name: SonarQube Full Scan

on:
  workflow_dispatch:

jobs:
  scan:
    runs_on: ubuntu-latest
    services:
      database:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: app
          POSTGRES_PASSWORD: secret
          POSTGRES_DB: crm_ecosplay
        options: >-
          --health-cmd "pg_isready -U app -d crm_ecosplay"
          --health-interval 5s
          --health-timeout 5s
          --health-retries 5
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 5s
          --health-timeout 5s
          --health-retries 5
      meilisearch:
        image: getmeili/meilisearch:latest
        env:
          MEILI_MASTER_KEY: test
          MEILI_ENV: development
    env:
      DATABASE_URL: "postgresql://app:secret@database:5432/crm_ecosplay?serverVersion=16&charset=utf8"
      MESSENGER_TRANSPORT_DSN: "redis://redis:6379/messages"
      MAILER_DSN: "null://null"
      MEILISEARCH_URL: "http://meilisearch:7700"
      MEILISEARCH_API_KEY: "test"
      APP_ENV: test
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          extensions: intl, pdo_pgsql, zip, gd, redis, imagick
          coverage: xdebug

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '22'

      - name: Setup Bun
        uses: oven-sh/setup-bun@v1

      - name: Install PHP dependencies
        run: composer install --no-interaction --prefer-dist

      - name: Install JS dependencies
        run: bun install

      - name: JS tests with coverage
        run: bun run test:coverage

      - name: PHPStan report
        run: vendor/bin/phpstan analyse src/ --level=6 --no-progress --error-format=json > phpstan-report.json || true

      - name: Build assets
        run: bun run build

      - name: Create test database
        run: php bin/console doctrine:database:create --env=test --if-not-exists

      - name: Create database schema
        run: php bin/console doctrine:schema:create --env=test

      - name: PHPUnit with coverage
        run: vendor/bin/phpunit --coverage-clover coverage.xml

      - name: ESLint report
        run: bunx eslint assets/ --ext .js,.ts -f json -o eslint-report.json || true

      - name: Hadolint
        run: |
          wget -qO hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
          chmod +x hadolint
          ./hadolint docker/php/dev/Dockerfile -f json > hadolint-dev.json || true
          ./hadolint docker/php/prod/Dockerfile -f json > hadolint-prod.json || true

      - name: OWASP Dependency-Check
        uses: dependency-check/Dependency-Check_Action@main
        with:
          project: 'crm-ecosplay'
          path: '.'
          format: 'JSON,HTML'
          args: >
            --scan composer.lock
            --scan package.json
            --out .
            --disableAssembly
        continue-on-error: true

      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@v5
        with:
          args: >
            -Dsonar.qualitygate.wait=true
            -Dsonar.scm.forceReloadAll=true
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: https://sn.esy-web.dev