feat: Phase 4 — Tests, Code Quality, E2E, SonarCloud #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Checks | |
| on: | |
| pull_request: | |
| branches: [develop, main] | |
| jobs: | |
| unit-tests: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| cache: maven | |
| - name: Run unit tests | |
| run: | | |
| for svc in user-service post-service connections-service notification-service uploader-service; do | |
| echo "=== Testing $svc ===" | |
| cd $svc && mvn test -q && cd .. | |
| done | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: unit-test-results | |
| path: '**/target/surefire-reports/*.xml' | |
| code-coverage: | |
| name: Code Coverage | |
| runs-on: ubuntu-latest | |
| needs: unit-tests | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| cache: maven | |
| - name: Run tests with coverage | |
| run: | | |
| for svc in user-service post-service connections-service notification-service uploader-service; do | |
| echo "=== Coverage for $svc ===" | |
| cd $svc && mvn test jacoco:report -q && cd .. | |
| done | |
| - name: Upload coverage report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: '**/target/site/jacoco/' | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| cache: maven | |
| - name: OWASP Dependency Check | |
| run: | | |
| for svc in user-service post-service connections-service notification-service uploader-service; do | |
| echo "=== OWASP scan for $svc ===" | |
| cd $svc && mvn dependency-check:check -DfailBuildOnCVSS=7 -DskipTestScope=true || true | |
| cd .. | |
| done | |
| - name: Upload OWASP report | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: owasp-report | |
| path: '**/target/dependency-check-report.html' | |
| code-quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| cache: maven | |
| - name: Checkstyle | |
| run: | | |
| for svc in user-service post-service connections-service notification-service uploader-service; do | |
| echo "=== Checkstyle for $svc ===" | |
| cd $svc && mvn checkstyle:check -q || true | |
| cd .. | |
| done | |
| - name: SpotBugs | |
| run: | | |
| for svc in user-service post-service connections-service notification-service uploader-service; do | |
| echo "=== SpotBugs for $svc ===" | |
| cd $svc && mvn compile spotbugs:check -q || true | |
| cd .. | |
| done | |
| sonarcloud: | |
| name: SonarCloud Analysis | |
| runs-on: ubuntu-latest | |
| needs: unit-tests | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| cache: maven | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: SonarCloud Scan | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| for svc in user-service post-service connections-service notification-service uploader-service; do | |
| echo "=== Scanning $svc ===" | |
| cd $svc | |
| mvn verify jacoco:report sonar:sonar -DskipTests \ | |
| -Dsonar.projectKey=premtsd-code_LinkedIn_${svc} \ | |
| -Dsonar.organization=premtsd-code \ | |
| -Dsonar.host.url=https://sonarcloud.io \ | |
| -Dsonar.projectName="${svc}" \ | |
| -Dsonar.java.coveragePlugin=jacoco \ | |
| -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml \ | |
| || true | |
| cd .. | |
| done |