Skip to content

Commit

Permalink
ci(code-ql): add code ql analysis on pr on develop (#506)
Browse files Browse the repository at this point in the history
  • Loading branch information
antoinezanardi authored Sep 21, 2023
1 parent 6f3ec94 commit 5c5498a
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 9 deletions.
34 changes: 34 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,32 @@ concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
code-ql:
name: CodeQL Scan ❇️
runs-on: ubuntu-latest
timeout-minutes: 360
permissions:
actions: read
contents: read
security-events: write

steps:
- name: Checkout GitHub repository 📡
uses: actions/checkout@v3

- name: Initialize CodeQL ⚙️
uses: github/codeql-action/init@v2
with:
languages: javascript

- name: AutoBuild 🌡️
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis ❇️
uses: github/codeql-action/analyze@v2
with:
category: "/language:javascript"

install:
name: Install ⚙️
runs-on: ubuntu-latest
Expand All @@ -28,6 +54,7 @@ jobs:
- name: Install project dependencies 📦
run: npm ci --ignore-scripts
if: steps.cache-node-modules.outputs.cache-hit != 'true'

build:
name: Build ✨
runs-on: ubuntu-latest
Expand All @@ -49,6 +76,7 @@ jobs:
key: ${{ runner.os }}-npm-v3-${{ hashFiles('package-lock.json') }}
- name: Build app ✨
run: npm run build

lint:
name: Lint 🔍
runs-on: ubuntu-latest
Expand All @@ -70,6 +98,7 @@ jobs:
key: ${{ runner.os }}-npm-v3-${{ hashFiles('package-lock.json') }}
- name: Check and lint code 🔍
run: npm run lint

unit-tests:
name: Unit Tests 🧪
runs-on: ubuntu-latest
Expand All @@ -91,6 +120,7 @@ jobs:
key: ${{ runner.os }}-npm-v3-${{ hashFiles('package-lock.json') }}
- name: Unit tests 🧪
run: npm run test:unit:cov

e2e-tests:
name: E2E Tests ⚗️
runs-on: ubuntu-latest
Expand All @@ -116,6 +146,7 @@ jobs:
run: npm run test:e2e:cov
- name: Stop Docker containers 🐳
run: npm run docker:test:stop

all-tests:
name: All Tests 🧬
runs-on: ubuntu-latest
Expand Down Expand Up @@ -147,6 +178,7 @@ jobs:
key: ${{ runner.os }}-tests-coverage-v3-${{hashFiles('tests/coverage/lcov.info')}}
- name: Stop Docker containers 🐳
run: npm run docker:test:stop

mutant-tests:
name: Mutant Tests 👽
runs-on: ubuntu-latest
Expand Down Expand Up @@ -175,6 +207,7 @@ jobs:
run: npm run test:stryker
- name: Stop Docker containers 🐳
run: npm run docker:test:stop

acceptance-tests:
name: Acceptance Tests 🥒
runs-on: ubuntu-latest
Expand All @@ -200,6 +233,7 @@ jobs:
run: npm run test:cucumber
- name: Stop Docker containers 🐳
run: npm run docker:test:stop

sonarcloud:
name: SonarCloud Analysis 🌥️
runs-on: ubuntu-latest
Expand Down
26 changes: 26 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,32 @@ env:
GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}

jobs:
code-ql:
name: CodeQL Scan ❇️
runs-on: ubuntu-latest
timeout-minutes: 360
permissions:
actions: read
contents: read
security-events: write

steps:
- name: Checkout GitHub repository 📡
uses: actions/checkout@v3

- name: Initialize CodeQL ⚙️
uses: github/codeql-action/init@v2
with:
languages: javascript

- name: AutoBuild 🌡️
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis ❇️
uses: github/codeql-action/analyze@v2
with:
category: "/language:javascript"

install:
name: Install ⚙️
runs-on: ubuntu-latest
Expand Down
17 changes: 8 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -175,29 +175,28 @@ npm run lint:staged

### 🥇 Project quality scanner

Multiple tools are set up to maintain the best code quality and to prevent vulnerabilities :

![CodeQL](https://img.shields.io/badge/-CodeQL-black?style=for-the-badge&logoColor=white&logo=github&color=2781FE)

You can check the **[CodeQL analysis report here](https://github.com/antoinezanardi/werewolves-assistant-api-next/security/code-scanning)**.

![SonarCloud](https://img.shields.io/badge/-SonarCloud-black?style=for-the-badge&logoColor=white&logo=sonarcloud&color=F37A3A)

[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=coverage)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)
SonarCloud summary is available **[here](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)**.

[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=coverage)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)
[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)

[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=antoinezanardi_werewolves-assistant-api-next&metric=bugs)](https://sonarcloud.io/summary/new_code?id=antoinezanardi_werewolves-assistant-api-next)




## <a name="versions">📈 Releases & Changelog</a>

Releases on **main** branch are generated and published automatically by :
Expand Down

0 comments on commit 5c5498a

Please sign in to comment.