Skip to content
.github/workflows/fe-code-quality.yml

PFM-ISSUE-29437 added check for sonar cloud token secret to execute t… #3

Sign in to view logs

PFM-ISSUE-29437 added check for sonar cloud token secret to execute t…

PFM-ISSUE-29437 added check for sonar cloud token secret to execute t… #3

Workflow file for this run

.github/workflows/fe-code-quality.yml at ab264c4
name: Frontend Code Quality Workflow

Check failure on line 1 in .github/workflows/fe-code-quality.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/fe-code-quality.yml

Invalid workflow file 

(Line: 89, Col: 9): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.SONAR_CLOUD_TOKEN != ''
on:
workflow_call:
secrets:
SONAR_CLOUD_TOKEN:
required: false
inputs:
SONAR_CLOUD_ORG:
required: false
description: "SonarCloud organization key, e.g., 'my-org'"
type: string
default: "collaborationfactory"
SONAR_CLOUD_PROJECT_KEY:
required: false
description: "SonarCloud project key, e.g., 'my-project'"
type: string
default: ""
SONAR_PROPERTIES:
required: false
description: "Additional sonar-project.properties content"
type: string
default: ""
jobs:
code-quality:
runs-on: ubuntu-latest
strategy:
matrix:
target: [ 'test' ]
jobIndex: [ 1, 2, 3,4 ]
fail-fast: false # Ensure all jobs run even if one fails
env:
jobCount: 4
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 22.15.0
- name: Cache Node Modules
id: npm-cache
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/package-lock.json') }}
- name: Formatter
run: npx nx format:check --base=origin/${{ github.event.pull_request.base.ref }}
- name: Linter
run: npx nx affected --target=lint --parallel --configuration=dev --base=origin/${{ github.event.pull_request.base.ref }}
- name: Fetch base branch
run: git fetch origin ${{ github.event.pull_request.base.ref }}:${{ github.event.pull_request.base.ref }} || true
- name: Unit Tests
id: test
uses: collaborationFactory/github-actions/.github/actions/run-many@feature/PFM-ISSUE-29437-Implement-SonarQube-Scanning-for-PR-Pipeline
continue-on-error: true
with:
target: ${{ matrix.target }}
jobIndex: ${{ matrix.jobIndex }}
jobCount: ${{ env.jobCount }}
base: ${{ github.event.pull_request.base.ref }}
ref: ${{ github.event.pull_request.head.ref }}
- name: Upload Coverage Reports
uses: actions/upload-artifact@v4
with:
name: coverage-${{ matrix.jobIndex }}
path: coverage/
retention-days: 7
- name: Fail pipeline if test step failed
run: |
if [ "${{ steps.test.outcome }}" = "failure" ]; then
echo "Unit tests step failed, failing the pipeline."
exit 1
fi
sonar:
name: SonarCloud
needs: code-quality
runs-on: ubuntu-latest
if: ${{ secrets.SONAR_CLOUD_TOKEN != '' }}
steps:
- name: Check if SONAR_CLOUD_TOKEN exists
id: check-secret
run: |
if [ -n "${{ secrets.SONAR_CLOUD_TOKEN }}" ]; then
echo "has_token=true" >> $GITHUB_OUTPUT
else
echo "has_token=false" >> $GITHUB_OUTPUT
echo "SONAR_CLOUD_TOKEN secret must be set to run SonarCloud analysis."
fi
- name: Set SonarCloud Project Key
id: set-project-key
run: |
if [ -z "${{ inputs.SONAR_CLOUD_PROJECT_KEY }}" ]; then
echo "project_key=collaborationFactory_${{ github.event.repository.name }}" >> $GITHUB_OUTPUT
else
echo "project_key=${{ inputs.SONAR_CLOUD_PROJECT_KEY }}" >> $GITHUB_OUTPUT
fi
- name: Check if sonar inputs are provided
id: check-inputs
if: steps.check-secret.outputs.has_token == 'true'
run: |
if [ -z "${{ inputs.SONAR_CLOUD_ORG }}" ] || [ -z "${{ steps.set-project-key.outputs.project_key }}" ]; then
echo "run_sonar=false" >> $GITHUB_OUTPUT
echo "SONAR_CLOUD_ORG and SONAR_CLOUD_PROJECT_KEY inputs must be provided when SONAR_CLOUD_TOKEN is set."
else
echo "run_sonar=true" >> $GITHUB_OUTPUT
fi
- name: Skip SonarCloud steps if no token
if: steps.check-inputs.outputs.run_sonar == 'false' || steps.check-secret.outputs.has_token == 'false'
run: |
echo "Skipping SonarCloud analysis."
exit 0
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Write sonar-project.properties
run: |
echo "sonar.host.url=https://sonarcloud.io" > sonar-project.properties
echo "sonar.organization=${{ inputs.SONAR_CLOUD_ORG }}" >> sonar-project.properties
echo "sonar.projectKey=${{ steps.set-project-key.outputs.project_key }}" >> sonar-project.properties
echo "sonar.test.inclusions=**/*.spec.ts,**/*.test.ts,**/*.spec.tsx,**/*.test.tsx" >> sonar-project.properties
echo "sonar.javascript.lcov.reportPaths=./coverage/lcov.info" >> sonar-project.properties
if [ -n "${{ inputs.SONAR_PROPERTIES }}" ]; then
echo "${{ inputs.SONAR_PROPERTIES }}" >> sonar-project.properties
fi
cat sonar-project.properties
- name: download coverage report
uses: actions/download-artifact@v5
with:
path: ./coverage
pattern: coverage-*
merge-multiple: true
- name: Check for LCOV files
id: check-lcov
run: |
if find ./coverage -name "lcov*.info" -type f | grep -q .; then
echo "lcov_exists=true" >> $GITHUB_OUTPUT
echo "LCOV files found, will proceed with merge"
else
echo "lcov_exists=false" >> $GITHUB_OUTPUT
echo "No LCOV files found, skipping merge"
fi
- name: Merge matrix coverage reports
if: steps.check-lcov.outputs.lcov_exists == 'true'
run: |
echo "=== Finding all LCOV files ==="
find ./coverage -name "lcov*.info" -type f
echo ""
echo "=== Merging coverage files ==="
npx lcov-result-merger "coverage/**/lcov*.info" coverage/lcov.info
echo ""
echo "=== Merge completed ==="
ls -lh ./coverage/lcov.info
- name: Normalize LCOV paths for Linux
if: steps.check-lcov.outputs.lcov_exists == 'true'
run: |
if [ -f "./coverage/lcov.info" ]; then
sed -i 's|\\|/|g' ./coverage/lcov.info
echo "Normalized LCOV paths to Unix format"
fi
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4
env:
SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_TOKEN }}