switcher-api/.github/workflows/sonar.yml at master · switcherapi/switcher-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Manual SonarCloud Analysis

on:
  workflow_dispatch:
    inputs:
      pr_id:
        description: 'Pull Request ID to analyze'
        required: true
        type: string

jobs:
  sonar-analysis:
    name: SonarCloud Analysis for PR
    runs-on: ubuntu-latest

    steps:
      - name: Get PR details
        id: pr
        uses: actions/github-script@v9
        with:
          script: |
            const pr = await github.rest.pulls.get({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: ${{ inputs.pr_id }}
            });
            core.setOutput('head_ref', pr.data.head.ref);
            core.setOutput('base_ref', pr.data.base.ref);
            core.setOutput('head_sha', pr.data.head.sha);

      - uses: actions/checkout@v6
        with:
          ref: ${{ steps.pr.outputs.head_sha }}
          fetch-depth: 0

      - name: Use Node.js 24.x
        uses: actions/setup-node@v6
        with:
          node-version: 24.x

      - name: Start MongoDB
        uses: supercharge/mongodb-github-action@1.12.1
        with:
          mongodb-version: 8.0

      - name: Install dependencies
        run: npm ci

      - name: Lint
        run: npm run lint

      - name: Run tests
        run: npm test
        env:
          NODE_OPTIONS: "--experimental-vm-modules"
          MONGODB_URI: mongodb://127.0.0.1:27017/switcher-api-test
          HISTORY_ACTIVATED: true
          JWT_ADMIN_TOKEN_RENEW_INTERVAL: 5m
          JWT_SECRET: ${{ secrets.JWT_SECRET }}
          SWITCHER_SLACK_JWT_SECRET: ${{ secrets.SWITCHER_SLACK_JWT_SECRET }}
          SWITCHER_GITOPS_JWT_SECRET: ${{ secrets.SWITCHER_GITOPS_JWT_SECRET }}
          GOOGLE_RECAPTCHA_SECRET: ${{ secrets.GOOGLE_RECAPTCHA_SECRET }}
          GOOGLE_SKIP_AUTH: false
          MAX_STRATEGY_OPERATION: 100
          RELAY_BYPASS_HTTPS: true
          RELAY_BYPASS_VERIFICATION: true
          PERMISSION_CACHE_ACTIVATED: true
          METRICS_MAX_PAGE: 50
          SAML_ENTRY_POINT: http://localhost:3000/sso/saml
          SAML_CALLBACK_ENDPOINT_URL: http://localhost:3000
          SAML_REDIRECT_ENDPOINT_URL: http://localhost:4200
          SAML_CERT: SAML_CERT
          SESSION_SECRET: SESSION_SECRET
          SWITCHER_API_ENABLE: false
          SWITCHER_API_LOGGER: false

      - name: SonarCloud Scan
        uses: sonarsource/sonarqube-scan-action@v8.1.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        if: env.SONAR_TOKEN != ''
        with:
          args: >
            -Dsonar.pullrequest.key=${{ inputs.pr_id }}
            -Dsonar.pullrequest.branch=${{ steps.pr.outputs.head_ref }}
            -Dsonar.pullrequest.base=${{ steps.pr.outputs.base_ref }}