-
Notifications
You must be signed in to change notification settings - Fork 5
121 lines (106 loc) · 3.03 KB
/
sca.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Workflow Name: SCA
# Trigger: Pull requests to the main branch that modify any file.
#
# Environment:
# environment: set to dev
# timezone: retrieved from vars.TIMEZONE
#
# Setup Test Infrastructure:
# Name: Infrastructure setup
# Runs on: ubuntu-latest
# Outputs environment and timezone variables for use in subsequent jobs.
# Steps:
# Echoes the environment and timezone for verification.
#
# Code Quality - SCA (Codacy):
# Name: Codacy
# Depends on: setup
# Runs on: ubuntu-latest
# Uses the Codacy analysis CLI action to perform code quality analysis.
#
# Code Quality - Spell Check:
# Name: Spelling
# Depends on: setup
# Runs on: ubuntu-latest
# Installs dependencies using npm.
# Runs a spell check using the command npm run spellcheck.
#
# Licensing - SCA:
# Name: Licensing ✏️
# Depends on: setup
# Runs on: ubuntu-latest
# Uses the Fossa action to scan for open-source licenses in the code.
#
# Key Points:
# The workflow focuses on source code analysis, including code quality and licensing checks.
# It uses a sequential structure, with each job depending on the completion of the previous one.
# Environment variables are set in the setup job and made available to other jobs for consistency.
# The workflow leverages actions from the GitHub Marketplace for specific tasks: Codacy for code quality analysis and Fossa for license scanning.
#
name: SCA
run-name: 🔎 Source code analysis on ${{ github.event.number }}
on:
pull_request:
branches:
- main
- 'release-*'
env:
environment: dev
timezone: ${{ vars.TIMEZONE }}
jobs:
# 1. Setup test infrastructure
setup:
name: Infrastructure setup 🔧
runs-on: ubuntu-latest
outputs:
environment: ${{ env.environment }}
timezone: ${{ env.timezone }}
steps:
- name: Environment 🧪
run: echo "Environment set to ${{ env.environment }}"
- name: Timezone 🌐
run: echo "Timezone set to ${{ env.timezone }}"
# 2. Code quality - SCA
codacy:
name: Codacy 🔖
needs: setup
environment:
name: ${{ needs.setup.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Repository
uses: actions/checkout@v4
- name: Codacy
uses: codacy/codacy-analysis-cli-action@master
with:
verbose: true
# 3. Code quality - Spell check
spell:
name: Spelling 📚
needs: setup
environment:
name: ${{ needs.setup.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Repository
uses: actions/checkout@v4
- name: Dependencies
working-directory: ./
run: npm ci
- name: Spell check
working-directory: ./
run: npm run spellcheck
# 4. Licensing - SCA
license:
name: Licensing ✏️
needs: setup
environment:
name: ${{ needs.setup.outputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Repository
uses: actions/checkout@v4
- name: Fossa
uses: fossas/fossa-action@main
with:
api-key: ${{ secrets.FOSSA_API_KEY }}