feat: Enhance "Add collection manually" component with autocomplete and source-based version filtering #344
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Quality | |
| on: | |
| pull_request_target: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| sonarcloud: | |
| name: SonarCloud Analysis | |
| runs-on: ubuntu-latest | |
| # SECURITY: Require environment approval for pull_request_target to prevent pwn requests | |
| # https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/ | |
| # The 'sonarcloud-analysis' environment must be created in repo settings with required reviewers | |
| environment: ${{ github.event_name == 'pull_request_target' && 'sonarcloud-analysis' || '' }} | |
| # Skip for patchback PRs (automated backports of already-tested code) | |
| if: "!startsWith(github.event.pull_request.head.ref, 'patchback/backports/')" | |
| permissions: | |
| actions: read | |
| contents: read | |
| pull-requests: write | |
| statuses: write | |
| steps: | |
| - name: Checkout PR code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| fetch-depth: 0 # Shallow clones should be disabled for better SonarCloud analysis | |
| - name: Wait for PR workflow to complete | |
| if: github.event_name == 'pull_request_target' | |
| uses: lewagon/wait-on-check-action@v1.3.4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| check-regexp: 'Test with Node.js (20|22)' | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| wait-interval: 10 | |
| - name: Get PR workflow run ID | |
| if: github.event_name == 'pull_request_target' | |
| id: get-run-id | |
| run: | | |
| RUN_ID=$(gh api \ | |
| -H "Accept: application/vnd.github+json" \ | |
| "/repos/${{ github.repository }}/actions/workflows/pr.yml/runs?head_sha=${{ github.event.pull_request.head.sha }}&status=completed&per_page=1" \ | |
| --jq '.workflow_runs[0].id') | |
| echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT | |
| echo "Found PR workflow run ID: $RUN_ID" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download coverage artifacts from PR workflow | |
| if: github.event_name == 'pull_request_target' | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_minutes: 5 | |
| max_attempts: 3 | |
| retry_wait_seconds: 10 | |
| command: | | |
| gh run download ${{ steps.get-run-id.outputs.run_id }} \ | |
| --name coverage-report-20 \ | |
| --dir ./coverage | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run tests with coverage (for push to main) | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| # Setup Node.js, install deps, and run tests only for push events | |
| yarn install --frozen-lockfile | |
| yarn run test:all | |
| npx -y nyc report --reporter html --reporter text -t coverage --report-dir coverage/summary | |
| awk '/^SF:/{found=/^SF:plugins\//} found' ./coverage/lcov.info > ./coverage/lcov-plugins.info || true | |
| - name: Extract and export repo owner/name | |
| shell: bash | |
| run: | | |
| REPO_SLUG="${GITHUB_REPOSITORY}" | |
| IFS="/" read -r REPO_OWNER REPO_NAME <<< "$REPO_SLUG" | |
| echo "REPO_OWNER=$REPO_OWNER" >> $GITHUB_ENV | |
| echo "REPO_NAME=$REPO_NAME" >> $GITHUB_ENV | |
| - name: SonarCloud Scan (Pull Request) | |
| if: github.event_name == 'pull_request_target' | |
| uses: SonarSource/sonarqube-scan-action@v6 | |
| env: | |
| SONAR_TOKEN: ${{ secrets[format('{0}', vars.SONAR_TOKEN_SECRET_NAME)] }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=${{ env.REPO_OWNER }} | |
| -Dsonar.projectKey=${{ env.REPO_OWNER }}_${{ env.REPO_NAME }} | |
| -Dsonar.projectName='ansible-backstage-plugins' | |
| -Dsonar.sources=plugins | |
| -Dsonar.tests=plugins | |
| -Dsonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.test.js,**/*.test.jsx | |
| -Dsonar.exclusions=**/*.test.ts,**/*.test.tsx,**/*.test.js,**/*.test.jsx,**/.eslintrc.js | |
| -Dsonar.javascript.lcov.reportPaths=./coverage/lcov-plugins.info | |
| -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }} | |
| -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} | |
| -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} | |
| -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} | |
| -Dsonar.qualitygate.wait=true | |
| - name: SonarCloud Scan (Branch) | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| uses: SonarSource/sonarqube-scan-action@v6 | |
| env: | |
| SONAR_TOKEN: ${{ secrets[format('{0}', vars.SONAR_TOKEN_SECRET_NAME)] }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=${{ env.REPO_OWNER }} | |
| -Dsonar.projectKey=${{ env.REPO_OWNER }}_${{ env.REPO_NAME }} | |
| -Dsonar.projectName='ansible-backstage-plugins' | |
| -Dsonar.sources=plugins | |
| -Dsonar.tests=plugins | |
| -Dsonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.test.js,**/*.test.jsx | |
| -Dsonar.exclusions=**/*.test.ts,**/*.test.tsx,**/*.test.js,**/*.test.jsx,**/.eslintrc.js | |
| -Dsonar.javascript.lcov.reportPaths=./coverage/lcov-plugins.info | |
| -Dsonar.branch.name=${{ github.ref_name }} | |
| -Dsonar.qualitygate.wait=true |