Add SonarQube integration and unit testing setup

.dockerignore

@@ -4,6 +4,7 @@
 
 # Node.js dependencies
 node_modules
+coverage
 npm-debug.log
 yarn-debug.log
 yarn-error.log

.github/workflows/code-quality.yml

@@ -63,4 +63,53 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: docker-scan-results.sarif
-          category: docker-scout 
+          category: docker-scout
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Create coverage directory
+        run: mkdir -p website/coverage
+
+      - name: Build app image
+        run: docker compose -f docker-compose.yml -f docker-compose.override.yml build
+
+      - name: Run tests
+        run: docker compose -f docker-compose.yml -f docker-compose.override.yml run --rm apostrophe npm run test -- --coverage
+
+      - name: Save coverage report
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: website/coverage/lcov.info
+
+  sonarqube:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor != 'dependabot[bot]' }}
+    needs: unit-tests
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Download coverage report
+        uses: actions/download-artifact@v4
+        with:
+          name: coverage-report
+
+      - name: SonarQube Scan
+        uses: sonarsource/[email protected]
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: SonarQube Quality Gate check
+        uses: sonarsource/[email protected]
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Dockerfile

@@ -10,15 +10,15 @@ RUN apk add --no-cache wget=1.25.0-r0
 RUN addgroup -S appgroup && adduser -S appuser -G appgroup
 
 # Copy package files for efficient caching
-COPY website/package.json website/package-lock.json* ./
+COPY website/ ./
 
 # Install dependencies with specific flags for production
 RUN npm ci && \
     # Clean npm cache to reduce image size
     npm cache clean --force
 
 # Copy the rest of the application
-COPY website/ ./
+
 
 # Set proper ownership
 RUN chown -R appuser:appgroup /app

docker-compose.override.yml

@@ -4,6 +4,7 @@ services:
   apostrophe:
     # In development mode, use nodemon instead of normal start
     command: npm run dev
+    user: root
     environment:
       - NODE_ENV=development
       - REDIS_URI=redis://redis:6379

docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 services:
   # Apostrophe CMS web application
   apostrophe:
@@ -13,9 +11,8 @@ services:
       - NODE_ENV=development
       - MONGODB_URI=mongodb://mongodb:27017/apostrophe
       - SESSION_SECRET=change_this_to_a_secure_secret
-    volumes:
-      - ./website:/app
-      - /app/node_modules
+
+    command: ["npm", "start"]
     depends_on:
       - mongodb
     restart: unless-stopped
@@ -25,6 +22,8 @@ services:
       timeout: 5s
       retries: 3
       start_period: 15s
+    # Command to run tests: docker compose run --rm apostrophe npm run test
+    # Command to run tests with coverage: docker compose run --rm apostrophe npm run test -- --coverage
 
   # MongoDB database
   mongodb:
@@ -76,4 +75,4 @@ services:
 
 volumes:
   mongodb_data:
-  redis_data: 
+  redis_data:

sonar-project.properties

@@ -0,0 +1,8 @@
+sonar.organization=speedandfunction
+sonar.projectKey=speedandfunction_website
+sonar.sources=website
+
+sonar.javascript.lcov.reportPaths=lcov.info
+sonar.coverage.exclusions=
+
+sonar.exclusions=