From e19b27badf965c46b676f13be7a5cfb5d95c82ca Mon Sep 17 00:00:00 2001
From: Jorge Martin Espinosa <jorgem@element.io>
Date: Thu, 7 Sep 2023 13:19:13 +0200
Subject: [PATCH] De-duplicate sonar job in the CI (#1238)

* De-duplicate sonar job in the CI

* Remove workaround for `src/*/kotlin` folders

* Downgrade the sonarqube plugin version

* Try increasing workers for this job, since it's quite slow

* Warn about regression in latest sonarqube release

* Forbid backups to prevent cryptographic issues
---
 .github/workflows/quality.yml                  |  6 ------
 .github/workflows/sonar.yml                    | 12 +++---------
 app/src/main/AndroidManifest.xml               |  2 +-
 app/src/main/res/xml/backup_rules.xml          | 11 ++---------
 app/src/main/res/xml/data_extraction_rules.xml | 16 ++++------------
 build.gradle.kts                               | 16 ----------------
 gradle/libs.versions.toml                      |  5 ++++-
 7 files changed, 14 insertions(+), 54 deletions(-)

diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
index 9c0aac7aef..37648a5403 100644
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@@ -52,12 +52,6 @@ jobs:
           name: linting-report
           path: |
             */build/reports/**/*.*
-      - name: 🔊 Publish results to Sonar
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          ORG_GRADLE_PROJECT_SONAR_LOGIN: ${{ secrets.SONAR_TOKEN }}
-        if: ${{ always() && env.SONAR_TOKEN != '' && env.ORG_GRADLE_PROJECT_SONAR_LOGIN != '' }}
-        run: ./gradlew sonar $CI_GRADLE_ARG_PROPERTIES
       - name: Prepare Danger
         if: always()
         run: |
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index 42846c2cd5..e8efe99d28 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -1,4 +1,4 @@
-name: Code Quality Checks
+name: Sonar
 
 on:
   workflow_dispatch:
@@ -10,11 +10,11 @@ on:
 # Enrich gradle.properties for CI/CD
 env:
   GRADLE_OPTS: -Dorg.gradle.jvmargs="-Xmx3072m -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError" -XX:MaxMetaspaceSize=512m -Dkotlin.daemon.jvm.options="-Xmx2g" -Dkotlin.incremental=false
-  CI_GRADLE_ARG_PROPERTIES: --stacktrace -PpreDexEnable=false --max-workers 2 --no-daemon --warn
+  CI_GRADLE_ARG_PROPERTIES: --stacktrace -PpreDexEnable=false --max-workers 4 --no-daemon --warn
 
 jobs:
   sonar:
-    name: Project Check Suite
+    name: Sonar Quality Checks
     runs-on: ubuntu-latest
     # Allow all jobs on main and develop. Just one per PR.
     concurrency:
@@ -41,9 +41,3 @@ jobs:
           ORG_GRADLE_PROJECT_SONAR_LOGIN: ${{ secrets.SONAR_TOKEN }}
         if: ${{ always() && env.SONAR_TOKEN != '' && env.ORG_GRADLE_PROJECT_SONAR_LOGIN != '' }}
         run: ./gradlew sonar $CI_GRADLE_ARG_PROPERTIES
-      - name: Prepare Danger
-        if: always()
-        run: |
-          npm install --save-dev @babel/core
-          npm install --save-dev @babel/plugin-transform-flow-strip-types
-          yarn add danger-plugin-lint-report --dev
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index ffd0265584..7d1c45b1b1 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -22,7 +22,7 @@
 
     <application
         android:name=".ElementXApplication"
-        android:allowBackup="true"
+        android:allowBackup="false"
         android:dataExtractionRules="@xml/data_extraction_rules"
         android:fullBackupContent="@xml/backup_rules"
         android:icon="@mipmap/ic_launcher"
diff --git a/app/src/main/res/xml/backup_rules.xml b/app/src/main/res/xml/backup_rules.xml
index 37fe0011dc..973e5911ae 100644
--- a/app/src/main/res/xml/backup_rules.xml
+++ b/app/src/main/res/xml/backup_rules.xml
@@ -15,15 +15,8 @@
   -->
 
 <!--
-   Sample backup rules file; uncomment and customize as necessary.
-   See https://developer.android.com/guide/topics/data/autobackup
-   for details.
-   Note: This file is ignored for devices older that API 31
-   See https://developer.android.com/about/versions/12/backup-restore
+   All backup is disabled since it would clash with encryption.
 -->
 <full-backup-content>
-    <!--
-   <include domain="sharedpref" path="."/>
-   <exclude domain="sharedpref" path="device.xml"/>
--->
+    <exclude domain="root" path="." />
 </full-backup-content>
diff --git a/app/src/main/res/xml/data_extraction_rules.xml b/app/src/main/res/xml/data_extraction_rules.xml
index a6ecda4638..9b4bbfff1c 100644
--- a/app/src/main/res/xml/data_extraction_rules.xml
+++ b/app/src/main/res/xml/data_extraction_rules.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?><!--
-  ~ Copyright (c) 2022 New Vector Ltd
+  ~ Copyright (c) 2023 New Vector Ltd
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -15,21 +15,13 @@
   -->
 
 <!--
-   Sample data extraction rules file; uncomment and customize as necessary.
-   See https://developer.android.com/about/versions/12/backup-restore#xml-changes
-   for details.
+   All backup is disabled since it would clash with encryption.
 -->
 <data-extraction-rules>
     <cloud-backup>
-        <!-- TODO: Use <include> and <exclude> to control what is backed up.
-        <include .../>
-        <exclude .../>
-        -->
+        <exclude domain="root" path="." />
     </cloud-backup>
-    <!--
     <device-transfer>
-        <include .../>
-        <exclude .../>
+        <exclude domain="root" path="." />
     </device-transfer>
-    -->
 </data-extraction-rules>
diff --git a/build.gradle.kts b/build.gradle.kts
index 69f5676e72..bd0f84177a 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -143,22 +143,6 @@ sonar {
     }
 }
 
-allprojects {
-    val projectDir = projectDir.toString()
-    sonar {
-        properties {
-            // Note: folders `kotlin` are not supported (yet), I asked on their side: https://community.sonarsource.com/t/82824
-            // As a workaround provide the path in `sonar.sources` property.
-            if (File("$projectDir/src/main/kotlin").exists()) {
-                property("sonar.sources", "src/main/kotlin")
-            }
-            if (File("$projectDir/src/test/kotlin").exists()) {
-                property("sonar.tests", "src/test/kotlin")
-            }
-        }
-    }
-}
-
 allprojects {
     tasks.withType<Test> {
         maxParallelForks = (Runtime.getRuntime().availableProcessors() / 2).coerceAtLeast(1)
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 1ce7a09e72..b1e068613d 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -203,6 +203,9 @@ dependencygraph = { id = "com.savvasdalkitsis.module-dependency-graph", version.
 dependencycheck = { id = "org.owasp.dependencycheck", version.ref = "dependencycheck" }
 dependencyanalysis = { id = "com.autonomousapps.dependency-analysis", version.ref = "dependencyanalysis" }
 paparazzi = "app.cash.paparazzi:1.3.1"
-sonarqube = "org.sonarqube:4.3.1.3277"
 kover = "org.jetbrains.kotlinx.kover:0.6.1"
 sqldelight = { id = "com.squareup.sqldelight", version.ref = "sqldelight" }
+
+# Version '4.3.1.3277' introduced some regressions in CI time (more than 2x slower), so make sure
+# this is no longer the case before upgrading.
+sonarqube = "org.sonarqube:4.2.1.3168"