Skip to content

Platform/david navapbc/21nov24/dependabot #9836

Platform/david navapbc/21nov24/dependabot

Platform/david navapbc/21nov24/dependabot #9836

Workflow file for this run

name: SonarCloud
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
branches:
- main
paths:
- "prime-router/**"
- "frontend-react/**"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
# These are for CI and not credentials of any system
DB_USER: prime
DB_PASSWORD: changeIT!
jobs:
sonarcloud:
if: github.actor != 'dependabot[bot]'
name: "SonarCloud/CodeQL scan"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ["java-kotlin"]
steps:
- name: Increase swapfile
run: |
sudo swapoff -a
sudo fallocate -l 15G /mnt/swapfile
sudo chmod 600 /mnt/swapfile
sudo mkswap /mnt/swapfile
sudo swapon /mnt/swapfile
sudo swapon --show
- name: "Check out everything"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
with:
fetch-depth: 0
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2
- name: "Get changed files with yaml"
id: changed-files-yaml
uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c
with:
files_yaml: |
frontend:
- 'frontend-react/**'
backend:
- 'prime-router/**'
- name: Set up JDK 17
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73
with:
java-version: "17"
distribution: "temurin"
cache: "gradle"
- name: Gradle setup
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808
- name: Spin up build containers
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
working-directory: prime-router
run: docker compose -f docker-compose.postgres.yml up -d
- name: Initialize CodeQL
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Build Prime Router Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: ./gradlew -Dorg.gradle.jvmargs="-Xmx6g" :prime-router:package -x fatjar
shell: bash
- name: Build Submissions Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/build-submissions
- name: Build Auth Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/build-auth
- name: Perform Java CodeQL Analysis
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/analyze@v3
- name: Use Node.js with yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6
with:
node-version-file: "frontend-react/.nvmrc"
- name: Yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
run: yarn install
working-directory: frontend-react
- name: Frontend Coverage
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: |
cd frontend-react
yarn run test:ci
shell: bash
- name: Run SonarCloud Scan main or full
if: ( steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' ) || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/sonarcloud
with:
scan-level: default
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan frontened
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'false' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: frontend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan backend
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'false' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: backend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}