mirror of
https://github.com/formbricks/formbricks.git
synced 2026-01-06 13:49:54 -06:00
910d257c56
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
55 lines
1.8 KiB
YAML
55 lines
1.8 KiB
YAML
name: SonarQube
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
merge_group:
|
|
permissions:
|
|
contents: read
|
|
jobs:
|
|
sonarqube:
|
|
name: SonarQube
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
|
|
|
- name: Setup Node.js 22.x
|
|
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
|
|
with:
|
|
node-version: 22.x
|
|
|
|
- name: Install pnpm
|
|
uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --config.platform=linux --config.architecture=x64
|
|
|
|
- name: create .env
|
|
run: cp .env.example .env
|
|
|
|
- name: Generate Random ENCRYPTION_KEY, CRON_SECRET & NEXTAUTH_SECRET and fill in .env
|
|
run: |
|
|
RANDOM_KEY=$(openssl rand -hex 32)
|
|
sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
|
|
sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
|
|
sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
|
|
|
|
- name: Run tests with coverage
|
|
run: |
|
|
pnpm test:coverage
|
|
- name: SonarQube Scan
|
|
uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|