update test #3012
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: WeBuddhist | |
| on: [push, pull_request, workflow_dispatch] | |
| jobs: | |
| no-console-check: | |
| name: Validate no console.log in code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check for console.log statements | |
| run: | | |
| echo "🔍 Scanning repository for console.log()..." | |
| if grep -r \ | |
| --exclude-dir={.git,node_modules,dist,build} \ | |
| --exclude-dir=".github" \ | |
| --exclude="*.yml" \ | |
| --exclude="*.yaml" \ | |
| -E "console\.log" .; then | |
| echo "::error:: console.log() statements found — remove them before merging." | |
| exit 1 | |
| else | |
| echo " No console.log() found. Proceeding." | |
| fi | |
| gitleaks: | |
| name: Gitleaks Scan | |
| continue-on-error: true | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Gitleaks | |
| uses: dhsathiya/gitleaks-action@main | |
| with: | |
| config: .gitleaks.toml # Optional: Use a custom config file if available | |
| fail: true # Fail workflow if secrets are detected | |
| verbose: true # Enable detailed output | |
| - name: Upload Gitleaks Report (Optional) | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: gitleaks-report | |
| path: gitleaks-report.json | |
| buildDockerImage: | |
| name: Build and Dockerize | |
| runs-on: ubuntu-latest | |
| needs: [gitleaks] | |
| if: success() | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: log in Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.PECHA_REPO }} | |
| - name: Set short git commit SHA | |
| id: vars | |
| run: | | |
| if [[ -n "${{ github.ref }}" && "${{ github.ref }}" =~ ^refs/tags/ ]]; then | |
| tagNumber=$(echo "${{ github.ref }}" | sed 's#refs/tags/##') | |
| echo "IMAGE_TAG=$tagNumber" >> $GITHUB_ENV | |
| else | |
| calculatedSha=$(git rev-parse --short ${{ github.sha }}) | |
| echo "IMAGE_TAG=${{ github.run_id }}-$calculatedSha" >> $GITHUB_ENV | |
| fi | |
| - name: Confirm git commit SHA output | |
| run: echo ${{ env.IMAGE_TAG }} | |
| - name: Build Docker image in Github container registry | |
| run: | | |
| lower_owner=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') | |
| docker build -t ghcr.io/$lower_owner/pecha-frontend:${{ env.IMAGE_TAG }} . | |
| - name: Push Docker image to GHCR | |
| run: | | |
| lower_owner=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') | |
| docker push ghcr.io/$lower_owner/pecha-frontend:${{ env.IMAGE_TAG }} | |
| deploy: | |
| name: Deploy the image | |
| runs-on: ubuntu-latest | |
| needs: [buildDockerImage] | |
| if: success() | |
| steps: | |
| - name: Trigger Render Deployment | |
| run: | | |
| curl -X POST "${{ secrets.RENDER_DEPLOY_HOOK_URL }}" | |
| sonarQube: | |
| name: SonarQube Scan | |
| needs: [buildDockerImage] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| # Fetch all history for better SonarQube analysis | |
| fetch-depth: 0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run tests with coverage | |
| run: npm run coverage | |
| - name: SonarQube Scan | |
| uses: SonarSource/sonarqube-scan-action@v5 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |