π Source code analysis on 4148 #11129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow Name: SCA | |
| # Trigger: Pull requests to the main branch that modify any file. | |
| # | |
| # Environment: | |
| # environment: set to dev | |
| # timezone: retrieved from vars.TIMEZONE | |
| # | |
| # Setup Test Infrastructure: | |
| # Name: Infrastructure setup | |
| # Runs on: ubuntu-latest | |
| # Outputs environment and timezone variables for use in subsequent jobs. | |
| # Steps: | |
| # Echoes the environment and timezone for verification. | |
| # | |
| # Code Quality - SCA (Codacy): | |
| # Name: Codacy | |
| # Depends on: setup | |
| # Runs on: ubuntu-latest | |
| # Uses the Codacy analysis CLI action to perform code quality analysis. | |
| # | |
| # Code Quality - Spell Check: | |
| # Name: Spelling | |
| # Depends on: setup | |
| # Runs on: ubuntu-latest | |
| # Installs dependencies using npm. | |
| # Runs a spell check using the command npm run spellcheck. | |
| # | |
| # Licensing - SCA: | |
| # Name: Licensing βοΈ | |
| # Depends on: setup | |
| # Runs on: ubuntu-latest | |
| # Uses the Fossa action to scan for open-source licenses in the code. | |
| # | |
| # Key Points: | |
| # The workflow focuses on source code analysis, including code quality and licensing checks. | |
| # It uses a sequential structure, with each job depending on the completion of the previous one. | |
| # Environment variables are set in the setup job and made available to other jobs for consistency. | |
| # The workflow leverages actions from the GitHub Marketplace for specific tasks: Codacy for code quality analysis and Fossa for license scanning. | |
| # | |
| name: SCA | |
| run-name: π Source code analysis on ${{ github.event.number }} | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - 'release-*' | |
| env: | |
| environment: dev | |
| timezone: ${{ vars.TIMEZONE }} | |
| jobs: | |
| # 1. Setup test infrastructure | |
| setup: | |
| name: Infrastructure setup π§ | |
| runs-on: ubuntu-latest | |
| outputs: | |
| environment: ${{ env.environment }} | |
| timezone: ${{ env.timezone }} | |
| steps: | |
| - name: Environment π§ͺ | |
| run: echo "Environment set to ${{ env.environment }}" | |
| - name: Timezone π | |
| run: echo "Timezone set to ${{ env.timezone }}" | |
| # 2. Code quality - SCA | |
| codacy: | |
| name: Codacy π | |
| needs: setup | |
| environment: | |
| name: ${{ needs.setup.outputs.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Repository | |
| uses: actions/checkout@v4 | |
| - name: Codacy | |
| uses: codacy/codacy-analysis-cli-action@master | |
| with: | |
| verbose: true | |
| # 3. Code quality - Spell check | |
| spell: | |
| name: Spelling π | |
| needs: setup | |
| environment: | |
| name: ${{ needs.setup.outputs.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Repository | |
| uses: actions/checkout@v4 | |
| - name: Dependencies | |
| working-directory: ./ | |
| run: npm ci | |
| - name: Spell check | |
| working-directory: ./ | |
| run: npm run spellcheck | |
| # 4. Licensing - SCA | |
| license: | |
| name: Licensing βοΈ | |
| needs: setup | |
| environment: | |
| name: ${{ needs.setup.outputs.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Repository | |
| uses: actions/checkout@v4 | |
| - name: Fossa | |
| uses: fossas/fossa-action@main | |
| with: | |
| api-key: ${{ secrets.FOSSA_API_KEY }} |