change some defaults

2025-04-22 13:43:33 +02:00
parent de3a4fb281
commit ac0977b84b
28 changed files with 1465 additions and 8922 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -0,0 +1,89 @@
+name: Tests
+
+on:
+  push:
+
+env:
+  REPO_NAME: template-desktop
+
+jobs:
+  static-code-checks:
+    name: Static code checks
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup BunJS
+        uses: oven-sh/setup-bun@v2
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: run Astro and TypeScript checks
+        run: bun run check
+  run:
+    name: Unit tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup BunJS
+        uses: oven-sh/setup-bun@v2
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      # - name: Prepare Tests
+      #   run: npm run install:test
+
+      - name: Test
+        # run : npm run test
+        run: bun run test:unit
+  secrets-scanner:
+    name: Secrets Scanning
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Secret Scanning
+        uses: onboardbase/securelog-scan@main
+        with:
+          exclude: "node_modules,dist" # Comma-separated list of folders to exclude (optional)
+          commits: 100 # Number of recent commits to scan (optional)
+          changed: "true" # Set to "false" to scan entire repository instead of just files that was changed (optional)
+          mask: "true" # that is mask secret value e.g sk_******
+          verify: "true" # that is verify potential secrets against their service provider
+
+  sonarqube:
+    name: SonarQube
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+
+      - name: Setup BunJS
+        uses: oven-sh/setup-bun@v2
+
+      - name: Install project dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Run coverage
+        run: bun run test:unit
+        continue-on-error: true # continue on error as we still want reporting to be done
+
+      - name: Scan repository
+        uses: Aviortheking/sonarqube-action@v5.1.0
+        with:
+          host: ${{ secrets.SONARQUBE_HOST }}
+          login: ${{ secrets.SONARQUBE_TOKEN }}
+          projectKey: ${{ env.REPO_NAME }}
+          args: >
+            -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info