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).AWS_SESSION_TOKEN }}
	AWS_DEFAULT_REGION: eu-central-1
	run: \|
	mkdir -p /tmp/dogfood/${PROJECT_VERSION}
	PrivateGalleryCreator.exe --input=binaries --terminate --source="https://binaries.sonarsource.com/SonarLint-for-VisualStudio/dogfood/${PROJECT_VERSION}/" --output=/tmp/dogfood/feed.xml
	cp binaries/SonarLint.VSIX-${PROJECT_VERSION}-2022.vsix /tmp/dogfood/${PROJECT_VERSION}/
	.github/scripts/publish-dogfood-site.sh /tmp/dogfood

	- name: Slack Notification on Failure
	if: failure()
	uses: slackapi/[email protected]
	with:
	method: chat.postMessage
	token: ${{ fromJSON(steps.secrets.outputs.vault).SLACK_BOT_TOKEN }}
	payload: \|
	channel: squad-ide-visualstudio-bots
	text: "Job failed in ${{ github.repository }}"
	blocks:
	- type: "section"
	text:
	type: "mrkdwn"
	text: ":x: Repository: ${{ github.repository }}\nBranch: ${{ steps.branch-name.outputs.BRANCH_NAME }}\nWorkflow: ${{ github.workflow }}\nRun: <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\|#${{ github.run_number }}>"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SLVS-2718 Add checkbox to GeneralOptionsDialogPage #248

Workflow file

SLVS-2718 Add checkbox to GeneralOptionsDialogPage #248

Uh oh!

Jobs

Run details

Workflow file for this run