DTT-GHA

.github/workflows/test-and-composer.yaml

@@ -0,0 +1,79 @@
+name: Test Sonarqube and Composer
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - '**'
+env:
+  FOLDER: "dist"
+  foldersCache: "vendor/"
+  AWS_REGION: 'eu-central-1'
+  AWS_ACCOUNT: '666356151544'
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  test-sonarqube:
+    name: Test SonarQube Scan
+    uses: ./.github/workflows/test-reusable-sonarqube.yml
+    secrets: 
+      SONAR_TOKEN: ${{ secrets.WZ_SONAR_TOKEN }}
+
+  test-composer:
+    name: Test Composer Install
+    needs: test-sonarqube
+    runs-on: ${{ vars.AWS_RG_NAME_PRO }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
+        with:
+            fetch-depth: 0   
+
+      - name: Set up PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '5.6'
+          extensions: mbstring, intl, xml, curl, zip, json
+          tools: composer:v2
+
+      - name: Install AWS CLI
+        run: |
+          sudo apt-get install unzip zip curl -y
+          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+          unzip awscliv2.zip
+          sudo ./aws/install --update
+          aws --version 
+
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708  #v5.1.1
+        with:
+          role-to-assume: ${{ vars.AWS_OIDC_ROLE_TF_PRO }}
+          role-session-name: ${{ github.run_id }}
+          aws-region: ${{ vars.WZ_OIDC_AWS_REGION }}
+
+      - name: Get cache
+        env:
+          s3Path: s3://aplazameshared-jenkins-cache/Aplazame-Public/magento/v1-dependencies-${{ github.sha }}.tar.gz
+        run: |
+          set -e
+            aws s3 cp --quiet ${s3Path} cache.tar.gz --profile AplazameSharedServices || exit 0
+            [ -f cache.tar.gz ] && tar -xf cache.tar.gz
+            aws s3 cp --quiet ${s3Path} cache.tar.gz --profile AplazameSharedServices
+
+      - name: Composer Install
+        run: composer install --prefer-dist
+
+      - name: Upload Cache
+        env:
+          s3Path: s3://aplazameshared-jenkins-cache/Aplazame-Public/magento/v1-dependencies-${{ github.sha }}.tar.gz
+        run: |
+          set -e
+            MATCHES=$(aws s3 ls ${s3Path} --profile AplazameSharedServices| wc -l)
+            [ "$MATCHES" = "0" ] && [ ! -f cache.tar.gz ] && tar -czf cache.tar.gz ${foldersCache} && aws s3 cp --quiet cache.tar.gz ${s3Path} --profile AplazameSharedServices
+            exit 0
+
+      - name: Make Styleci happy
+        run: make style

.github/workflows/test-reusable-sonarqube.yml

@@ -0,0 +1,26 @@
+name: Test SonarQube Scan
+on:
+  workflow_call:
+    secrets:
+        SONAR_TOKEN:
+          description: "Token for SonarQube"
+          required: true
+
+
+jobs:
+  test-sonarqube:
+    name: Test SonarQube Scan
+    runs-on: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/master' ||
+              github.event_name == 'pull_request' && github.event.pull_request.base.ref == 'master')
+              && vars.AWS_RG_NAME_PRO || vars.AWS_RG_NAME_NONPRO }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
+        with:
+            fetch-depth: 0
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          #SONAR_HOST_URL: ${{ vars.SONAR_HOST_URL }}

sonar-scanner.properties → sonar-project.properties

@@ -4,7 +4,7 @@ sonar.projectVersion=1.0
 sonar.projectBaseDir=/usr/src
 sonar.python.coverage.reportPaths=/src/coverage.xml
 sonar.host.url=https://sonarqube.aplazame.org/
-sonar.password=
+#sonar.password=
 sonar.ws.timeout=600
 sonar.log.level=DEBUG
 ActiveQualityGate=false