CNFT1-3612 API: New patient- Extended: General patient information: Primary Language: English #4432

Workflow file for this run

	# This workflow is used to perform static code analysis on a gradle build

	name: "Sonar Scanner"

	on:
	workflow_call:
	secrets:
	CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID:
	description: "Secret named CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID where ECR resides."
	required: true
	PASSED_GITHUB_TOKEN:
	description: "Secret named GITHUB_TOKEN that references the github token for this repository."
	required: true
	SONAR_TOKEN:
	description: "Secret named SONAR_TOKEN that references the sonar token secret corresponding to the project in sonarcloud."
	required: true
	DATABASE_USER:
	description: "Secret named DATABASE_USER that references the test database container default username"
	required: true
	DATABASE_PASSWORD:
	description: "Secret named DATABASE_PASSWORD that references the test database container default password"
	required: true
	TOKEN_SECRET:
	description: "Secret named TOKEN_SECRET that references a default JWT token key"
	required: true
	PARAMETER_SECRET:
	description: "Secret named PARAMETER_SECRET that references a default key for encrypting search parameters"
	required: true
	pull_request:
	paths:
	- "apps/**"
	- "!apps/modernization-ui/**"
	- "libs/**"
	- "build.gradle"
	- "settings.gradle"
	- "gradle/**"
	- ".github/workflows/sonar.yaml"
	env:
	deployment_env: dev
	accountid: ${{secrets.CDC_NBS_SANDBOX_SHARED_SERVICES_ACCOUNTID}}
	passed_github_token: ${{secrets.PASSED_GITHUB_TOKEN}}
	sonar_token: ${{secrets.SONAR_TOKEN}}
	test_database_user: ${{secrets.DATABASE_USER}}
	test_database_password: ${{secrets.DATABASE_PASSWORD}}
	token_secret: ${{secrets.TOKEN_SECRET}}
	parameter_secret: ${{secrets.PARAMETER_SECRET}}

	jobs:
	pipeline:
	name: Build and analyze
	runs-on: ubuntu-latest

	permissions:
	id-token: write
	contents: read

	steps:
	- uses: actions/checkout@v2
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

	- name: Set up JDK 21
	uses: actions/setup-java@v4
	with:
	distribution: "temurin"
	java-version: "21"

	- name: Cache Gradle packages
	uses: actions/cache@v1
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle

	- name: Configure Environment Variables
	run: \|
	github_repo_name="$(echo $GITHUB_REPOSITORY \| cut -d'/' -f2)"
	echo "github_repo_name=$github_repo_name" >> $GITHUB_ENV

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	role-to-assume: "arn:aws:iam::${{ env.accountid }}:role/cdc-github-${{ env.github_repo_name }}-${{ env.deployment_env }}-role"
	aws-region: us-east-1

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1

	- name: Login to ECR docker registry
	uses: docker/login-action@v2
	with:
	registry: ${{ env.accountid }}.dkr.ecr.us-east-1.amazonaws.com

	- name: Build and analyze
	working-directory: ./
	env:
	GITHUB_TOKEN: ${{ env.passed_github_token }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ env.sonar_token }}
	DATABASE_USER: ${{env.test_database_user}}
	DATABASE_PASSWORD: ${{ env.test_database_password }}
	TOKEN_SECRET: ${{ env.token_secret }}
	PARAMETER_SECRET: ${{ env.parameter_secret }}
	run: ./gradlew clean build codeCoverageReport sonar -Dtesting.database.image=${{ env.accountid }}.dkr.ecr.us-east-1.amazonaws.com/cdc-nbs-modernization/modernization-test-db:530af60

	- name: Zip test report
	run: zip -r test-report.zip ./build/reports/*

	- name: Publish Testing Reports
	uses: actions/upload-artifact@v4
	with:
	name: testing
	path: ./test-report.zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CNFT1-3612 API: New patient- Extended: General patient information: Primary Language: English #4432

Workflow file

CNFT1-3612 API: New patient- Extended: General patient information: Primary Language: English #4432

Jobs

Run details

Workflow file for this run