Skip to content

ci: improve sonar coverage settings #33

ci: improve sonar coverage settings

ci: improve sonar coverage settings #33

Workflow file for this run

name: Main
on:
push:
branches:
- main
pull_request:
permissions:
contents: read
env:
# Disabled husky on CI by default
HUSKY: 0
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
commitcheck:
runs-on: ubuntu-latest
steps:
- name: Set up source code
uses: actions/checkout@v4
- name: Set up pnpm
uses: pnpm/action-setup@v4
- name: Set up nodejs
uses: actions/setup-node@v4
with:
node-version-file: .tool-versions
cache: pnpm
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Validate current commit
run: pnpm commitlint --last --verbose
- name: Validate pull-request title
if: github.event_name == 'pull_request'
run: echo "$PR_TITLE" | pnpm commitlint --verbose
env:
PR_TITLE: "${{ github.event.pull_request.title }}"
spellcheck:
runs-on: ubuntu-latest
steps:
- name: Set up source code
uses: actions/checkout@v4
- name: Run cspell
uses: streetsidesoftware/cspell-action@v6
with:
config: ".github/linters/cspell.json"
# Limit the files checked to the ones in the pull request or push.
incremental_files_only: false
strict: true
inline: warning
verbose: true
licensecheck:
runs-on: ubuntu-latest
steps:
- name: Set up source code
uses: actions/checkout@v4
- name: Scan dependencies
uses: fossas/fossa-action@main
with:
api-key: ${{ secrets.FOSSA_API_KEY }}
- name: Test dependencies
uses: fossas/fossa-action@main
with:
api-key: ${{ secrets.FOSSA_API_KEY }}
run-tests: true
lintcheck:
runs-on: ubuntu-latest
needs:
- commitcheck
permissions:
contents: read
packages: read
statuses: write
steps:
- name: Set up source code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Start super-linter
uses: super-linter/super-linter/slim@v7
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IGNORE_GITIGNORED_FILES: true
VALIDATE_ALL_CODEBASE: false
## json using eslint which conflicted with repo file
VALIDATE_JSON: false
## Should be run by nx lint target
VALIDATE_TSX: false
VALIDATE_JSX: false
VALIDATE_TYPESCRIPT_ES: false
VALIDATE_JAVASCRIPT_ES: false
## We didn't use typescript-standard
VALIDATE_TYPESCRIPT_STANDARD: false
main:
runs-on: ubuntu-latest
needs:
- commitcheck
- spellcheck
- licensecheck
steps:
- name: Set up source code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up pnpm
uses: pnpm/action-setup@v4
## https://nx.dev/ci/reference/nx-cloud-cli#npx-nxcloud-startcirun
# - name: Set up task distribution
# run: pnpm dlx nx-cloud start-ci-run --distribute-on="3 linux-medium-js" --stop-agents-after="build"
- name: Set up nodejs
uses: actions/setup-node@v4
with:
node-version-file: .tool-versions
cache: pnpm
- name: Set up affected modules
uses: nrwl/nx-set-shas@v4
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Lint, Build and Test packages
run: pnpm start:ci
env:
NX_CLOUD_ACCESS_TOKEN: "${{ secrets.NX_CLOUD_ACCESS_TOKEN }}"
- name: Scan source code
if: always()
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Upload test results
if: always()
uses: actions/upload-artifact@v4
with:
name: test-results
path: reports
retention-days: 5