generated from CDCgov/template
-
Notifications
You must be signed in to change notification settings - Fork 40
149 lines (128 loc) · 5.51 KB
/
sonarcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: SonarCloud
on:
workflow_dispatch:
push:
branches:
- master
pull_request:
branches:
- master
paths:
- "prime-router/**"
- "frontend-react/**"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
# These are for CI and not credentials of any system
DB_USER: prime
DB_PASSWORD: changeIT!
jobs:
sonarcloud:
if: github.actor != 'dependabot[bot]'
name: "SonarCloud/CodeQL scan"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ["java-kotlin"]
steps:
- name: Increase swapfile
run: |
sudo swapoff -a
sudo fallocate -l 15G /mnt/swapfile
sudo chmod 600 /mnt/swapfile
sudo mkswap /mnt/swapfile
sudo swapon /mnt/swapfile
sudo swapon --show
- name: "Check out everything"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2
- name: "Get changed files with yaml"
id: changed-files-yaml
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275
with:
files_yaml: |
frontend:
- 'frontend-react/**'
backend:
- 'prime-router/**'
- name: Set up JDK 17
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018
with:
java-version: "17"
distribution: "temurin"
cache: "gradle"
- name: Gradle setup
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
- name: Spin up build containers
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
working-directory: prime-router
run: docker compose -f docker-compose.postgres.yml up -d
- name: Initialize CodeQL
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Build Prime Router Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: ./gradlew -Dorg.gradle.jvmargs="-Xmx6g" :prime-router:package -x fatjar
shell: bash
- name: Build Submissions Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/build-submissions
- name: Perform Java CodeQL Analysis
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/analyze@v3
- name: Use Node.js with yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
with:
node-version-file: "frontend-react/.nvmrc"
- name: Yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
run: yarn install
working-directory: frontend-react
- name: Frontend Coverage
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: |
cd frontend-react
yarn run test:ci
shell: bash
- name: Run SonarCloud Scan master or full
if: ( steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' ) || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/sonarcloud
with:
scan-level: default
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan frontened
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'false' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: frontend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan backend
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'false' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: backend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}