-
Notifications
You must be signed in to change notification settings - Fork 0
101 lines (97 loc) · 4.36 KB
/
pr_scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Check Build and Anchore on PR
on:
pull_request:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
DOCKERFILE: Dockerfile.test-only
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
PROJECT_KEY: 'pagopa_eng-lollipop-consumer-java-sdk'
jobs:
pr_scan:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout project sources
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
with:
fetch-depth: 0
- name: Setup Gradle
uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
- name: Cache SonarCloud packages
uses: actions/cache@v1
with:
path: ~/.sonar-project.properties/cache
key: ${{ runner.os }}-sonar-project.properties
restore-keys: ${{ runner.os }}-sonar-project.properties
- name: Make gradlew executable
run: chmod +x ./gradlew
- name: Run build with Gradle Wrapper
run: ./gradlew build testCodeCoverageReport
- name: Add coverage to PR
id: jacoco
uses: madrapps/jacoco-report@7a334255fbce42f385d7567c25d986a9c62e2971
with:
paths: ${{ github.workspace }}/test-coverage/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
token: ${{ secrets.GITHUB_TOKEN }}
min-coverage-overall: 40
min-coverage-changed-files: 60
- name: Build the Docker image
run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
- name: Run the Anchore Grype scan action
uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7
id: scan
with:
image: "localbuild/testimage:latest"
fail-build: true
severity-cutoff: "high"
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Run Sonar Scanner on Pull Request
if: ${{ github.event_name == 'pull_request' }}
run: ./gradlew sonar --info
-Dsonar.organization=pagopa
-Dsonar.projectKey=${{ env.PROJECT_KEY }}
-Dsonar.coverage.jacoco.xmlReportPaths=**/test-coverage/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
-Dsonar.coverage.exclusions="**/config/*","**/*Mock*","**/model/**","**/entity/*","**/*Stub*","**/*Config*,**/*Exception*"
-Dsonar.cpd.exclusions="**/model/**,**/entity/**,**/simple/internal/**"
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.java.libraries="**/*.jar"
-Dsonar.login=${{ env.SONAR_TOKEN }}
-Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
-Dsonar.pullrequest.branch=${{ github.head_ref }}
-Dsonar.pullrequest.base=${{ github.base_ref }}
- name: Run Sonar Scanner
if: ${{ github.event_name != 'pull_request' }}
run: ./gradlew sonar --info
-Dsonar.organization=pagopa
-Dsonar.projectKey=${{ env.PROJECT_KEY }}
-Dsonar.coverage.jacoco.xmlReportPaths=**/test-coverage/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
-Dsonar.coverage.exclusions="**/config/*","**/*Mock*","**/model/**","**/entity/*","**/*Stub*","**/*Config*,**/*Exception*"
-Dsonar.cpd.exclusions="**/model/**,**/entity/**,**/simple/internal/**"
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.java.libraries="**/*.jar"
-Dsonar.login=${{ env.SONAR_TOKEN }}
-Dsonar.branch.name=${{ github.head_ref }}
- name: Publish to Maven Local
run: ./gradlew publishToMavenLocal
- name: Build Spring Sample
working-directory: ./samples/spring
run: chmod +x ./gradlew && ./gradlew bootJar
- name: Run Docker compose with .env.dev
run: docker compose --env-file e2e/.env.dev up -d --build --wait
- name: Sleep for 30 seconds
run: sleep 30s
shell: bash
- name: Install node modules and execute e2e tests
working-directory: ./e2e
run: npm install && npm run execute-test
- name: Shutdown docker compose
run: docker compose down