diff --git a/CODEOWNERS b/.github/CODEOWNERS similarity index 100% rename from CODEOWNERS rename to .github/CODEOWNERS diff --git a/.github/scripts/lintEditedFiles.sh b/.github/scripts/lintEditedFiles.sh new file mode 100644 index 0000000..9d5505d --- /dev/null +++ b/.github/scripts/lintEditedFiles.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +set -o pipefail +git fetch origin main +echo "Fetched" + +# Use a conditional to check if there are edited files +if EDITED_FILES=$(git diff HEAD origin/main --name-only --diff-filter=d | grep "\.swift" | grep -v "\.swiftlint\.yml" | xargs echo | tr ' ' ','); then + echo "Got edited files" + echo $EDITED_FILES + + # Check if EDITED_FILES is empty or null + if [ -z "$EDITED_FILES" ]; then + echo "No edited .swift files found." + else + swiftlint lint $EDITED_FILES | sed -E -n 's/^(.*):([0-9]+):([0-9]+): error: (.*)/::error file=\1,line=\2,col=\3::\4\n\1:\2:\3/p' + fi +else + echo "No changes in .swift files found." +fi diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..ef577b2 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,54 @@ +name: "Run CodeQL" + +on: + push: + branches: + - 'main' + - 'develop' + - 'release/*' + pull_request: + # The branches below must be a subset of the branches above + branches: + - 'main' + - 'develop' + - 'release/*' + schedule: + - cron: '34 2 * * 0' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + analyze: + name: Analyze + runs-on: [ macos-latest ] + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'swift' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + submodules: recursive + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: security-and-quality + + - name: Build + run: | + xcodebuild -scheme CheckoutNetwork -destination "platform=iOS Simulator,name=iPhone 14 Pro,OS=latest" + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/verify-pr.yml b/.github/workflows/verify-pr.yml new file mode 100644 index 0000000..7118ef2 --- /dev/null +++ b/.github/workflows/verify-pr.yml @@ -0,0 +1,37 @@ +name: "Verify PR" + +on: + pull_request: + branches: + - 'main' + - 'develop' + - 'release/*' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + lint: + name: SwiftLint + runs-on: macos-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Lint Edited Files + run: bash .github/scripts/lintEditedFiles.sh + + verify-pr: + name: Verify PR + runs-on: macos-latest + needs: lint + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Build + run: | + set -o pipefail && xcodebuild -scheme CheckoutNetwork -destination "platform=iOS Simulator,name=iPhone 14 Pro,OS=latest" diff --git a/Scripts/runSonarQube.sh b/Scripts/runSonarQube.sh deleted file mode 100755 index 9943696..0000000 --- a/Scripts/runSonarQube.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -export SONAR_SCANNER_VERSION=4.7.0.2747 -export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-macosx -curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-macosx.zip -unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ -export PATH=$SONAR_SCANNER_HOME/bin:$PATH -export SONAR_SCANNER_OPTS="-server" - -sonar-scanner \ - -Dsonar.projectKey=checkout_NetworkClient-iOS_AYhsdjYEfXz2nF6wDAnO \ - -Dsonar.sources=. \ - -Dsonar.c.file.suffixes=- \ - -Dsonar.cpp.file.suffixes=- \ - -Dsonar.objc.file.suffixes=- \ - -Dsonar.coverage.exclusions=Tests/** \ - -Dsonar.host.url=https://sonarqube-ext.mgmt.ckotech.co diff --git a/bitrise.yml b/bitrise.yml deleted file mode 100644 index 2947b91..0000000 --- a/bitrise.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -format_version: '11' -default_step_lib_source: https://github.com/bitrise-io/bitrise-steplib.git -project_type: other - -workflows: - -### MARK: Basic Workflows - # Ensure unit tests are passing - Prepare_environment: - steps: - - activate-ssh-key@4: - run_if: '{{getenv "SSH_RSA_PRIVATE_KEY" | ne ""}}' - - git-clone@6: {} - - Run_unit_tests: - steps: - - script@1: - title: Run unit tests - inputs: - - content: |- - xcodebuild test \ - -sdk iphonesimulator \ - -destination "platform=iOS Simulator,name=iPhone 14" \ - -scheme "CheckoutNetwork" \ - | xcpretty \ - && exit ${PIPESTATUS[0]} - - Run_sonar: - steps: - - script@1: - title: Install and run SonarQube - inputs: - - content: |- - chmod 755 ./Scripts/runSonarQube.sh - ./Scripts/runSonarQube.sh - -### MARK: Merged Workflows - UnitTestPipeline: - before_run: - - Prepare_environment - after_run: - - Run_unit_tests - - SonarQubePipeline: - before_run: - - Prepare_environment - after_run: - - Run_sonar - -meta: - bitrise.io: - stack: osx-xcode-14.3.x-ventura - machine_type_id: g2-m1.4core - -### MARK: Automatic triggers -# Only the first trigger is detected, so the order is very important !!! -trigger_map: - # On each pull request run unit tests -- pull_request_source_branch: '*' - pull_request_target_branch: '*' - workflow: UnitTestPipeline