From 94f3c15c534ce06f94f8dbee1bfac0ba0d96f6eb Mon Sep 17 00:00:00 2001 From: Taylor Halfyard <87978430+TaylorHalf@users.noreply.github.com> Date: Thu, 15 Feb 2024 17:17:57 +0000 Subject: [PATCH] Added in the sonar scan job (#65) * Added in the sonar scan * removed my feature from push * updated the role session name --- .github/workflows/pr-plan.yml | 40 +++++++++++++++++++++++++++++++++++ package-lock.json | 17 +++++++++++++++ package.json | 3 ++- 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/pr-plan.yml diff --git a/.github/workflows/pr-plan.yml b/.github/workflows/pr-plan.yml new file mode 100644 index 0000000..15d1c4e --- /dev/null +++ b/.github/workflows/pr-plan.yml @@ -0,0 +1,40 @@ +name: PR-checks + +on: + push: + branches: ["develop"] + pull_request: + branches: ["develop"] + +jobs: + scanner: + permissions: + id-token: write + contents: write + pull-requests: write + runs-on: X64 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v4 + with: + node-version-file: ".nvmrc" + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CVS_MGMT_AWS_ROLE }} + aws-region: ${{ secrets.DVSA_AWS_REGION }} + role-session-name: "cvs-tsk-retro-gen-init" + - uses: aws-actions/aws-secretsmanager-get-secrets@v1 + with: + secret-ids: sonarqube-gha + parse-json-secrets: true + - name: Install dependencies + run: npm ci + - name: Run SonarQube scanner + run: | + npm run test && \ + npm run sonar-scanner -- \ + -Dsonar.host.url=${{ env.SONARQUBE_GHA_URL }} \ + -Dsonar.token=${{ env.SONARQUBE_GHA_TOKEN }} \ + -Dsonar.login=${{ env.SONARQUBE_GHA_TOKEN }} \ + -Dsonar.projectName=${{ github.repository }} \ + -Dsonar.projectVersion=1.0.${{ github.run_id }} \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index b1ec510..e02944e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,6 +32,7 @@ "serverless": "^2.45.0", "serverless-plugin-tracing": "^2.0.0", "serverless-plugin-typescript": "^1.1.9", + "sonar-scanner": "^3.1.0", "ts-jest": "^29.1.1", "ts-node-register": "^1.0.0", "tslint": "^5.20.1", @@ -13989,6 +13990,16 @@ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", "dev": true }, + "node_modules/sonar-scanner": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/sonar-scanner/-/sonar-scanner-3.1.0.tgz", + "integrity": "sha512-KD7W3wHCKJKAakhn8ckxNYTxkdb1cnJa3ot0NVvO8CCeJjb0yvF0fW2yGdI09zMHsqxCRsl4dLtyCL2SUv47WA==", + "dev": true, + "hasInstallScript": true, + "bin": { + "sonar-scanner": "index.js" + } + }, "node_modules/sort-keys": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-1.1.2.tgz", @@ -27293,6 +27304,12 @@ } } }, + "sonar-scanner": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/sonar-scanner/-/sonar-scanner-3.1.0.tgz", + "integrity": "sha512-KD7W3wHCKJKAakhn8ckxNYTxkdb1cnJa3ot0NVvO8CCeJjb0yvF0fW2yGdI09zMHsqxCRsl4dLtyCL2SUv47WA==", + "dev": true + }, "sort-keys": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-1.1.2.tgz", diff --git a/package.json b/package.json index 27661ef..afd2b15 100644 --- a/package.json +++ b/package.json @@ -52,6 +52,7 @@ "serverless": "^2.45.0", "serverless-plugin-tracing": "^2.0.0", "serverless-plugin-typescript": "^1.1.9", + "sonar-scanner": "^3.1.0", "ts-jest": "^29.1.1", "ts-node-register": "^1.0.0", "tslint": "^5.20.1", @@ -69,4 +70,4 @@ "pre-push": "npm run prepush" } } -} \ No newline at end of file +}