template-desktop/.github/workflows/tests.yml

name: Tests

on:
  push:

env:
  REPO_NAME: template-desktop

jobs:
  static-code-checks:
    name: Static code checks
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup BunJS
        uses: oven-sh/setup-bun@v2

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: run Astro and TypeScript checks
        run: bun run check
  run:
    name: Unit tests
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup BunJS
        uses: oven-sh/setup-bun@v2

      - name: Install dependencies
        run: bun install --frozen-lockfile

      # - name: Prepare Tests
      #   run: npm run install:test

      - name: Test
        # run : npm run test
        run: bun run test:unit
  secrets-scanner:
    name: Secrets Scanning
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Secret Scanning
        uses: onboardbase/securelog-scan@main
        with:
          exclude: "node_modules,dist" # Comma-separated list of folders to exclude (optional)
          commits: 100 # Number of recent commits to scan (optional)
          changed: "true" # Set to "false" to scan entire repository instead of just files that was changed (optional)
          mask: "true" # that is mask secret value e.g sk_******
          verify: "true" # that is verify potential secrets against their service provider

  sonarqube:
    name: SonarQube
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting
          fetch-depth: 0

      - name: Setup BunJS
        uses: oven-sh/setup-bun@v2

      - name: Install project dependencies
        run: bun install --frozen-lockfile

      - name: Run coverage
        run: bun run test:unit
        continue-on-error: true # continue on error as we still want reporting to be done

      - name: Scan repository
        uses: Aviortheking/sonarqube-action@v5.1.0
        with:
          host: ${{ secrets.SONARQUBE_HOST }}
          login: ${{ secrets.SONARQUBE_TOKEN }}
          projectKey: ${{ env.REPO_NAME }}
          args: >
            -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info