From ec85d37f2d53704131820b99bf58063cd53bf70e Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:23:06 -0600 Subject: [PATCH 1/8] feat: config SonarQube --- .github/actions/sonarcloud/action.yml | 28 +++++++++++++++++++++++++++ .github/workflows/ci.yml | 24 +++++++++++++++++++++++ sonar-project.properties | 23 ++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 .github/actions/sonarcloud/action.yml create mode 100644 .github/workflows/ci.yml create mode 100644 sonar-project.properties diff --git a/.github/actions/sonarcloud/action.yml b/.github/actions/sonarcloud/action.yml new file mode 100644 index 0000000..20d62bd --- /dev/null +++ b/.github/actions/sonarcloud/action.yml @@ -0,0 +1,28 @@ +name: sonarcloud +description: SonarCloud Scan action +inputs: + sonar-token: + description: sonarToken + required: true + report-path: + description: report Path + required: true + +runs: + using: composite + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Download coverage data for artisan-api + uses: actions/download-artifact@v4 + with: + path: ./components/artisan-api/coverage + name: artisan-api-test-coverage + - name: SonarCloud Scan + uses: SonarSource/sonarqube-scan-action@v4.2.0 + env: + SONAR_TOKEN: ${{inputs.sonar-token}} + with: + args: > + -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..4b60b2e --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,24 @@ +name: CI + +on: + push: + branches: + - main + pull_request: + +permissions: + id-token: write + contents: read + +jobs: + quality: + name: Quality + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Sonarcloud Scan + uses: ./.github/actions/sonarcloud + with: + sonar-token: ${{ secrets.SONARCLOUD_USER_TOKEN }} \ No newline at end of file diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..7599bf4 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,23 @@ +# must be unique in a given SonarQube instance +sonar.projectKey=AlexByte18_artisan-api +sonar.organization=artisan + +# --- optional properties --- +sonar.javascript.lcov.reportPaths=**/coverage/**/lcov.info +sonar.scm.exclusions.disabled=true +sonar.scm.forceReloadAll=true + +# Path is relative to the sonar-project.properties file. Defaults to . +sonar.sources=. + +# Encoding of the source code. Default is default system encoding +sonar.sourceEncoding=UTF-8 +sonar.inclusions=**/*.ts,**/*.tsx,**/*.js,**/*.jsx,**/*.tf +sonar.exclusions=**/testHelpers/**/*,**/__tests__/**/*,**/mock*.ts,**/__mocks__/**/* +sonar.typescript.file.suffixes=.ts,.tsx + +# Coverage exclusions for specific files or folders +# Excluding artisan-api from coverage temporarily +sonar.coverage.exclusions=components/artisan-api/src/__service_tests__/**/*,components/artisan-api/src/testHelpers/**/*,components/artisan-api/scripts/**/*,components/artisan-api/**/handler.ts,components/artisan-api/src/resources/Profiles/dev-assets/index.ts +sonar.tests=. +sonar.test.inclusions=**/*.test.tsx,**/*.test.ts,**/testHelpers/**/*,**/__tests__/**/*,**/mock*.ts \ No newline at end of file From 10810c4d359eb269429db7e56ebdb8756a819051 Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:26:38 -0600 Subject: [PATCH 2/8] feat: updata sonarcloud config --- .github/actions/sonarcloud/action.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/actions/sonarcloud/action.yml b/.github/actions/sonarcloud/action.yml index 20d62bd..4850b90 100644 --- a/.github/actions/sonarcloud/action.yml +++ b/.github/actions/sonarcloud/action.yml @@ -14,11 +14,6 @@ runs: - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Download coverage data for artisan-api - uses: actions/download-artifact@v4 - with: - path: ./components/artisan-api/coverage - name: artisan-api-test-coverage - name: SonarCloud Scan uses: SonarSource/sonarqube-scan-action@v4.2.0 env: From 8e089740fd67c7481bb791bdd2eceffd5726ea35 Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:29:35 -0600 Subject: [PATCH 3/8] wip: test new sonarcloud config --- .github/actions/sonarcloud/action.yml | 39 +++++++++++++-------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/.github/actions/sonarcloud/action.yml b/.github/actions/sonarcloud/action.yml index 4850b90..09d275e 100644 --- a/.github/actions/sonarcloud/action.yml +++ b/.github/actions/sonarcloud/action.yml @@ -1,23 +1,20 @@ name: sonarcloud description: SonarCloud Scan action -inputs: - sonar-token: - description: sonarToken - required: true - report-path: - description: report Path - required: true - -runs: - using: composite - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@v4.2.0 - env: - SONAR_TOKEN: ${{inputs.sonar-token}} - with: - args: > - -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \ No newline at end of file +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: + sonarqube: + name: SonarQube + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v6 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file From 90ee35108f069287cec22886ab81b9ec1db00175 Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:31:37 -0600 Subject: [PATCH 4/8] feat: restore sonarcloud config --- .github/actions/sonarcloud/action.yml | 36 +++++++++++++-------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/actions/sonarcloud/action.yml b/.github/actions/sonarcloud/action.yml index 09d275e..ed8ec2a 100644 --- a/.github/actions/sonarcloud/action.yml +++ b/.github/actions/sonarcloud/action.yml @@ -1,20 +1,20 @@ name: sonarcloud description: SonarCloud Scan action -on: - push: - branches: - - master - pull_request: - types: [opened, synchronize, reopened] -jobs: - sonarqube: - name: SonarQube - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v6 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file +inputs: + sonar-token: + description: sonarToken + required: true + +runs: + using: composite + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarCloud Scan + uses: SonarSource/sonarqube-scan-action@v4.2.0 + env: + SONAR_TOKEN: ${{inputs.sonar-token}} + with: + args: > + -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \ No newline at end of file From 8716de6fb1d46978aa5ad84811bf42becb0ff986 Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:41:18 -0600 Subject: [PATCH 5/8] fix: sonarcloud config issue --- .github/actions/sonarcloud/action.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/actions/sonarcloud/action.yml b/.github/actions/sonarcloud/action.yml index ed8ec2a..38d3efd 100644 --- a/.github/actions/sonarcloud/action.yml +++ b/.github/actions/sonarcloud/action.yml @@ -14,7 +14,4 @@ runs: - name: SonarCloud Scan uses: SonarSource/sonarqube-scan-action@v4.2.0 env: - SONAR_TOKEN: ${{inputs.sonar-token}} - with: - args: > - -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} \ No newline at end of file + SONAR_TOKEN: ${{inputs.sonar-token}} \ No newline at end of file From cbd1579700db86627be4ff1e35da3e2be0bdbc37 Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:46:21 -0600 Subject: [PATCH 6/8] fix: secret name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4b60b2e..c843f34 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,4 +21,4 @@ jobs: - name: Sonarcloud Scan uses: ./.github/actions/sonarcloud with: - sonar-token: ${{ secrets.SONARCLOUD_USER_TOKEN }} \ No newline at end of file + sonar-token: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file From eae890c4a2d18663f980232bf8e9bee4eaeefc0c Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Thu, 4 Dec 2025 23:52:43 -0600 Subject: [PATCH 7/8] wip: debug sonar config --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c843f34..48a6c97 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,15 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Debug Token + run: | + if [ -z "${{ secrets.SONAR_TOKEN }}" ]; then + echo "ERROR: SONAR_TOKEN está vacío" + else + echo "SONAR_TOKEN existe (primeros 10 caracteres): $(echo ${{ secrets.SONAR_TOKEN }} | cut -c1-10)..." + echo "Longitud del token: $(echo -n ${{ secrets.SONAR_TOKEN }} | wc -c)" + fi + - name: Sonarcloud Scan uses: ./.github/actions/sonarcloud with: From 2af5ee3514ddb2568f721e3dfe68cd752c9ea8df Mon Sep 17 00:00:00 2001 From: THAlexCortes Date: Fri, 5 Dec 2025 00:12:05 -0600 Subject: [PATCH 8/8] feat: final sonar config --- .github/workflows/ci.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 48a6c97..c843f34 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,15 +18,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Debug Token - run: | - if [ -z "${{ secrets.SONAR_TOKEN }}" ]; then - echo "ERROR: SONAR_TOKEN está vacío" - else - echo "SONAR_TOKEN existe (primeros 10 caracteres): $(echo ${{ secrets.SONAR_TOKEN }} | cut -c1-10)..." - echo "Longitud del token: $(echo -n ${{ secrets.SONAR_TOKEN }} | wc -c)" - fi - - name: Sonarcloud Scan uses: ./.github/actions/sonarcloud with: