.github/workflows/build.yml

name: Build

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  workflow_dispatch:

jobs:
  setup:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [ 18 ]
    steps:
      - uses: actions/checkout@v3
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}

  cache:
    needs: setup
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Cache SonarCloud packages
        uses: actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Cache npm dependencies
        uses: actions/cache@v3
        with:
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-node-

  build_test:
    needs: sonar
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install packages
        run: npm ci
      - name: Build
        run: npm run build --if-present
      - name: Test
        run: npm test
        env:
          BLINKPAY_DEBIT_URL: ${{ vars.DEBIT_URL }}
          BLINKPAY_CLIENT_ID: ${{ vars.CLIENT_ID }}
          BLINKPAY_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}

  snyk:
    needs: cache
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install packages
        run: npm ci
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/node@0.4.0
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
          SNYK_ORG: blinkpay-zw9
          SNYK_PROJECT_NAME: blink-debit-api-client-node
        continue-on-error: true

  sonar:
    needs: snyk
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Cache SonarQube packages
        uses: actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: |
            ${{ runner.os }}-sonar
      - name: Run Sonar
        uses: sonarsource/sonarqube-scan-action@v1.2.0
        with:
          projectBaseDir: .
          args: >
            -Dsonar.host.url=https://sonarcloud.io
            -Dsonar.projectKey=blink-debit-api-client-node
            -Dsonar.organization=blinkpay
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: https://sonarcloud.io
        continue-on-error: true