diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index 9777bcd..5914635 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -3,10 +3,10 @@ "isRoot": true, "tools": { "dotnet-stryker": { - "version": "4.5.1", + "version": "4.8.1", "commands": [ "dotnet-stryker" ] } } -} \ No newline at end of file +} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 259badc..092d878 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,9 +26,9 @@ jobs: - name: "Semantic Release" id: 'semantic-release' - uses: cycjimmy/semantic-release-action@v4.2.2 + uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 with: - semantic_version: 24.1.2 + semantic_version: 24.2.7 extra_plugins: | semantic-release-plugin-csproj @semantic-release/changelog diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index e3f21e7..709d640 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -30,6 +30,8 @@ env: TERM: xterm # Enable ANSI color redirection NUGET_XMLDOC_MODE: skip # Disable NuGet XML documentation generation + SONAR_ORGANIZATION: 'technobre' + permissions: pull-requests: write # To can create a comment with the results @@ -48,11 +50,17 @@ jobs: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: "Define branch name for Stryker" + env: + GH_REF: ${{ github.ref }} + GH_HEAD_REF: ${{ github.head_ref }} + GH_RUN_NUMBER: ${{ github.run_number }} run: | - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + # Sanitize branch name + SAFE_HEAD_REF="$(printf '%s' "$GH_HEAD_REF" | tr -c 'A-Za-z0-9._-' '-')" + if [[ "$GH_REF" == "refs/heads/main" ]]; then echo "STRYKER_BRANCH=main" >> $GITHUB_ENV else - echo "STRYKER_BRANCH=${{ github.head_ref }}-${{ github.run_number }}" >> $GITHUB_ENV + printf 'STRYKER_BRANCH=%s-%s\n' "$SAFE_HEAD_REF" "$GH_RUN_NUMBER" >> "$GITHUB_ENV" fi - name: "Display branch name for Stryker" @@ -107,6 +115,8 @@ jobs: dotnet tool update dotnet-coverage --tool-path ./.sonar/scanner - name: "Run Stryker" + env: + STRYKER_API_KEY: ${{ secrets.STRYKER_API_KEY }} run: | dotnet stryker \ -tp ${{ env.TEST_PROJECT_PATH }} \ @@ -114,7 +124,7 @@ jobs: --reporter json \ --reporter markdown \ --reporter progress \ - --reporter dashboard --dashboard-api-key ${{ secrets.STRYKER_API_KEY }} \ + --reporter dashboard --dashboard-api-key $STRYKER_API_KEY \ --version ${{ env.STRYKER_BRANCH }} \ -O ${{ github.workspace }}/mutations @@ -122,7 +132,7 @@ jobs: run: jq -f tests/mutation-report-to-sonar.jq '${{ github.workspace }}/mutations/reports/mutation-report.json' > '${{ github.workspace }}/mutations/reports/mutation-sonar.json' - name: "Add Stryker Report in PR Comment" - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 if: github.event_name == 'pull_request' with: header: stryker-report @@ -140,9 +150,23 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - shell: pwsh + SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} run: | - ./.sonar/scanner/dotnet-sonarscanner begin /k:"${{ secrets.SONAR_PROJECT_KEY }}" /o:"${{ secrets.SONAR_ORGANIZATION }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.projectBaseDir="$(pwd)" /d:sonar.externalIssuesReportPaths="${{ github.workspace }}/mutations/reports/mutation-sonar.json" + ./.sonar/scanner/dotnet-sonarscanner begin \ + /k:"$SONAR_PROJECT_KEY" \ + /o:"${{ env.SONAR_ORGANIZATION }}" \ + /d:sonar.token="$SONAR_TOKEN" \ + /d:sonar.host.url="https://sonarcloud.io" \ + /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml \ + /d:sonar.vstest.reportsPaths="**/*.trx" \ + /d:sonar.projectBaseDir="$(pwd)" \ + /d:sonar.scanner.scanAll=false \ + /d:sonar.cs.analyzeRazorCode=false \ + /d:sonar.cs.analyzeGeneratedCode=false \ + /d:sonar.cs.file.suffixes=.cs \ + /d:sonar.githubactions.activate=true \ + /d:sonar.externalIssuesReportPaths="${{ github.workspace }}/mutations/reports/mutation-sonar.json" \ + /s:"$(pwd)/SonarQube.Analysis.xml" dotnet build -c Release --no-incremental - ./.sonar/scanner/dotnet-coverage collect "dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover -c Release --no-restore --no-build" -f xml -o "coverage.xml" - ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + ./.sonar/scanner/dotnet-coverage collect "dotnet test -c Release --no-restore --no-build --logger trx" -f xml -o "coverage.xml" + ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="$SONAR_TOKEN" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 04f258e..251db7f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -62,7 +62,7 @@ jobs: run: dotnet test --configuration Release --no-build --verbosity normal --results-directory ${{ github.workspace }}/${{ env.COVERAGE_REPORT_DIRECTORY }} --collect:"XPlat Code Coverage" - name: "Combine Coverage Reports" # This is because one report is produced per project, and we want one result for all of them. - uses: danielpalme/ReportGenerator-GitHub-Action@5.4.12 + uses: danielpalme/ReportGenerator-GitHub-Action@c4c5175a441c6603ec614f5084386dabe0e2295b with: reports: "**/*.cobertura.xml" # REQUIRED # The coverage reports that should be parsed (separated by semicolon). Globbing is supported. targetdir: "${{ github.workspace }}" # REQUIRED # The directory where the generated report should be saved. @@ -94,7 +94,7 @@ jobs: thresholds: "10 30" - name: "Add Coverage in PR Comment" - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 if: github.event_name == 'pull_request' with: header: coverage-report diff --git a/SonarQube.Analysis.xml b/SonarQube.Analysis.xml new file mode 100644 index 0000000..06c90d8 --- /dev/null +++ b/SonarQube.Analysis.xml @@ -0,0 +1,5 @@ + + +