From 9270a5638f7da57b10e1f7dad657d800835daea9 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 19:23:46 +0100 Subject: [PATCH 01/10] ci: update sonarcloud workflow --- .../workflows/sonarcloud-and-mutations.yml | 19 ++++++++++++++++--- SonarQube.Analysis.xml | 5 +++++ 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 SonarQube.Analysis.xml diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index e3f21e7..6486a5d 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -140,9 +140,22 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - shell: pwsh run: | - ./.sonar/scanner/dotnet-sonarscanner begin /k:"${{ secrets.SONAR_PROJECT_KEY }}" /o:"${{ secrets.SONAR_ORGANIZATION }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.projectBaseDir="$(pwd)" /d:sonar.externalIssuesReportPaths="${{ github.workspace }}/mutations/reports/mutation-sonar.json" + ./.sonar/scanner/dotnet-sonarscanner begin \ + /k:"${{ secrets.SONAR_PROJECT_KEY }}" \ + /o:"${{ secrets.SONAR_ORGANIZATION }}" \ + /d:sonar.token="${{ secrets.SONAR_TOKEN }}" \ + /d:sonar.host.url="https://sonarcloud.io" \ + /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml \ + /d:sonar.vstest.reportsPaths="**/*.trx" \ + /d:sonar.projectBaseDir="$(pwd)" \ + /d:sonar.scanner.scanAll=false \ + /d:sonar.cs.analyzeRazorCode=false \ + /d:sonar.cs.analyzeGeneratedCode=false \ + /d:sonar.cs.file.suffixes=.cs \ + /d:sonar.githubactions.activate=true \ + /d:sonar.externalIssuesReportPaths="${{ github.workspace }}/mutations/reports/mutation-sonar.json" \ + /s:"$(pwd)/SonarQube.Analysis.xml" dotnet build -c Release --no-incremental - ./.sonar/scanner/dotnet-coverage collect "dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover -c Release --no-restore --no-build" -f xml -o "coverage.xml" + ./.sonar/scanner/dotnet-coverage collect "dotnet test -c Release --no-restore --no-build --logger trx" -f xml -o "coverage.xml" ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" diff --git a/SonarQube.Analysis.xml b/SonarQube.Analysis.xml new file mode 100644 index 0000000..06c90d8 --- /dev/null +++ b/SonarQube.Analysis.xml @@ -0,0 +1,5 @@ + + + From c7d7d20e6fa55573d02119888a8ffbad57ccfc36 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 19:26:50 +0100 Subject: [PATCH 02/10] build(deps): bump dotnet-stryker version from 4.5.1 to 4.8.1 --- .config/dotnet-tools.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index 9777bcd..5914635 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -3,10 +3,10 @@ "isRoot": true, "tools": { "dotnet-stryker": { - "version": "4.5.1", + "version": "4.8.1", "commands": [ "dotnet-stryker" ] } } -} \ No newline at end of file +} From ce674b7b8836ba36e58fb62ddf23338b1b35d7c4 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 19:41:20 +0100 Subject: [PATCH 03/10] ci: update semantic-release-action version to improve release process --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 259badc..0398ba9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: - name: "Semantic Release" id: 'semantic-release' - uses: cycjimmy/semantic-release-action@v4.2.2 + uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 with: semantic_version: 24.1.2 extra_plugins: | From e2a932c9fe0565edcf9df515d235d37a0c5c829d Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 19:45:42 +0100 Subject: [PATCH 04/10] ci: update semantic version in release workflow from 24.1.2 to 24.2.7 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0398ba9..092d878 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: id: 'semantic-release' uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 with: - semantic_version: 24.1.2 + semantic_version: 24.2.7 extra_plugins: | semantic-release-plugin-csproj @semantic-release/changelog From 3d1e4788581352ba2d6070511199f53b03cd3725 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 19:47:59 +0100 Subject: [PATCH 05/10] ci: update ReportGenerator action to use hash version --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 04f258e..36a719f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -62,7 +62,7 @@ jobs: run: dotnet test --configuration Release --no-build --verbosity normal --results-directory ${{ github.workspace }}/${{ env.COVERAGE_REPORT_DIRECTORY }} --collect:"XPlat Code Coverage" - name: "Combine Coverage Reports" # This is because one report is produced per project, and we want one result for all of them. - uses: danielpalme/ReportGenerator-GitHub-Action@5.4.12 + uses: danielpalme/ReportGenerator-GitHub-Action@c4c5175a441c6603ec614f5084386dabe0e2295b with: reports: "**/*.cobertura.xml" # REQUIRED # The coverage reports that should be parsed (separated by semicolon). Globbing is supported. targetdir: "${{ github.workspace }}" # REQUIRED # The directory where the generated report should be saved. From 2dd833f3a63fac06274fd44630eea7d75f22dc47 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 19:53:45 +0100 Subject: [PATCH 06/10] ci: update sticky-pull-request-comment action to specific commit hash --- .github/workflows/sonarcloud-and-mutations.yml | 2 +- .github/workflows/tests.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index 6486a5d..1d356f8 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -122,7 +122,7 @@ jobs: run: jq -f tests/mutation-report-to-sonar.jq '${{ github.workspace }}/mutations/reports/mutation-report.json' > '${{ github.workspace }}/mutations/reports/mutation-sonar.json' - name: "Add Stryker Report in PR Comment" - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 if: github.event_name == 'pull_request' with: header: stryker-report diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 36a719f..251db7f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -94,7 +94,7 @@ jobs: thresholds: "10 30" - name: "Add Coverage in PR Comment" - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 if: github.event_name == 'pull_request' with: header: coverage-report From f7b8664732b88a701caa340af834afbd6109d839 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 20:09:54 +0100 Subject: [PATCH 07/10] ci: update workflows to secrets via env variables --- .github/workflows/sonarcloud-and-mutations.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index 1d356f8..d8e1c9a 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -107,6 +107,8 @@ jobs: dotnet tool update dotnet-coverage --tool-path ./.sonar/scanner - name: "Run Stryker" + env: + STRYKER_API_KEY: ${{ secrets.STRYKER_API_KEY }} run: | dotnet stryker \ -tp ${{ env.TEST_PROJECT_PATH }} \ @@ -114,7 +116,7 @@ jobs: --reporter json \ --reporter markdown \ --reporter progress \ - --reporter dashboard --dashboard-api-key ${{ secrets.STRYKER_API_KEY }} \ + --reporter dashboard --dashboard-api-key $STRYKER_API_KEY \ --version ${{ env.STRYKER_BRANCH }} \ -O ${{ github.workspace }}/mutations @@ -140,11 +142,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} + SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} run: | ./.sonar/scanner/dotnet-sonarscanner begin \ - /k:"${{ secrets.SONAR_PROJECT_KEY }}" \ - /o:"${{ secrets.SONAR_ORGANIZATION }}" \ - /d:sonar.token="${{ secrets.SONAR_TOKEN }}" \ + /k:"$SONAR_PROJECT_KEY" \ + /o:"$SONAR_ORGANIZATION" \ + /d:sonar.token="$SONAR_TOKEN" \ /d:sonar.host.url="https://sonarcloud.io" \ /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml \ /d:sonar.vstest.reportsPaths="**/*.trx" \ @@ -158,4 +162,4 @@ jobs: /s:"$(pwd)/SonarQube.Analysis.xml" dotnet build -c Release --no-incremental ./.sonar/scanner/dotnet-coverage collect "dotnet test -c Release --no-restore --no-build --logger trx" -f xml -o "coverage.xml" - ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="$SONAR_TOKEN" From 31c960a970228185d35a77a8a525115f8668bcfc Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 20:20:33 +0100 Subject: [PATCH 08/10] ci: update sonar organization to use environment variable --- .github/workflows/sonarcloud-and-mutations.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index d8e1c9a..0aad518 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -30,6 +30,8 @@ env: TERM: xterm # Enable ANSI color redirection NUGET_XMLDOC_MODE: skip # Disable NuGet XML documentation generation + SONAR_ORGANIZATION: 'TechNobre' + permissions: pull-requests: write # To can create a comment with the results @@ -143,11 +145,10 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} - SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} run: | ./.sonar/scanner/dotnet-sonarscanner begin \ /k:"$SONAR_PROJECT_KEY" \ - /o:"$SONAR_ORGANIZATION" \ + /o:"${{ env.SONAR_ORGANIZATION }}" \ /d:sonar.token="$SONAR_TOKEN" \ /d:sonar.host.url="https://sonarcloud.io" \ /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml \ From c5bc0b5c1cdb9a655e3004999ea2cab26b50398a Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 20:36:12 +0100 Subject: [PATCH 09/10] ci: correct sonar organization name to match case sensitivity --- .github/workflows/sonarcloud-and-mutations.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index 0aad518..cea7d9b 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -30,7 +30,7 @@ env: TERM: xterm # Enable ANSI color redirection NUGET_XMLDOC_MODE: skip # Disable NuGet XML documentation generation - SONAR_ORGANIZATION: 'TechNobre' + SONAR_ORGANIZATION: 'technobre' permissions: From 3f0bce4031d22e66b5d34bd0e7723b0a232ea836 Mon Sep 17 00:00:00 2001 From: Nelson Nobre Date: Sat, 30 Aug 2025 20:53:28 +0100 Subject: [PATCH 10/10] ci: sanitize branch name for Stryker in CI workflow --- .github/workflows/sonarcloud-and-mutations.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud-and-mutations.yml b/.github/workflows/sonarcloud-and-mutations.yml index cea7d9b..709d640 100644 --- a/.github/workflows/sonarcloud-and-mutations.yml +++ b/.github/workflows/sonarcloud-and-mutations.yml @@ -50,11 +50,17 @@ jobs: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: "Define branch name for Stryker" + env: + GH_REF: ${{ github.ref }} + GH_HEAD_REF: ${{ github.head_ref }} + GH_RUN_NUMBER: ${{ github.run_number }} run: | - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + # Sanitize branch name + SAFE_HEAD_REF="$(printf '%s' "$GH_HEAD_REF" | tr -c 'A-Za-z0-9._-' '-')" + if [[ "$GH_REF" == "refs/heads/main" ]]; then echo "STRYKER_BRANCH=main" >> $GITHUB_ENV else - echo "STRYKER_BRANCH=${{ github.head_ref }}-${{ github.run_number }}" >> $GITHUB_ENV + printf 'STRYKER_BRANCH=%s-%s\n' "$SAFE_HEAD_REF" "$GH_RUN_NUMBER" >> "$GITHUB_ENV" fi - name: "Display branch name for Stryker"