report-sonar #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Sync and Analyze | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
sync-and-scan: | |
permissions: | |
contents: read | |
security-events: write | |
actions: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.PERSONAL_TOKEN }} | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: "8.2" | |
extensions: xdebug | |
coverage: xdebug | |
- name: Install Dependencies | |
run: composer install --no-interaction --no-progress | |
- name: Run test suite with coverage | |
run: vendor/bin/phpunit --coverage-clover coverage.xml | |
- name: Fix code coverage paths | |
run: sed -i 's@'$GITHUB_WORKSPACE'@/github/workspace@g' coverage.xml | |
- name: Sync repositories | |
run: | | |
git config --global user.name 'JosueUPT' | |
git config --global user.email '${{ secrets.GIT_EMAIL }}' | |
git add composer.lock | |
git commit -m "Update composer.lock" || echo "No changes to commit" | |
git push || echo "No changes to push" | |
git clone https://${{ secrets.PERSONAL_TOKEN }}@github.com/JosueUPT/CalidadU2.git ../CalidadU2 | |
rsync -av --exclude='.git' --exclude='.github/workflows/sync-and-analyze.yml' --exclude='temp_repo' ./ ../CalidadU2/ | |
cd ../CalidadU2 | |
git add . | |
git commit -m "Sync: Update from source repository" || echo "No changes to commit" | |
git push origin main || echo "No changes to push" | |
cd .. | |
- name: Run Semgrep Security Scan | |
uses: semgrep/semgrep-action@v1 | |
env: | |
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} | |
SEMGREP_DEPLOYMENT_ID: "pyfange" | |
SEMGREP_REPO_NAME: ${{ github.repository }} | |
SEMGREP_BRANCH: ${{ github.ref_name }} | |
with: | |
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} | |
- name: SonarCloud Scan | |
uses: SonarSource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
- name: Install Snyk CLI | |
run: | | |
curl https://static.snyk.io/cli/latest/snyk-linux -o snyk | |
chmod +x snyk | |
sudo mv snyk /usr/local/bin/ | |