[CIS-1766] SonarCloud implementation (#55)

Author: Alexey Alter-Pesotskiy

.github/workflows/smoke-checks.yml

@@ -11,12 +11,12 @@ on:
     types:
       - created
 
-concurrency: 
+concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
-      
+
 env:
-  HOMEBREW_NO_INSTALL_CLEANUP=1: 1 # Disable cleanup for homebrew, we don't need it on CI
+  HOMEBREW_NO_INSTALL_CLEANUP: 1 # Disable cleanup for homebrew, we don't need it on CI
 
 jobs:
   automated-code-review:
@@ -54,6 +54,10 @@ jobs:
     - uses: actions/checkout@v1
     - name: Set build image var
       run: echo "ImageVersion=$ImageVersion"  >> $GITHUB_ENV
+    - uses: actions/[email protected]
+      with:
+        python-version: 3.8
+        cache: 'pip'
     - name: Cache RubyGems
       uses: actions/cache@v2
       id: rubygem-cache
@@ -69,6 +73,8 @@ jobs:
         key: ${{ runner.os }}-mint-${{ hashFiles('./Mintfile') }}
         restore-keys: ${{ runner.os }}-mint-
     - uses: ./.github/actions/bootstrap
+      env:
+        INSTALL_SONAR: true
     - name: Prepare iPhone 12 with iOS 15.4
       uses: ./.github/actions/prepare-ios-simulator
       with:
@@ -77,12 +83,12 @@ jobs:
         xcode: "13.3.1"
     - name: Run Tests (Debug)
       run: bundle exec fastlane test_ui device:"iPhone 12 (15.4)"
-    - uses: codecov/codecov-action@v1
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-        flags: unit-tests
-        fail_ci_if_error: true # if codecov upload fails, should fail ci
-        verbose: true
+    - name: Run Sonar analysis
+      run: bundle exec fastlane sonar_upload
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        PR_NUMBER: ${{ github.event.number }}
     - uses: 8398a7/action-slack@v3
       with:
         status: ${{ job.status }}

.gitignore

@@ -74,3 +74,5 @@ Example/Carthage/.env
 Example/Carthage/fastlane/report.xml
 Sample/Cocoapods/Podfile.lock
 docusaurus/.env
+reports/
+.scannerwork/

.slather.yml

@@ -0,0 +1,11 @@
+coverage_service: sonarqube_xml
+xcodeproj: StreamChatSwiftUI.xcodeproj
+scheme: StreamChatSwiftUI
+source_directory: Sources/
+output_directory: reports
+ignore:
+  - "StreamChatSwiftUITests/**/*"
+  - "**/*_Tests.swift"
+  - "**/*_Mock.swift"
+  - "**/*_Vendor.swift"
+  - "**/Generated/*.swift"

Gemfile

@@ -11,6 +11,8 @@ gem "danger-commit_lint"
 gem "jazzy"
 gem "xcode-install"
 gem "json"
+gem "fastlane-plugin-lizard"
+gem "slather"
 
 plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile')
 eval_gemfile(plugins_path) if File.exist?(plugins_path)

Gemfile.lock

@@ -38,6 +38,7 @@ GEM
       cork
       nap
       open4 (~> 1.3)
+    clamp (1.3.2)
     cocoapods (1.11.3)
       addressable (~> 2.8)
       claide (>= 1.0.2, < 2.0)
@@ -75,6 +76,7 @@ GEM
       nap (>= 0.8, < 2.0)
       netrc (~> 0.11)
     cocoapods-try (1.2.0)
+    coderay (1.1.3)
     colored (1.2)
     colored2 (3.1.2)
     commander (4.6.0)
@@ -183,6 +185,11 @@ GEM
     fastlane-plugin-emerge (0.5.1)
       faraday (~> 1.1)
     fastlane-plugin-firebase_app_distribution (0.3.4)
+    fastlane-plugin-lizard (1.3.3)
+      bundler
+      fastlane
+      pry
+    fastlane-plugin-sonarcloud_metric_kit (0.2.0)
     fastlane-plugin-versioning (0.5.0)
     ffi (1.15.5)
     fourflusher (2.3.1)
@@ -253,6 +260,7 @@ GEM
       kramdown (~> 2.0)
     liferaft (0.0.6)
     memoist (0.16.2)
+    method_source (1.0.0)
     mini_magick (4.11.0)
     mini_mime (1.1.2)
     minitest (5.15.0)
@@ -265,14 +273,22 @@ GEM
     naturally (2.2.1)
     netrc (0.11.0)
     no_proxy_fix (0.1.2)
+    nokogiri (1.13.4-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.13.4-x86_64-darwin)
+      racc (~> 1.4)
     octokit (4.22.0)
       faraday (>= 0.9)
       sawyer (~> 0.8.0, >= 0.5.3)
     open4 (1.3.4)
     optparse (0.1.1)
     os (1.1.4)
     plist (3.6.0)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
     public_suffix (4.0.7)
+    racc (1.6.0)
     rake (13.0.6)
     rchardet (1.8.0)
     redcarpet (3.5.1)
@@ -300,6 +316,12 @@ GEM
     simctl (1.6.8)
       CFPropertyList
       naturally
+    slather (2.7.2)
+      CFPropertyList (>= 2.2, < 4)
+      activesupport
+      clamp (~> 1.3)
+      nokogiri (~> 1.12)
+      xcodeproj (~> 1.21)
     sqlite3 (1.4.2)
     terminal-notifier (2.0.0)
     terminal-table (1.8.0)
@@ -348,9 +370,12 @@ DEPENDENCIES
   fastlane
   fastlane-plugin-emerge
   fastlane-plugin-firebase_app_distribution
+  fastlane-plugin-lizard
+  fastlane-plugin-sonarcloud_metric_kit
   fastlane-plugin-versioning
   jazzy
   json
+  slather
   xcode-install
 
 BUNDLED WITH

README.md

@@ -2,6 +2,10 @@
   <img src="ReadmeAssets/iOS_Chat_Messaging.png"/>
 </p>
 
+<p align="center">
+  <a href="https://sonarcloud.io/summary/new_code?id=GetStream_stream-chat-swiftui"><img src="https://sonarcloud.io/api/project_badges/measure?project=GetStream_stream-chat-swiftui&metric=coverage" /></a>
+</p>
+
 ## SwiftUI StreamChat SDK
 
 The SwiftUI SDK is built on top of the [StreamChat](https://getstream.io/chat/docs/ios-swift/?language=swift) framework and it's a SwiftUI alternative to the [StreamChatUI](https://getstream.io/chat/docs/sdk/ios/) SDK. It's built completely in SwiftUI, using declarative patterns, that will be familiar to developers working with SwiftUI. The SDK includes an extensive set of performant and customizable UI components which allow you to get started quickly with little to no plumbing required.
@@ -13,7 +17,7 @@ The complete documentation and capabilities of the SwiftUI SDK can be found [her
 - **Channel list:** Browse channels and perform actions on them.
 - **Message list:** Fast message list that renders many different types of messages.
 - **Message Composer:** Powerful and customizable message composer, extendable with your own custom attachments.
-- **Message reactions:** Ready made reactions support, easily configurable depending on your use-cases. 
+- **Message reactions:** Ready made reactions support, easily configurable depending on your use-cases.
 - **Offline support:** Browse channels and send messages while offline.
 - **Highly customizable components:** The components are designed in a way that you can easily customize or completely swap existing views with your own implementation.
 
@@ -31,7 +35,7 @@ The SwiftUI SDK offers three types of components:
 
 - Screens - Easiest to integrate, but offer small customizations, like branding and text changes.
 - Stateful components - Offer more customization options and possibility to inject custom views. Also fairly simple to integrate, if the extension points are suitable for your chat use-case. These components come with view models.
-- Stateless components - These are the building blocks for the other two types of components. In order to use them, you would have to provide the state and data. Using these components only make sense if you want to implement completely custom chat experience. 
+- Stateless components - These are the building blocks for the other two types of components. In order to use them, you would have to provide the state and data. Using these components only make sense if you want to implement completely custom chat experience.
 
 ## Free for Makers
 

bootstrap.sh

@@ -4,6 +4,11 @@
 # You should have homebrew installed.
 # If you get `zsh: permission denied: ./bootstrap.sh` error, please run `chmod +x bootstrap.sh` first
 
+function puts {
+  echo
+  echo -e "👉 ${1}"
+}
+
 # Check if Homebrew is installed
 if [[ $(command -v brew) == "" ]]; then
     echo "Homebrew not installed. Please install."
@@ -14,31 +19,32 @@ set -Eeuo pipefail
 
 trap "echo ; echo ❌ The Bootstrap script failed to finish without error. See the log above to debug. ; echo" ERR
 
-echo
-echo -e "👉 Install Mint if needed"
+puts "Install Mint if needed"
 # List installed Mint versions, if fails, install Mint
 brew list mint || brew install mint
 
 # Set bash to Strict Mode (http://redsymbol.net/articles/unofficial-bash-strict-mode/)
 set -euo pipefail
 
-echo
-echo -e "👉 Bootstrap Mint dependencies"
+puts "Bootstrap Mint dependencies"
 mint bootstrap
 
-echo
-echo -e "👉 Create git/hooks folder if needed"
+puts "Create git/hooks folder if needed"
 mkdir -p .git/hooks
 
 # Symlink hooks folder to .git/hooks folder
-echo
-echo -e "👉 Create symlink for pre-commit hooks"
+puts "Create symlink for pre-commit hooks"
 # Symlink needs to be ../../hooks and not ./hooks because git evaluates them in .git/hooks
 ln -sf ../../hooks/pre-commit.sh .git/hooks/pre-commit
 chmod +x .git/hooks/pre-commit
 chmod +x ./hooks/git-format-staged
 
 # Install gems
-echo
-echo -e "👉 Install bundle dependencies"
+puts "Install bundle dependencies"
 bundle install
+
+if [[ ${INSTALL_SONAR-default} == true ]]; then
+    puts "Install sonar dependencies"
+    pip install lizard
+    brew install sonar-scanner
+fi

codecov.yml

@@ -1,6 +1,7 @@
 default_platform :ios
 
 require 'json'
+import 'Sonarfile'
 
 # The number of times the stress test suite is ran
 stress_tests_cycles = 50

fastlane/Fastfile

@@ -5,3 +5,4 @@
 gem 'fastlane-plugin-firebase_app_distribution'
 gem 'fastlane-plugin-versioning'
 gem 'fastlane-plugin-emerge'
+gem 'fastlane-plugin-sonarcloud_metric_kit'

fastlane/Pluginfile

@@ -6,7 +6,7 @@
 
 devices(["iPhone 12"])
 
-# Needed for codecov
+# Needed for Sonar
 code_coverage(true)
 
 # Our integration tests need to run in parallel

fastlane/Scanfile

@@ -0,0 +1,82 @@
+#!/usr/bin/env ruby
+
+desc 'Get code coverage report and run complexity analysis for Sonar'
+lane :sonar_upload do
+  version_number = get_version_number(
+    xcodeproj: 'StreamChatSwiftUI.xcodeproj',
+    target: 'StreamChatSwiftUI'
+  )[/\d+\.\d+\.\d/]
+
+  slather
+
+  lizard(
+    source_folder: './Sources/',
+    language: 'swift',
+    export_type: 'xml',
+    report_file: 'reports/lizard.xml'
+  )
+
+  if ENV['GITHUB_EVENT_NAME'] == 'pull_request'
+    sonar(
+      sonar_login: ENV['SONAR_TOKEN'],
+      pull_request_branch: ENV['GITHUB_HEAD_REF'],
+      pull_request_base: ENV['GITHUB_BASE_REF'],
+      pull_request_key: ENV['PR_NUMBER'],
+      project_version: version_number
+    )
+  else
+    branch = git_branch
+
+    sonar(
+      sonar_login: ENV['SONAR_TOKEN'],
+      branch_name: branch,
+      project_version: version_number
+    )
+
+    case branch.to_sym
+    when :main
+      slack_sonarcloud_metrics(new_period: version_number, branch: branch)
+    when :develop
+      slack_sonarcloud_metrics(branch: branch)
+    end
+  end
+end
+
+desc 'Creates a report in Slack with SonarCloud analysis details'
+private_lane :slack_sonarcloud_metrics do |options|
+  project_key = 'GetStream_stream-chat-swiftui'
+  metrics = sonarcloud_metric_kit(
+    project_key: project_key,
+    quality_gate: true,
+    branch: options[:branch]
+  )
+  new_period = options[:new_period] || options[:branch]
+  new_coverage = metrics[:new_coverage].to_f.round(2)
+  new_duplication_density = metrics[:new_duplicated_lines_density].to_f.round(2)
+  vulnerabilities = metrics[:security_hotspots].to_i + metrics[:vulnerabilities].to_i
+  new_vulnerabilities = metrics[:new_security_hotspots].to_i + metrics[:new_vulnerabilities].to_i
+
+  release_status = "From *#{metrics[:period_value]}* to *#{new_period}*\n _#{metrics[:new_lines_to_cover]}_ new lines of code 🚀"
+  coverage_status = "Total: _#{metrics[:coverage]}%_\nOn new code: _#{new_coverage}%_ #{new_coverage < 80 ? '⚠️' : '✅'}"
+  duplication_status = "Total: _#{metrics[:duplicated_lines_density]}%_\nOn new code: _#{new_duplication_density}%_ #{new_duplication_density < 3 ? '✅' : '⚠️'}"
+  code_smells_status = "Total: _#{metrics[:code_smells]}_\nNew: _#{metrics[:new_code_smells]}_ #{metrics[:new_code_smells].to_i.positive? ? '🙊' : '✅'}"
+  bugs_status = "Total: _#{metrics[:bugs]}_\nNew: _#{metrics[:new_bugs]}_ #{metrics[:new_bugs].to_i.positive? ? '⚠️' : '✅'}"
+  security_status = "Total: _#{vulnerabilities}_\nNew: _#{new_vulnerabilities}_ #{new_vulnerabilities.positive? ? '⚠️' : '✅'}"
+
+  slack(
+    message: "[StreamChatSwiftUI](https://sonarcloud.io/summary/new_code?id=#{project_key}&branch=#{options[:branch]})",
+    attachment_properties: {
+      thumb_url: 'https://pbs.twimg.com/profile_images/955394530806829056/LC7DAYM3_400x400.jpg',
+      fields: [
+        { title: 'Update', value: release_status, short: true },
+        { title: 'Code coverage', value: coverage_status, short: true },
+        { title: 'Duplicated lines density', value: duplication_status, short: true },
+        { title: 'Code smells', value: code_smells_status, short: true },
+        { title: 'Bugs', value: bugs_status, short: true },
+        { title: 'Vulnerabilities & Security hotspots', value: security_status, short: true }
+      ]
+    },
+    default_payloads: [],
+    slack_url: ENV['SLACK_WEBHOOK_URL']
+  )
+end

fastlane/Sonarfile

@@ -0,0 +1 @@
+lizard

requirements.txt

@@ -0,0 +1,15 @@
+sonar.projectKey=GetStream_stream-chat-swiftui
+sonar.projectName=stream-chat-swiftui
+sonar.host.url=https://sonarcloud.io
+sonar.organization=getstream
+sonar.sourceEncoding=UTF-8
+sonar.language=swift
+sonar.coverageReportPaths=reports/sonarqube-generic-coverage.xml
+sonar.swift.lizard.report=reports/lizard.xml
+sonar.inclusions=Sources/**/*.swift
+sonar.exclusions=Sources/**/*_Vendor.swift, Sources/**/Generated/*.swift
+
+# Prevent C/C++/Objective-C files from being analyzed
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-