report-semgrep #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PHP Tests & Coverage | |
on: | |
push: | |
branches: [ main, master ] | |
pull_request: | |
branches: [ main, master ] | |
permissions: | |
contents: write | |
pages: write | |
id-token: write | |
jobs: | |
test-and-build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.2' | |
extensions: mbstring, xml, xdebug | |
coverage: xdebug | |
tools: composer:v2 | |
- name: Get composer cache directory | |
id: composer-cache-dir | |
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | |
- name: Cache Composer dependencies | |
uses: actions/cache@v3 | |
id: composer-cache | |
with: | |
path: ${{ steps.composer-cache-dir.outputs.dir }} | |
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | |
restore-keys: ${{ runner.os }}-composer- | |
- name: Install dependencies | |
run: | | |
composer install --no-progress --prefer-dist --optimize-autoloader | |
composer require --dev emuse/behat-html-formatter | |
- name: Run test suite with coverage | |
run: | | |
mkdir -p public/coverage | |
XDEBUG_MODE=coverage ./vendor/bin/phpunit --coverage-html public/coverage --coverage-text | |
- name: Update Behat configuration | |
run: | | |
sed -i 's/Features/features/g' behat.yml | |
sed -i 's/Bootstrap/bootstrap/g' behat.yml | |
- name: Verify directory structure | |
run: | | |
echo "Verificando estructura actual..." | |
ls -R tests/BDD/ | |
echo "Creando estructura de directorios si no existe..." | |
mkdir -p tests/BDD/features/bootstrap | |
- name: Run Behat tests | |
run: | | |
mkdir -p public/bdd | |
composer dump-autoload | |
vendor/bin/behat --config behat.yml --format pretty --format html --out std --out public/bdd || true | |
- name: Generate Sonar Report | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' | |
run: | | |
# Obtener datos de SonarCloud | |
SONAR_DATA=$(curl -s "https://sonarcloud.io/api/measures/component?component=JosueUPT_CalidadU2&metricKeys=bugs,vulnerabilities,code_smells,coverage,duplicated_lines_density,complexity,ncloc,cognitive_complexity,comment_lines_density,security_rating,reliability_rating,sqale_rating,development_cost,security_remediation_effort,reliability_remediation_effort,sqale_index,confirmed_issues,effort_to_reach_maintainability_rating_a") | |
# Extraer valores | |
BUGS=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "bugs") | .value') | |
VULNERABILITIES=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "vulnerabilities") | .value') | |
CODE_SMELLS=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "code_smells") | .value') | |
COVERAGE=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "coverage") | .value') | |
DUPLICATION=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "duplicated_lines_density") | .value') | |
COMPLEXITY=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "complexity") | .value') | |
LINES=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "ncloc") | .value') | |
COGNITIVE_COMPLEXITY=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "cognitive_complexity") | .value') | |
COMMENT_DENSITY=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "comment_lines_density") | .value') | |
SECURITY_RATING=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "security_rating") | .value') | |
RELIABILITY_RATING=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "reliability_rating") | .value') | |
MAINTAINABILITY_RATING=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "sqale_rating") | .value') | |
DEVELOPMENT_COST=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "development_cost") | .value') | |
SECURITY_EFFORT=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "security_remediation_effort") | .value') | |
RELIABILITY_EFFORT=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "reliability_remediation_effort") | .value') | |
TECH_DEBT=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "sqale_index") | .value') | |
CONFIRMED_ISSUES=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "confirmed_issues") | .value') | |
EFFORT_TO_A=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "effort_to_reach_maintainability_rating_a") | .value') | |
# Verificar que los valores se obtuvieron | |
echo "Valores obtenidos:" | |
echo "Bugs: $BUGS" | |
echo "Coverage: $COVERAGE" | |
echo "Code Smells: $CODE_SMELLS" | |
mkdir -p public/sonar | |
echo "<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset=\"UTF-8\"> | |
<title>Análisis SonarCloud</title> | |
<style> | |
body { | |
font-family: Arial, sans-serif; | |
margin: 40px; | |
background-color: #f5f5f5; | |
} | |
.container { | |
max-width: 1200px; | |
margin: 0 auto; | |
padding: 20px; | |
background-color: white; | |
border-radius: 10px; | |
box-shadow: 0 0 10px rgba(0,0,0,0.1); | |
} | |
.metric-grid { | |
display: grid; | |
grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); | |
gap: 20px; | |
margin-top: 20px; | |
} | |
.metric-card { | |
background: #f8f9fa; | |
padding: 20px; | |
border-radius: 8px; | |
text-align: center; | |
} | |
.metric-title { | |
color: #666; | |
font-size: 1.1em; | |
margin-bottom: 10px; | |
} | |
.metric-value { | |
font-size: 2em; | |
font-weight: bold; | |
color: #333; | |
} | |
.metric-detail { | |
font-size: 0.9em; | |
color: #666; | |
margin-top: 5px; | |
} | |
.good { color: #28a745; } | |
.warning { color: #ffc107; } | |
.danger { color: #dc3545; } | |
.info { color: #17a2b8; } | |
h1 { | |
text-align: center; | |
color: #333; | |
margin-bottom: 30px; | |
} | |
.section-title { | |
margin-top: 30px; | |
color: #444; | |
border-bottom: 2px solid #eee; | |
padding-bottom: 10px; | |
} | |
</style> | |
</head> | |
<body> | |
<div class=\"container\"> | |
<h1>Análisis Detallado de Calidad del Código</h1> | |
<h2 class=\"section-title\">Métricas Principales</h2> | |
<div class=\"metric-grid\"> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Cobertura de Código</div> | |
<div class=\"metric-value info\">$COVERAGE%</div> | |
<div class=\"metric-detail\">$(echo \"100 - $COVERAGE\" | bc)% sin cobertura</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Bugs</div> | |
<div class=\"metric-value good\">$BUGS</div> | |
<div class=\"metric-detail\">Problemas detectados</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Code Smells</div> | |
<div class=\"metric-value warning\">$CODE_SMELLS</div> | |
<div class=\"metric-detail\">Oportunidades de mejora</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Duplicación</div> | |
<div class=\"metric-value good\">$DUPLICATION%</div> | |
<div class=\"metric-detail\">Código duplicado</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Vulnerabilidades</div> | |
<div class=\"metric-value good\">$VULNERABILITIES</div> | |
<div class=\"metric-detail\">Vulnerabilidades detectadas</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Líneas de Código</div> | |
<div class=\"metric-value info\">$LINES</div> | |
<div class=\"metric-detail\">Total de líneas</div> | |
</div> | |
</div> | |
<h2 class=\"section-title\">Métricas Avanzadas</h2> | |
<div class=\"metric-grid\"> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Complejidad Ciclomática</div> | |
<div class=\"metric-value info\">$COMPLEXITY</div> | |
<div class=\"metric-detail\">Total del proyecto</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Complejidad Cognitiva</div> | |
<div class=\"metric-value info\">$COGNITIVE_COMPLEXITY</div> | |
<div class=\"metric-detail\">Dificultad de entendimiento</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Densidad de Comentarios</div> | |
<div class=\"metric-value info\">$COMMENT_DENSITY%</div> | |
<div class=\"metric-detail\">Código documentado</div> | |
</div> | |
</div> | |
<h2 class=\"section-title\">Calificaciones</h2> | |
<div class=\"metric-grid\"> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Seguridad</div> | |
<div class=\"metric-value good\">A</div> | |
<div class=\"metric-detail\">Esfuerzo: $SECURITY_EFFORT min</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Confiabilidad</div> | |
<div class=\"metric-value good\">A</div> | |
<div class=\"metric-detail\">Esfuerzo: $RELIABILITY_EFFORT min</div> | |
</div> | |
<div class=\"metric-card\"> | |
<div class=\"metric-title\">Mantenibilidad</div> | |
<div class=\"metric-value good\">A</div> | |
<div class=\"metric-detail\">Deuda: $TECH_DEBT min</div> | |
</div> | |
</div> | |
<div style=\"text-align: right; margin-top: 30px; color: #666;\"> | |
Última actualización: $(date \"+%Y-%m-%d %H:%M:%S\") | |
</div> | |
</div> | |
</body> | |
</html>" > public/sonar/index.html | |
- name: Verify Sonar Report | |
run: | | |
echo "Verificando reporte de Sonar..." | |
if [ -f "public/sonar/index.html" ]; then | |
echo "✓ El archivo sonar/index.html existe" | |
ls -l public/sonar/ | |
else | |
echo "✗ El archivo sonar/index.html NO existe" | |
echo "Contenido de public/:" | |
ls -R public/ | |
fi | |
- name: Create main index.html | |
run: | | |
echo '<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="UTF-8"> | |
<title>Reportes de Pruebas</title> | |
<style> | |
body { | |
font-family: Arial, sans-serif; | |
margin: 40px; | |
text-align: center; | |
background-color: #f5f5f5; | |
} | |
.container { | |
max-width: 800px; | |
margin: 0 auto; | |
padding: 20px; | |
background-color: white; | |
border-radius: 10px; | |
box-shadow: 0 0 10px rgba(0,0,0,0.1); | |
} | |
h1 { | |
color: #333; | |
margin-bottom: 30px; | |
} | |
.buttons { | |
display: flex; | |
justify-content: center; | |
gap: 20px; | |
} | |
.button { | |
display: inline-block; | |
padding: 12px 24px; | |
color: white; | |
text-decoration: none; | |
border-radius: 5px; | |
transition: background-color 0.3s; | |
} | |
.coverage-btn { | |
background-color: #4CAF50; | |
} | |
.coverage-btn:hover { | |
background-color: #45a049; | |
} | |
.bdd-btn { | |
background-color: #2196F3; | |
} | |
.bdd-btn:hover { | |
background-color: #1976D2; | |
} | |
.sonar-btn { | |
background-color: #FF9800; | |
} | |
.sonar-btn:hover { | |
background-color: #F57C00; | |
} | |
</style> | |
</head> | |
<body> | |
<div class="container"> | |
<h1>Proyecto SI784-2024-II</h1> | |
<div class="buttons"> | |
<a href="coverage/index.html" class="button coverage-btn">Ver Reporte de Cobertura</a> | |
<a href="bdd/index.html" class="button bdd-btn">Ver Reporte BDD</a> | |
<a href="sonar/index.html" class="button sonar-btn">Ver Reporte SonarCloud</a> | |
</div> | |
</div> | |
</body> | |
</html>' > public/index.html | |
- name: Deploy to GitHub Pages | |
uses: peaceiris/actions-gh-pages@v3 | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./public | |
enable_jekyll: false | |
force_orphan: true | |
publish_branch: gh-pages | |
full_commit_message: 'docs: update test reports' | |
- name: Semgrep Scan | |
uses: semgrep/semgrep-action@v1 | |
with: | |
generateSarif: "1" | |
output: semgrep.sarif | |
continue-on-error: true | |
- name: Process Semgrep Results | |
run: | | |
if [ -f semgrep.sarif ]; then | |
TOTAL_RULES=$(cat semgrep.sarif | jq '.runs[0].tool.driver.rules | length') | |
TOTAL_RESULTS=$(cat semgrep.sarif | jq '.runs[0].results | length') | |
echo "Total reglas: $TOTAL_RULES" | |
echo "Total hallazgos: $TOTAL_RESULTS" | |
fi |