Skip to content

Merge pull request #15793 from CDCgov/experience/15612/re-re-reenable… #8647

Merge pull request #15793 from CDCgov/experience/15612/re-re-reenable…

Merge pull request #15793 from CDCgov/experience/15612/re-re-reenable… #8647

Workflow file for this run

name: SonarCloud
on:
workflow_dispatch:
push:
branches:
- master
pull_request:
branches:
- master
paths:
- "prime-router/**"
- "frontend-react/**"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
# These are for CI and not credentials of any system
DB_USER: prime
DB_PASSWORD: changeIT!
jobs:
sonarcloud:
if: github.actor != 'dependabot[bot]'
name: "SonarCloud/CodeQL scan"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: ["java-kotlin"]
steps:
- name: Increase swapfile
run: |
sudo swapoff -a
sudo fallocate -l 15G /mnt/swapfile
sudo chmod 600 /mnt/swapfile
sudo mkswap /mnt/swapfile
sudo swapon /mnt/swapfile
sudo swapon --show
- name: "Check out everything"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2
- name: "Get changed files with yaml"
id: changed-files-yaml
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275
with:
files_yaml: |
frontend:
- 'frontend-react/**'
backend:
- 'prime-router/**'
- name: Set up JDK 17
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88
with:
java-version: "17"
distribution: "temurin"
cache: "gradle"
- name: Gradle setup
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: gradle/actions/setup-gradle@16bf8bc8fe830fa669c3c9f914d3eb147c629707
- name: Spin up build containers
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
working-directory: prime-router
run: docker compose -f docker-compose.postgres.yml up -d
- name: Initialize CodeQL
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Build Prime Router Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: ./gradlew -Dorg.gradle.jvmargs="-Xmx6g" :prime-router:package -x fatjar
shell: bash
- name: Build Submissions Package
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/build-submissions
- name: Perform Java CodeQL Analysis
if: steps.changed-files-yaml.outputs.backend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: github/codeql-action/analyze@v3
- name: Use Node.js with yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
with:
node-version-file: "frontend-react/.nvmrc"
- name: Yarn
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
run: yarn install
working-directory: frontend-react
- name: Frontend Coverage
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/retry
with:
timeout_minutes: 30
max_attempts: 2
retry_wait_seconds: 30
command: |
cd frontend-react
yarn run test:ci
shell: bash
- name: Run SonarCloud Scan master or full
if: ( steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' ) || steps.branch-name.outputs.is_default == 'true'
uses: ./.github/actions/sonarcloud
with:
scan-level: default
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan frontened
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'true' && steps.changed-files-yaml.outputs.backend_any_changed == 'false' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: frontend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: Run SonarCloud Scan backend
if: steps.changed-files-yaml.outputs.frontend_any_changed == 'false' && steps.changed-files-yaml.outputs.backend_any_changed == 'true' && steps.branch-name.outputs.is_default == 'false'
uses: ./.github/actions/sonarcloud
with:
scan-level: backend
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}