Intro

Whenever I start a new project, I often use a specific workflow to make the most out of my development speed. Whether it’s a frontend project, or a backend project, I use a similar template for each project.

Tooling

I normally use GitHub as my go-to SCM. Depending on the type of project, I start out with adding specific GitHub Actions. If it’s a project that i want to deploy (on NPM), I use the release-please GitHub Action..

Dependabot

I use Dependabot to create auto pull requests whenever a dependency has a version update.

SonarCloud

For code quality, I make use of SonarCloud.

My sonar-project.properties in the root of my project looks like this:

1
2
3
4

sonar.projectKey=[PROJECT_KEY]
sonar.organization=[ORGANIZATION]
sonar.javascript.lcov.reportPAths=./coverage/lcov.info
sonar.coverage.exclusions=/tests/**

I normally set up SonarCloud to be CI-driven, because i want to display the Code Coverage.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

name: Build
on:
 push:
   branches:
     - master
 pull_request:
   types: [opened, synchronize, reopened]
jobs:
  sonarcloud:
    name: SonarCloud
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0 
      - name: Install dependencies
        run: npm ci
      - name: Test and coverage
        run: npm jest --coverage
      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets. SONARCLOUD_TOKEN }}

Allstar

Once this is setup, I add a Branch Protection Rule on main which blocks direct commits. I’m using Allstar as a GitHub app that forces me to add specific protection settings. You can see my Allstar configuration here.