7cce3a2999
- Add sonar.dependencyCheck.jsonReportPath and htmlReportPath to sonar-project.properties - Add Dependency-Check action scanning composer.lock and package.json - Generate JSON and HTML reports for SonarQube analysis - Add to ci.yml sonarqube job and sonarqube.yml workflow Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
117 lines
3.4 KiB
YAML
117 lines
3.4 KiB
YAML
name: SonarQube Full Scan
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
scan:
|
|
runs_on: ubuntu-latest
|
|
services:
|
|
database:
|
|
image: postgres:16-alpine
|
|
env:
|
|
POSTGRES_USER: app
|
|
POSTGRES_PASSWORD: secret
|
|
POSTGRES_DB: e_ticket
|
|
options: >-
|
|
--health-cmd "pg_isready -U app -d e_ticket"
|
|
--health-interval 5s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
redis:
|
|
image: redis:7-alpine
|
|
options: >-
|
|
--health-cmd "redis-cli ping"
|
|
--health-interval 5s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
meilisearch:
|
|
image: getmeili/meilisearch:latest
|
|
env:
|
|
MEILI_MASTER_KEY: test
|
|
MEILI_ENV: development
|
|
env:
|
|
DATABASE_URL: "postgresql://app:secret@database:5432/e_ticket?serverVersion=16&charset=utf8"
|
|
MESSENGER_TRANSPORT_DSN: "redis://redis:6379/messages"
|
|
MAILER_DSN: "null://null"
|
|
MEILISEARCH_URL: "http://meilisearch:7700"
|
|
MEILISEARCH_API_KEY: "test"
|
|
APP_ENV: test
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup PHP
|
|
uses: shivammathur/setup-php@v2
|
|
with:
|
|
php-version: '8.4'
|
|
extensions: intl, pdo_pgsql, zip, gd, redis, imagick
|
|
coverage: xdebug
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '22'
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v1
|
|
|
|
- name: Install PHP dependencies
|
|
run: composer install --no-interaction --prefer-dist
|
|
|
|
- name: Install JS dependencies
|
|
run: bun install
|
|
|
|
- name: JS tests with coverage
|
|
run: bun run test:coverage
|
|
|
|
- name: PHPStan report
|
|
run: vendor/bin/phpstan analyse src/ --level=6 --no-progress --error-format=json > phpstan-report.json || true
|
|
|
|
- name: Build assets
|
|
run: bun run build
|
|
|
|
- name: Create test database
|
|
run: php bin/console doctrine:database:create --env=test --if-not-exists
|
|
|
|
- name: Create database schema
|
|
run: php bin/console doctrine:schema:create --env=test
|
|
|
|
- name: PHPUnit with coverage
|
|
run: vendor/bin/phpunit --coverage-clover coverage.xml
|
|
|
|
- name: ESLint report
|
|
run: bunx eslint assets/ --ext .js,.ts -f json -o eslint-report.json || true
|
|
|
|
- name: Hadolint
|
|
run: |
|
|
wget -qO hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
|
|
chmod +x hadolint
|
|
./hadolint docker/php/dev/Dockerfile -f json > hadolint-dev.json || true
|
|
./hadolint docker/php/prod/Dockerfile -f json > hadolint-prod.json || true
|
|
|
|
- name: OWASP Dependency-Check
|
|
uses: dependency-check/Dependency-Check_Action@main
|
|
with:
|
|
project: 'e-ticket'
|
|
path: '.'
|
|
format: 'JSON,HTML'
|
|
args: >
|
|
--scan composer.lock
|
|
--scan package.json
|
|
--out .
|
|
--disableAssembly
|
|
continue-on-error: true
|
|
|
|
- name: SonarQube Scan
|
|
uses: sonarsource/sonarqube-scan-action@v5
|
|
with:
|
|
args: >
|
|
-Dsonar.qualitygate.wait=true
|
|
-Dsonar.scm.forceReloadAll=true
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
SONAR_HOST_URL: https://sn.esy-web.dev
|