pagarme · btfshadow · Jun 2, 2025 · Jun 2, 2025 · Jun 23, 2025 · Jun 23, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,6 +6,8 @@ on:
       - master
   pull_request:
 
+permissions: {}
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -117,32 +119,22 @@ jobs:
         uses: actions/upload-artifact@master
         with:
           name: mage-coverage-${{ github.sha }}
-          path: magento/vendor/pagarme/pagarme-magento2-module/clover.xml
+          path: magento/vendor/pagarme/pagarme-magento2-module/lcov.info
 
-  sonar:
-    name: SonarCloud 
-    runs-on: ubuntu-latest
-    needs: phpunit
-    steps:
-    -
-      name: Checkout
-      uses: actions/checkout@v3
+  coverage-report:
+      needs: phpunit
+      uses: ./.github/workflows/coverage-report.yml
       with:
-        fetch-depth: 0
-    - 
-      name: Download coverage artifact
-      uses: actions/download-artifact@master
-      with:
-        name: mage-coverage-${{ github.sha }}
-        path: coverage
-    -
-      name: Run Sonar
-      uses: sonarsource/sonarcloud-github-action@master
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-    - name: Delete coverage artifact
-      uses: geekyeggo/delete-artifact@v4
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        name: mage-coverage-${{ github.sha }}
+        ARTIFACT_NAME: mage-coverage-${{ github.sha }}
+        WORKING_DIRECTORY: ./
+        PROJECT: Magento2 Dashboard
+        PR_MINIMUM: 0
+        NAME_HTML_REPORT: Magento2 Coverage Report
+        RUNS_ON: ubuntu-latest
+      secrets:
+        EXPORTED_PAGARME_GH_PAT: ${{ secrets.GITHUB_TOKEN }}
+
+  mega_linter:
+    uses: ./.github/workflows/mega-linter.yml
+    with:
+      RUNS_ON: ubuntu-latest
diff --git a/.github/workflows/coverage-report.yml b/.github/workflows/coverage-report.yml
@@ -0,0 +1,105 @@
+name: Coverage-Report
+
+on:
+  workflow_call:
+    inputs:
+      WORKING_DIRECTORY:
+        type: string
+      ARTIFACT_NAME:
+        type: string
+      ARTIFACT_PATTERN:
+        type: string
+      PROJECT:
+        type: string
+      PR_MINIMUM:
+        type: number
+      NAME_HTML_REPORT:
+        type: string
+      ALL_FILES_MINIMUM:
+        type: number
+        default: 0
+      RUNS_ON:
+        type: string
+        default: small-runner
+    secrets:
+      EXPORTED_PAGARME_GH_PAT:
+      docker_username:
+      docker_password:
+
+permissions: {}
+
+jobs:
+  lcov:
+    runs-on: ${{ inputs.RUNS_ON }}
+    container:
+      image: btfshadow/lcov
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          submodules: recursive
+          token: ${{ secrets.EXPORTED_PAGARME_GH_PAT }}
+      - uses: actions/download-artifact@v4
+        if: ${{ inputs.ARTIFACT_NAME }}
+        with:
+          name: ${{ inputs.ARTIFACT_NAME }}
+          path: coverage-temp
+      - name: Download All Artifacts
+        if: ${{ inputs.ARTIFACT_PATTERN }}
+        uses: actions/download-artifact@v4
+        with:
+          path: coverage-temp
+          pattern: ${{ inputs.ARTIFACT_PATTERN }}
+          merge-multiple: true
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Move Lcov
+        if: ${{ inputs.ARTIFACT_NAME }}
+        run: |
+          mkdir -p ${{ inputs.WORKING_DIRECTORY }}coverage/
+          cp coverage-temp/lcov.info ${{ inputs.WORKING_DIRECTORY }}coverage/lcov.info 
+    
+      # - uses: hrishikesh-kadam/setup-lcov@v1 
+
+      - name: Merge lcov
+        if: ${{ inputs.ARTIFACT_PATTERN }}
+        run: |
+          # Cria pasta para salvar o coverage
+          mkdir ${{ inputs.WORKING_DIRECTORY }}coverage/
+          # Pasta raiz onde você quer buscar os arquivos lcov.info
+          ROOT_DIR="coverage-temp/"
+          # Encontra todos os arquivos lcov.info e imprime a linha completa com --add-tracefile
+          lcovs=$(find "$ROOT_DIR" -type f -name "lcov.info" | awk '{printf "--add-tracefile %s ", $0} END {print ""}')          
+          lcov $lcovs --output-file ${{ inputs.WORKING_DIRECTORY }}coverage/lcov.info
+
+      - uses: kefasjw/lcov-pull-request-report@main
+        with:
+          # Lcov file location. For example, coverage/lcov.info
+          lcov-file: ${{ inputs.WORKING_DIRECTORY }}coverage/lcov.info
+
+          # Github token required for getting list of changed files and posting comments
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+          # Working directory
+          # Default: empty (repository root)
+          working-directory: ${{ inputs.WORKING_DIRECTORY }}
+
+          # Report comment title
+          # Default: empty
+          comment-title: ${{ inputs.PROJECT }}
+
+          # All files minimum coverage in percentage. For example, 0, 50, 100
+          # Default: 0
+          all-files-minimum-coverage: ${{ inputs.ALL_FILES_MINIMUN }}
+
+          # Changed files minimum coverage in percentage. For example, 0, 50, 100
+          # Default: 0
+          changed-files-minimum-coverage: ${{ inputs.PR_MINIMUM }}
+
+          # Artifact name of the generated html. Requires LCOV to be installed
+          # Default: empty (skip uploading artifact)
+          artifact-name: ${{ inputs.NAME_HTML_REPORT }}
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -0,0 +1,194 @@
+---
+name: MegaLinter
+
+on:
+  workflow_call:
+    inputs:
+      GRAFANA_API_REPORTER_URL:
+        type: string
+      GRAFANA_API_REPORTER_METRICS_URL:
+        type: string
+      API_REPORTER_DEBUG:
+        type: boolean
+        default: false
+      API_REPORTER:
+        type: boolean
+        default: false
+      DEFAULT_BRANCH:
+        type: string
+        default: "main"
+      APPLY_FIXES_IF_PR:
+        type: boolean
+        default: false
+      RUNS_ON:
+        type: string
+        default: ubuntu-latest
+
+    secrets:
+      GRAFANA_API_REPORTER_BASIC_AUTH_USERNAME:
+        required: false
+      GRAFANA_API_REPORTER_TOKEN:
+        required: false
+      GRAFANA_API_REPORTER_METRICS_BASIC_AUTH_USERNAME:
+        required: false
+
+
+# Comment env block if you do not want to apply fixes
+env:
+  API_REPORTER: ${{ inputs.API_REPORTER }}
+  API_REPORTER_URL: ${{ inputs.GRAFANA_API_REPORTER_URL }}
+  API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.GRAFANA_API_REPORTER_BASIC_AUTH_USERNAME }}
+  API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.GRAFANA_API_REPORTER_TOKEN }}
+  API_REPORTER_METRICS_URL: ${{ inputs.GRAFANA_API_REPORTER_METRICS_URL }}
+  API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.GRAFANA_API_REPORTER_METRICS_BASIC_AUTH_USERNAME }}
+  API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.GRAFANA_API_REPORTER_TOKEN }}
+  API_REPORTER_DEBUG: ${{ inputs.API_REPORTER_DEBUG }}
+  SARIF_REPORTER: true
+  APPLY_FIXES_IF_PR: ${{ inputs.APPLY_FIXES_IF_PR }}
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  megalinter:
+    name: MegaLinter
+    runs-on: ${{ inputs.RUNS_ON }}
+
+    # Give the default GITHUB_TOKEN write permission to commit and push, comment
+    # issues & post new PR; remove the ones you do not need
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+          # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
+          # improve performance
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: MegaLinter
+
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.io/latest/flavors/
+        uses: oxsecurity/megalinter@v8
+
+        id: ml
+
+        # All available variables are described in documentation
+        # https://megalinter.io/latest/configuration/
+        env:
+          # Validates all source when push on main, else just the git diff with
+          # main. Override with true if you always want to lint all sources
+          #
+          # To validate the entire codebase, set to:
+          # VALIDATE_ALL_CODEBASE: true
+          #
+          # To validate only diff with main, set to:
+          # VALIDATE_ALL_CODEBASE: >-
+          #   ${{
+          #     github.event_name == 'push' &&
+          #     contains(fromJSON('["refs/heads/main", "refs/heads/master"]'), github.ref)
+          #   }}
+          VALIDATE_ALL_CODEBASE: >-
+            ${{
+              github.event_name == 'push' &&
+              contains(fromJSON('["refs/heads/${{inputs.DEFAULT_BRANCH}}"]'), github.ref)
+            }}
+
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE
+          # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+
+          # Uncomment to disable copy-paste and spell checks
+          # DISABLE: COPYPASTE,SPELL
+
+      # Upload MegaLinter artifacts
+      - name: Archive production artifacts
+        if: success() || failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: MegaLinter reports
+          include-hidden-files: "true"
+          path: |
+            megalinter-reports
+            mega-linter.log
+
+      # Set APPLY_FIXES_IF var for use in future steps
+      - name: Set APPLY_FIXES_IF var
+        run: |
+          printf 'APPLY_FIXES_IF=%s\n' "${{
+            steps.ml.outputs.has_updated_sources == 1 &&
+            (
+              env.APPLY_FIXES_EVENT == 'all' ||
+              env.APPLY_FIXES_EVENT == github.event_name
+            ) &&
+            (
+              github.event_name == 'push' ||
+              github.event.pull_request.head.repo.full_name == github.repository
+            )
+          }}" >> "${GITHUB_ENV}"
+
+      # Set APPLY_FIXES_IF_* vars for use in future steps
+      - name: Set APPLY_FIXES_IF_* vars
+        run: |
+          printf 'APPLY_FIXES_IF_PR=%s\n' "${{
+            env.APPLY_FIXES_IF == 'true' &&
+            env.APPLY_FIXES_MODE == 'pull_request'
+          }}" >> "${GITHUB_ENV}"
+          printf 'APPLY_FIXES_IF_COMMIT=%s\n' "${{
+            env.APPLY_FIXES_IF == 'true' &&
+            env.APPLY_FIXES_MODE == 'commit' &&
+            (!contains(fromJSON('["refs/heads/${{ inputs.DEFAULT_BRANCH }}"]'), github.ref))
+          }}" >> "${GITHUB_ENV}"
+
+      # Create pull request if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Create Pull Request with applied fixes
+        uses: peter-evans/create-pull-request@v6
+        id: cpr
+        if: env.APPLY_FIXES_IF_PR == 'true'
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          commit-message: "[MegaLinter] Apply linters automatic fixes"
+          title: "[MegaLinter] Apply linters automatic fixes"
+          labels: bot
+
+      - name: Create PR output
+        if: env.APPLY_FIXES_IF_PR == 'true'
+        run: |
+          echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
+          echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
+
+      # Push new commit if applicable
+      # (for now works only on PR from same repository, not from forks)
+      - name: Prepare commit
+        if: env.APPLY_FIXES_IF_COMMIT == 'true'
+        run: sudo chown -Rc $UID .git/
+
+      - name: Commit and push applied linter fixes
+        uses: stefanzweifel/git-auto-commit-action@v4
+        if: env.APPLY_FIXES_IF_COMMIT == 'true'
+        with:
+          branch: >-
+            ${{
+              github.event.pull_request.head.ref ||
+              github.head_ref ||
+              github.ref
+            }}
+          commit_message: "[MegaLinter] Apply linters fixes"
+          commit_user_name: megalinter-bot
+          commit_user_email: 129584137+megalinter-bot@users.noreply.github.com
+
+      - name: Upload MegaLinter scan results to GitHub Security tab
+        if: success() || failure()
+        continue-on-error: true
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+            sarif_file: 'megalinter-reports/megalinter-report.sarif'
+            category: mega linter
diff --git a/.jscpd.json b/.jscpd.json
@@ -0,0 +1,6 @@
+{
+  "threshold": 0,
+  "reporters": ["html", "console", "sarif"],
+  "ignore": ["**/__snapshots__/**", "**/node_modules/**", "**/test/**"],
+  "absolute": true
+}
diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -0,0 +1,7 @@
+ENABLE:
+  - JAVASCRIPT
+  - TYPESCRIPT
+  - PHP
+  - HTML
+  - COPYPASTE
+  - CSS
diff --git a/phpunit.xml b/phpunit.xml
@@ -23,7 +23,7 @@
             <directory suffix=".php">./Test/</directory>
         </exclude>
         <report>
-            <clover outputFile="clover.xml"/>
+            <clover outputFile="lcov.info"/>
         </report>
     </coverage>
 </phpunit>