.github/workflows/main.yml

name: ScaleUp Application CI workflow
on: [push, pull_request]
jobs:
  build:
    name: Build Stage
    runs-on: ubuntu-latest
    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]') && !contains(github.event.pull_request.title, '[skip ci]') && !contains(github.event.pull_request.title, '[ci skip]')"
    timeout-minutes: 40
    env:
      NODE_VERSION: 20.15.0
      SPRING_OUTPUT_ANSI_ENABLED: DETECT
      SPRING_JPA_SHOW_SQL: false
      JHI_DISABLE_WEBPACK_LOGS: true
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20.15.0
      - uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: 17
      - name: Install Node.js packages
        run: npm install
      - name: Package application
        run: npm run java:jar:prod

  backend-test:
    name: Backend Test Stage
    runs-on: ubuntu-latest
    needs: build
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: 17
      - name: Run backend test
        run: |
          chmod +x mvnw
          npm run ci:backend:test

  frontend-test:
    name: Frontend Test Stage
    runs-on: ubuntu-latest
    needs: build
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20.15.0
      - name: Install Node.js packages
        run: npm install
      - name: Run frontend test
        run: npm run ci:frontend:test
  sonar:
    name: Sonar SAST Scan
    runs-on: ubuntu-latest
    needs: [backend-test, frontend-test]
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: 'zulu' # Alternative distribution options are available.
      - name: Cache SonarCloud packages
        uses: actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Cache Maven packages
        uses: actions/cache@v3
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build and analyze
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=sayoungestguy_scaleup
  snyk:
    name: Vulnerability Scanning with Synk
    needs: [backend-test, frontend-test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/maven@master
        continue-on-error: true # To make sure that SARIF upload gets called
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif
  #      - name: Upload result to GitHub Code Scanning
  #        uses: github/codeql-action/upload-sarif@v3
  #        with:
  #          sarif_file: snyk.sarif
  eslint:
    name: ESLint Code Quality
    runs-on: ubuntu-latest
    needs: [backend-test, frontend-test]
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20.15.0
      - name: Install Node.js packages
        run: npm install
      - name: Install ESLint
        run: npm install eslint --save-dev

      - name: Run ESLint
        run: |
          npx eslint . -f json -o eslint-report.json
          npx eslint . -f html -o eslint-report.html

      - name: Upload ESLint Report
        uses: actions/upload-artifact@v4
        with:
          name: eslint-report
          path: |
            ./eslint-report.json
            ./eslint-report.html
  dast-scan:
    name: DAST OWASP ZAP Scans
    runs-on: ubuntu-latest
    needs: [backend-test, frontend-test]
    strategy:
      matrix:
        node-version: [20.x]
    steps:
      - uses: actions/checkout@v2
      - name: Change script permission
        run: |
          chmod +x script/zap-script.sh
      - name: ZAP scan
        run: script/zap-script.sh
      - name: Archive production artifacts
        uses: actions/upload-artifact@v2
        with:
          name: zap report
          path: |
            ./zap_baseline_report.html