diff --git a/.github/workflows/integration-tests-v1.yaml b/.github/workflows/integration-tests-v1.yaml index d58f424f..55084264 100644 --- a/.github/workflows/integration-tests-v1.yaml +++ b/.github/workflows/integration-tests-v1.yaml @@ -46,4 +46,4 @@ jobs: FIREBOLT_CLIENT_ID: ${{ secrets.SERVICE_ID_STG }} FIREBOLT_CLIENT_SECRET: ${{ secrets.SERVICE_SECRET_STG }} run: | - npm run test:ci integration/v1 \ No newline at end of file + npm run test:ci integration/v1 diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 924d1198..28da9885 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -8,31 +8,29 @@ on: jobs: code-checks: - runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v6 - - - name: Set up node.js - uses: actions/setup-node@v6 - with: - node-version: '16' - - - name: Install dependencies - run: npm install - - - name: Type check with typescript - run: | - npm run type-check - - - name: Test with jest - run: | - npm test -- --coverage test/unit - - - name: "Security Scan" - uses: SonarSource/sonarqube-scan-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} + - name: Check out code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Set up node.js + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + with: + node-version: '16' + + - name: Install dependencies + run: npm install + + - name: Type check with typescript + run: npm run type-check + + - name: Test with jest + run: npm test -- --coverage test/unit + + - name: Upload coverage report + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: coverage + path: coverage/ + retention-days: 1 diff --git a/.github/workflows/release-workflow.yaml b/.github/workflows/release-workflow.yaml index cd784de4..e376d090 100644 --- a/.github/workflows/release-workflow.yaml +++ b/.github/workflows/release-workflow.yaml @@ -23,18 +23,18 @@ jobs: publish: runs-on: ubuntu-latest needs: integration-tests - steps: + steps: - name: Check out code uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ secrets.RELEASE_PAT }} - + - name: Set up node.js uses: actions/setup-node@v6 with: node-version: '16' - + - name: Install dependencies run: | npm install @@ -43,7 +43,7 @@ jobs: run: | git config user.name "GitHub Actions Bot" git config user.email "<>" - + - name: Build run: | npm run build diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml new file mode 100644 index 00000000..a1418862 --- /dev/null +++ b/.github/workflows/sonar.yaml @@ -0,0 +1,36 @@ +name: Sonar scan + +on: + workflow_run: + workflows: [ "PR checks" ] + types: [ completed ] + +jobs: + sonar: + runs-on: ubuntu-latest + # Only run if the triggering workflow succeeded + if: ${{ github.event.workflow_run.conclusion == 'success' }} + + steps: + - name: Check out code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + # Check out the exact commit that was tested, not the base branch + ref: ${{ github.event.workflow_run.head_sha }} + fetch-depth: 0 + + - name: Download coverage report + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + with: + name: coverage + path: coverage/ + # Pull the artifact from the run that triggered this workflow, + # not from this (sonar) run which has no artifacts of its own + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Security scan + uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}