Test/media coverage

.github/workflows/backoffice-bff-ci.yaml

@@ -1,73 +1,143 @@
-name: backoffice-bff service ci
+name: backoffice-bff-ci
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ['**']
     paths:
-      - "backoffice-bff/**"
-      - ".github/workflows/actions/action.yaml"
-      - ".github/workflows/backoffice-bff-ci.yaml"
-      - "pom.xml"
+      - 'backoffice-bff/**'
+      - '.github/workflows/actions/action.yaml'
+      - '.github/workflows/backoffice-bff-ci.yaml'
+      - 'pom.xml'
   pull_request:
-    branches: [ "main" ]
+    branches: [main]
     paths:
-      - "backoffice-bff/**"
-      - ".github/workflows/actions/action.yaml"
-      - ".github/workflows/backoffice-bff-ci.yaml"
-      - "pom.xml"
+      - 'backoffice-bff/**'
+      - '.github/workflows/actions/action.yaml'
+      - '.github/workflows/backoffice-bff-ci.yaml'
+      - 'pom.xml'
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+  checks: write
+
 jobs:
-  Build:
+  test:
+    name: Test
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     env:
       FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
       - uses: ./.github/workflows/actions
+
+      - name: Install common-library
+        run: mvn install -DskipTests -pl common-library
+
+      - name: Run tests with coverage
+        run: mvn test jacoco:report -f backoffice-bff
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: backoffice-bff-test-report
+          path: backoffice-bff/target/surefire-reports/
+
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: backoffice-bff-coverage
+          path: backoffice-bff/target/site/jacoco/
+
+      - name: Check coverage threshold (>= 70%)
+        run: mvn jacoco:check@check -f backoffice-bff
+
+      - name: Add coverage report to PR
+        uses: madrapps/jacoco-report@v1.6.1
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' && github.event_name == 'pull_request' }}
+        with:
+          paths: ${{ github.workspace }}/backoffice-bff/target/site/jacoco/jacoco.xml
+          token: ${{ secrets.GITHUB_TOKEN }}
+          min-coverage-overall: 70
+          min-coverage-changed-files: 60
+          title: 'Backoffice-BFF Coverage Report'
+          update-comment: true
+
       - name: Run Maven Checkstyle
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         run: mvn checkstyle:checkstyle -f backoffice-bff -Dcheckstyle.output.file=backoffice-bff-checkstyle-result.xml
-      - name: Upload Checkstyle Result
+
+      - name: Upload Checkstyle result
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: jwgmeligmeyling/checkstyle-github-action@master
         with:
           path: '**/backoffice-bff-checkstyle-result.xml'
-      - name: Run Maven Verify
-        run: mvn clean verify -f backoffice-bff
-      - name: Analyze with sonar cloud
+
+      - name: Test Results
+        uses: dorny/test-reporter@v1
+        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' && (success() || failure()) }}
+        with:
+          name: Backoffice-BFF-Unit-Test-Results
+          path: 'backoffice-bff/**/*-reports/TEST*.xml'
+          reporter: java-junit
+
+      - name: Analyze with SonarCloud
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -f backoffice-bff
-      - name: OWASP Dependency Check
-        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
-        uses: dependency-check/Dependency-Check_Action@main
-        env:
-          JAVA_HOME: /opt/jdk
-        with:
-          project: 'yas'
-          path: '.'
-          format: 'HTML'
-      - name: Upload OWASP Dependency Check results
-        if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
-        uses: actions/upload-artifact@master
+
+  build:
+    name: Build
+    needs: [test]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
         with:
-          name: OWASP Dependency Check Report
-          path: ${{github.workspace}}/reports
+          fetch-depth: 0
+      - uses: ./.github/workflows/actions
+
+      - name: Build JAR
+        run: mvn package -DskipTests -f backoffice-bff
+
       - name: Log in to the Container registry
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and push Docker images
+
+      - name: Build and push Docker image
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./backoffice-bff
           push: true
           tags: ghcr.io/nashtech-garage/yas-backoffice-bff:latest
+
+  publish-coverage:
+    name: Publish coverage report
+    needs: [test]
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Download coverage artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: backoffice-bff-coverage
+          path: ./jacoco-report
+
+      - name: Deploy JaCoCo report to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v4
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./jacoco-report
+          destination_dir: backoffice-bff/coverage
+          keep_files: true

.github/workflows/backoffice-ci.yaml

@@ -1,86 +1,114 @@
-name: backoffice service ci
+name: backoffice-ci
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ['**']
     paths:
-      - "backoffice/**"
-      - ".github/workflows/actions/action.yaml"
-      - ".github/workflows/backoffice-ci.yaml"
+      - 'backoffice/**'
+      - '.github/workflows/actions/action.yaml'
+      - '.github/workflows/backoffice-ci.yaml'
   pull_request:
-    branches: [ "main" ]
+    branches: [main]
     paths:
-      - "backoffice/**"
-      - ".github/workflows/actions/action.yaml"
-      - ".github/workflows/backoffice-ci.yaml"
+      - 'backoffice/**'
+      - '.github/workflows/actions/action.yaml'
+      - '.github/workflows/backoffice-ci.yaml'
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+  checks: write
+
 jobs:
-  Build:
+  test:
+    name: Test
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     env:
       FROM_ORIGINAL_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.ref == 'refs/heads/main' }}
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
       - uses: actions/setup-node@v4
         with:
           node-version: 20
-      - run: npm ci
+
+      - name: Install dependencies
+        run: npm ci
         working-directory: backoffice
-      - run: npm run build
+
+      - name: Run Build (Checking for build errors)
+        run: npm run build
         working-directory: backoffice
-      - run: npm run lint
+
+      - name: Run Lint
+        run: npm run lint
         working-directory: backoffice
-      - run: npx prettier --check .
+
+      - name: Run Prettier check
+        run: npx prettier --check .
         working-directory: backoffice
-      - run: npm audit --omit=dev
+
+      - name: Run npm audit
+        run: npm audit --omit=dev
         continue-on-error: true
         working-directory: backoffice
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          scan-type: 'fs'
-          scan-ref: './backoffice'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+
       - name: SonarCloud Scan
         if: ${{ env.FROM_ORIGINAL_REPOSITORY == 'true' }}
         uses: SonarSource/sonarcloud-github-action@master
         with:
           projectBaseDir: backoffice
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  build:
+    name: Build
+    needs: [test]
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
       - name: Log in to the Container registry
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build Docker image
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
           context: ./backoffice
           tags: ghcr.io/nashtech-garage/yas-backoffice:latest
+          push: false # Build first to scan
+
       - name: Run Trivy vulnerability scanner
         if: ${{ github.ref == 'refs/heads/main' }}
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@v0.35.0
         with:
           image-ref: 'ghcr.io/nashtech-garage/yas-backoffice:latest'
           format: 'sarif'
           output: 'trivy-results.sarif'
+
       - name: Push Docker image
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: docker/build-push-action@v6
         with:
-          push: true
           context: ./backoffice
+          push: true
           tags: ghcr.io/nashtech-garage/yas-backoffice:latest
+
       - name: Upload Trivy scan results to GitHub Security tab
+        if: ${{ github.ref == 'refs/heads/main' }}
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'