generated from CDCgov/template
-
Notifications
You must be signed in to change notification settings - Fork 41
153 lines (131 loc) · 5.7 KB
/
sonarcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: SonarCloud
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
branches:
- main
paths:
- "prime-router/**"
- "frontend-react/**"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
# These are for CI and not credentials of any system
DB_USER: prime
DB_PASSWORD: changeIT!
jobs:
sonarcloud:
if: github.actor != 'dependabot[bot]'
name: "SonarCloud/CodeQL scan"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ["java-kotlin"]
steps:
- name: Increase swapfile
run: |
sudo swapoff -a
sudo fallocate -l 15G /mnt/swapfile
sudo chmod 600 /mnt/swapfile
sudo mkswap /mnt/swapfile
sudo swapon /mnt/swapfile
sudo swapon --show
- name: "Check out everything"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
with:
fetch-depth: 0
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2
- name: "Get changed files with yaml"
id: changed-files-yaml
uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c
with:
files_yaml: |
frontend:
- 'frontend-react/**'
backend:
- 'prime-router/**'
- name: Set up JDK 17
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73
with:
java-version: "17"
distribution: "temurin"
cache: "gradle"
- name: Gradle setup
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
- name: Spin up build containers
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
working-directory: prime-router
run: docker compose -f docker-compose.postgres.yml up -d
- name: Initialize CodeQL
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Build Prime Router Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: ./gradlew -Dorg.gradle.jvmargs="-Xmx6g" :prime-router:package -x fatjar
shell: bash
- name: Build Submissions Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/build-submissions
- name: Build Auth Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/build-auth
- name: Perform Java CodeQL Analysis
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/analyze@v3
- name: Use Node.js with yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
with:
node-version-file: "frontend-react/.nvmrc"
- name: Yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
run: yarn install
working-directory: frontend-react
- name: Frontend Coverage
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: |
cd frontend-react
yarn run test:ci
shell: bash
- name: Run SonarCloud Scan main or full
if: ( steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' ) || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/sonarcloud
with:
scan-level: default
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan frontened
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'false' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: frontend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan backend
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'false' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: backend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}