Skip to content

report-semgrep

report-semgrep #17

Workflow file for this run

name: PHP Tests & Coverage
on:
push:
branches: [ main, master ]
pull_request:
branches: [ main, master ]
permissions:
contents: write
pages: write
id-token: write
jobs:
test-and-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
extensions: mbstring, xml, xdebug
coverage: xdebug
tools: composer:v2
- name: Get composer cache directory
id: composer-cache-dir
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache Composer dependencies
uses: actions/cache@v3
id: composer-cache
with:
path: ${{ steps.composer-cache-dir.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-composer-
- name: Install dependencies
run: |
composer install --no-progress --prefer-dist --optimize-autoloader
composer require --dev emuse/behat-html-formatter
- name: Run test suite with coverage
run: |
mkdir -p public/coverage
XDEBUG_MODE=coverage ./vendor/bin/phpunit --coverage-html public/coverage --coverage-text
- name: Update Behat configuration
run: |
sed -i 's/Features/features/g' behat.yml
sed -i 's/Bootstrap/bootstrap/g' behat.yml
- name: Verify directory structure
run: |
echo "Verificando estructura actual..."
ls -R tests/BDD/
echo "Creando estructura de directorios si no existe..."
mkdir -p tests/BDD/features/bootstrap
- name: Run Behat tests
run: |
mkdir -p public/bdd
composer dump-autoload
vendor/bin/behat --config behat.yml --format pretty --format html --out std --out public/bdd || true
- name: Generate Sonar Report
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
run: |
# Obtener datos de SonarCloud
SONAR_DATA=$(curl -s "https://sonarcloud.io/api/measures/component?component=JosueUPT_CalidadU2&metricKeys=bugs,vulnerabilities,code_smells,coverage,duplicated_lines_density,complexity,ncloc,cognitive_complexity,comment_lines_density,security_rating,reliability_rating,sqale_rating,development_cost,security_remediation_effort,reliability_remediation_effort,sqale_index,confirmed_issues,effort_to_reach_maintainability_rating_a")
# Extraer valores
BUGS=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "bugs") | .value')
VULNERABILITIES=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "vulnerabilities") | .value')
CODE_SMELLS=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "code_smells") | .value')
COVERAGE=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "coverage") | .value')
DUPLICATION=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "duplicated_lines_density") | .value')
COMPLEXITY=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "complexity") | .value')
LINES=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "ncloc") | .value')
COGNITIVE_COMPLEXITY=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "cognitive_complexity") | .value')
COMMENT_DENSITY=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "comment_lines_density") | .value')
SECURITY_RATING=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "security_rating") | .value')
RELIABILITY_RATING=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "reliability_rating") | .value')
MAINTAINABILITY_RATING=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "sqale_rating") | .value')
DEVELOPMENT_COST=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "development_cost") | .value')
SECURITY_EFFORT=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "security_remediation_effort") | .value')
RELIABILITY_EFFORT=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "reliability_remediation_effort") | .value')
TECH_DEBT=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "sqale_index") | .value')
CONFIRMED_ISSUES=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "confirmed_issues") | .value')
EFFORT_TO_A=$(echo $SONAR_DATA | jq -r '.component.measures[] | select(.metric == "effort_to_reach_maintainability_rating_a") | .value')
# Verificar que los valores se obtuvieron
echo "Valores obtenidos:"
echo "Bugs: $BUGS"
echo "Coverage: $COVERAGE"
echo "Code Smells: $CODE_SMELLS"
mkdir -p public/sonar
echo "<!DOCTYPE html>
<html>
<head>
<meta charset=\"UTF-8\">
<title>Análisis SonarCloud</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 40px;
background-color: #f5f5f5;
}
.container {
max-width: 1200px;
margin: 0 auto;
padding: 20px;
background-color: white;
border-radius: 10px;
box-shadow: 0 0 10px rgba(0,0,0,0.1);
}
.metric-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
gap: 20px;
margin-top: 20px;
}
.metric-card {
background: #f8f9fa;
padding: 20px;
border-radius: 8px;
text-align: center;
}
.metric-title {
color: #666;
font-size: 1.1em;
margin-bottom: 10px;
}
.metric-value {
font-size: 2em;
font-weight: bold;
color: #333;
}
.metric-detail {
font-size: 0.9em;
color: #666;
margin-top: 5px;
}
.good { color: #28a745; }
.warning { color: #ffc107; }
.danger { color: #dc3545; }
.info { color: #17a2b8; }
h1 {
text-align: center;
color: #333;
margin-bottom: 30px;
}
.section-title {
margin-top: 30px;
color: #444;
border-bottom: 2px solid #eee;
padding-bottom: 10px;
}
</style>
</head>
<body>
<div class=\"container\">
<h1>Análisis Detallado de Calidad del Código</h1>
<h2 class=\"section-title\">Métricas Principales</h2>
<div class=\"metric-grid\">
<div class=\"metric-card\">
<div class=\"metric-title\">Cobertura de Código</div>
<div class=\"metric-value info\">$COVERAGE%</div>
<div class=\"metric-detail\">$(echo \"100 - $COVERAGE\" | bc)% sin cobertura</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Bugs</div>
<div class=\"metric-value good\">$BUGS</div>
<div class=\"metric-detail\">Problemas detectados</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Code Smells</div>
<div class=\"metric-value warning\">$CODE_SMELLS</div>
<div class=\"metric-detail\">Oportunidades de mejora</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Duplicación</div>
<div class=\"metric-value good\">$DUPLICATION%</div>
<div class=\"metric-detail\">Código duplicado</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Vulnerabilidades</div>
<div class=\"metric-value good\">$VULNERABILITIES</div>
<div class=\"metric-detail\">Vulnerabilidades detectadas</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Líneas de Código</div>
<div class=\"metric-value info\">$LINES</div>
<div class=\"metric-detail\">Total de líneas</div>
</div>
</div>
<h2 class=\"section-title\">Métricas Avanzadas</h2>
<div class=\"metric-grid\">
<div class=\"metric-card\">
<div class=\"metric-title\">Complejidad Ciclomática</div>
<div class=\"metric-value info\">$COMPLEXITY</div>
<div class=\"metric-detail\">Total del proyecto</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Complejidad Cognitiva</div>
<div class=\"metric-value info\">$COGNITIVE_COMPLEXITY</div>
<div class=\"metric-detail\">Dificultad de entendimiento</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Densidad de Comentarios</div>
<div class=\"metric-value info\">$COMMENT_DENSITY%</div>
<div class=\"metric-detail\">Código documentado</div>
</div>
</div>
<h2 class=\"section-title\">Calificaciones</h2>
<div class=\"metric-grid\">
<div class=\"metric-card\">
<div class=\"metric-title\">Seguridad</div>
<div class=\"metric-value good\">A</div>
<div class=\"metric-detail\">Esfuerzo: $SECURITY_EFFORT min</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Confiabilidad</div>
<div class=\"metric-value good\">A</div>
<div class=\"metric-detail\">Esfuerzo: $RELIABILITY_EFFORT min</div>
</div>
<div class=\"metric-card\">
<div class=\"metric-title\">Mantenibilidad</div>
<div class=\"metric-value good\">A</div>
<div class=\"metric-detail\">Deuda: $TECH_DEBT min</div>
</div>
</div>
<div style=\"text-align: right; margin-top: 30px; color: #666;\">
Última actualización: $(date \"+%Y-%m-%d %H:%M:%S\")
</div>
</div>
</body>
</html>" > public/sonar/index.html
- name: Verify Sonar Report
run: |
echo "Verificando reporte de Sonar..."
if [ -f "public/sonar/index.html" ]; then
echo "✓ El archivo sonar/index.html existe"
ls -l public/sonar/
else
echo "✗ El archivo sonar/index.html NO existe"
echo "Contenido de public/:"
ls -R public/
fi
- name: Create main index.html
run: |
echo '<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Reportes de Pruebas</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 40px;
text-align: center;
background-color: #f5f5f5;
}
.container {
max-width: 800px;
margin: 0 auto;
padding: 20px;
background-color: white;
border-radius: 10px;
box-shadow: 0 0 10px rgba(0,0,0,0.1);
}
h1 {
color: #333;
margin-bottom: 30px;
}
.buttons {
display: flex;
justify-content: center;
gap: 20px;
}
.button {
display: inline-block;
padding: 12px 24px;
color: white;
text-decoration: none;
border-radius: 5px;
transition: background-color 0.3s;
}
.coverage-btn {
background-color: #4CAF50;
}
.coverage-btn:hover {
background-color: #45a049;
}
.bdd-btn {
background-color: #2196F3;
}
.bdd-btn:hover {
background-color: #1976D2;
}
.sonar-btn {
background-color: #FF9800;
}
.sonar-btn:hover {
background-color: #F57C00;
}
</style>
</head>
<body>
<div class="container">
<h1>Proyecto SI784-2024-II</h1>
<div class="buttons">
<a href="coverage/index.html" class="button coverage-btn">Ver Reporte de Cobertura</a>
<a href="bdd/index.html" class="button bdd-btn">Ver Reporte BDD</a>
<a href="sonar/index.html" class="button sonar-btn">Ver Reporte SonarCloud</a>
</div>
</div>
</body>
</html>' > public/index.html
- name: Deploy to GitHub Pages
uses: peaceiris/actions-gh-pages@v3
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public
enable_jekyll: false
force_orphan: true
publish_branch: gh-pages
full_commit_message: 'docs: update test reports'
- name: Semgrep Scan
run: |
# Ejecutar scan y generar SARIF
semgrep scan --sarif --output=semgrep.sarif --config=auto
# Ejecutar CI (opcional)
semgrep ci || true
- name: Process Semgrep Results
run: |
if [ -f semgrep.sarif ]; then
echo "Analizando resultados de Semgrep..."
# Obtener estadísticas básicas
TOTAL_RULES=$(cat semgrep.sarif | jq '.runs[0].tool.driver.rules | length')
TOTAL_RESULTS=$(cat semgrep.sarif | jq '.runs[0].results | length')
# Obtener severidades
HIGH_SEVERITY=$(cat semgrep.sarif | jq '[.runs[0].results[].properties.severity | select(. == "ERROR")] | length')
MEDIUM_SEVERITY=$(cat semgrep.sarif | jq '[.runs[0].results[].properties.severity | select(. == "WARNING")] | length')
LOW_SEVERITY=$(cat semgrep.sarif | jq '[.runs[0].results[].properties.severity | select(. == "NOTE")] | length')
echo "Resultados del análisis:"
echo "- Total de reglas: $TOTAL_RULES"
echo "- Total de hallazgos: $TOTAL_RESULTS"
echo "- Severidad alta: $HIGH_SEVERITY"
echo "- Severidad media: $MEDIUM_SEVERITY"
echo "- Severidad baja: $LOW_SEVERITY"
else
echo "No se encontró el archivo semgrep.sarif"
fi