7474ada434
- Add sonar.eslint.reportPaths and sonar.docker.hadolint.reportPaths - Generate ESLint JSON report in CI frontend and sonarqube jobs - Generate Hadolint JSON reports for dev and prod Dockerfiles - Add reports to ci.yml and sonarqube.yml workflows Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
104 lines
3.0 KiB
YAML
104 lines
3.0 KiB
YAML
name: SonarQube Full Scan
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
scan:
|
|
runs_on: ubuntu-latest
|
|
services:
|
|
database:
|
|
image: postgres:16-alpine
|
|
env:
|
|
POSTGRES_USER: app
|
|
POSTGRES_PASSWORD: secret
|
|
POSTGRES_DB: e_ticket
|
|
options: >-
|
|
--health-cmd "pg_isready -U app -d e_ticket"
|
|
--health-interval 5s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
redis:
|
|
image: redis:7-alpine
|
|
options: >-
|
|
--health-cmd "redis-cli ping"
|
|
--health-interval 5s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
meilisearch:
|
|
image: getmeili/meilisearch:latest
|
|
env:
|
|
MEILI_MASTER_KEY: test
|
|
MEILI_ENV: development
|
|
env:
|
|
DATABASE_URL: "postgresql://app:secret@database:5432/e_ticket?serverVersion=16&charset=utf8"
|
|
MESSENGER_TRANSPORT_DSN: "redis://redis:6379/messages"
|
|
MAILER_DSN: "null://null"
|
|
MEILISEARCH_URL: "http://meilisearch:7700"
|
|
MEILISEARCH_API_KEY: "test"
|
|
APP_ENV: test
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup PHP
|
|
uses: shivammathur/setup-php@v2
|
|
with:
|
|
php-version: '8.4'
|
|
extensions: intl, pdo_pgsql, zip, gd, redis, imagick
|
|
coverage: xdebug
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '22'
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v1
|
|
|
|
- name: Install PHP dependencies
|
|
run: composer install --no-interaction --prefer-dist
|
|
|
|
- name: Install JS dependencies
|
|
run: bun install
|
|
|
|
- name: JS tests with coverage
|
|
run: bun run test:coverage
|
|
|
|
- name: PHPStan report
|
|
run: vendor/bin/phpstan analyse src/ --level=6 --no-progress --error-format=json > phpstan-report.json || true
|
|
|
|
- name: Build assets
|
|
run: bun run build
|
|
|
|
- name: Create test database
|
|
run: php bin/console doctrine:database:create --env=test --if-not-exists
|
|
|
|
- name: Create database schema
|
|
run: php bin/console doctrine:schema:create --env=test
|
|
|
|
- name: PHPUnit with coverage
|
|
run: vendor/bin/phpunit --coverage-clover coverage.xml
|
|
|
|
- name: ESLint report
|
|
run: bunx eslint assets/ --ext .js,.ts -f json -o eslint-report.json || true
|
|
|
|
- name: Hadolint
|
|
run: |
|
|
wget -qO hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
|
|
chmod +x hadolint
|
|
./hadolint docker/php/dev/Dockerfile -f json > hadolint-dev.json || true
|
|
./hadolint docker/php/prod/Dockerfile -f json > hadolint-prod.json || true
|
|
|
|
- name: SonarQube Scan
|
|
uses: sonarsource/sonarqube-scan-action@v5
|
|
with:
|
|
args: >
|
|
-Dsonar.qualitygate.wait=true
|
|
-Dsonar.scm.forceReloadAll=true
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
SONAR_HOST_URL: https://sn.esy-web.dev
|