Update zap.yml #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node.js CI/CD with NPM | |
| on: | |
| push: | |
| branches: | |
| - | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate a token | |
| id: generate_token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.APPID }} | |
| private-key: ${{ secrets.PRIVATEKEY }} | |
| - name: Use the token | |
| env: | |
| GH_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| run: | | |
| gh api octocat | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16' # You can adjust the version as needed | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Install mocha | |
| run: npm install -g mochawesome mochawesome-report-generator | |
| - name: unit test | |
| run: npm run test:unit | |
| - name: BDD test | |
| run: npm run test:bdd | |
| ## Snyk integration | |
| # - name: Run Snyk to check for vulnerabilities | |
| # uses: snyk/actions/maven@master | |
| # continue-on-error: true | |
| # env: | |
| # SNYK_TOKEN: ${{secrets.SNYK_TOKEN}} | |
| ## Sonar Cloud Integration | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: sonarQube | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - uses: sonarsource/sonarqube-scan-action@v3 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| # - name: Install SonarCloud Scanner | |
| # run: npm install -g sonar-scanner | |
| # - name: Run SonarCloud Scan | |
| # env: | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SonarCloud token stored as a GitHub secret | |
| #run: | | |
| # sonar-scanner \ | |
| # -Dsonar.projectKey=vivek28058_Unit \ | |
| # -Dsonar.organization=vivek28058 \ | |
| #-Dsonar.sources=. \ | |
| #-Dsonar.host.url=https://sonarcloud.io \ | |
| #-Dsonar.login=${{ secrets.SONAR_TOKEN }} | |