Add/coverage report #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow helps you trigger a SonarCloud analysis of your code and populates | |
| # GitHub Code Scanning alerts with the vulnerabilities found. | |
| # Free for open source project. | |
| name: SonarCloud analysis | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| types: [opened, synchronize, reopened] | |
| # eslint-disable-next-line yml/no-empty-mapping-value | |
| workflow_dispatch: | |
| permissions: | |
| pull-requests: read # allows SonarCloud to decorate PRs with analysis results | |
| env: | |
| NODE_VERSION: latest | |
| jobs: | |
| sonarqube: | |
| name: SonarQube | |
| runs-on: ${{ vars.UBUNTU_VERSION }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Use Node.js ${{ env.NODE_VERSION }} | |
| uses: actions/setup-node@master | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| - name: Install Node.js dependencies | |
| run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true" | |
| - name: Test coverage | |
| run: npm run coverage | |
| - name: SonarQube Scan | |
| uses: SonarSource/sonarqube-scan-action@v4 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |