BCDA-8638: Migrate fhirscan to workflows #2554
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: BCDA CI Workflow | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- .github/workflows/opt-out-import-* | |
- optout/** | |
pull_request: | |
paths-ignore: | |
- .github/workflows/opt-out-import-* | |
- optout/** | |
env: | |
COMPOSE_INTERACTIVE_NO_CLI: 1 | |
VAULT_PW: ${{ secrets.VAULT_PW }} | |
jobs: | |
lint: | |
name: Modules Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Tidy modules | |
run: | | |
go mod tidy -v | |
CHANGES_FOUND=$(git diff-files --quiet) | |
if [[ "$(CHANGES_FOUND)" == "1" ]]; then | |
echo "Changes found. Run go mod tidy to clean up modules." | |
git diff | |
exit 1 | |
fi | |
build: | |
name: Build and Test | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_BUILDKIT: 1 | |
COMPOSE_DOCKER_CLI_BUILD: 1 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Decrypt secrets | |
run: | | |
echo $VAULT_PW > .vault_password | |
bash ops/secrets --decrypt | |
mv -fv shared_files/encrypted/* shared_files/decrypted/ | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Build the stack | |
run: | | |
make docker-bootstrap | |
- name: Run all tests | |
run: | | |
make test | |
- name: Archive code coverage results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: code-coverage-report | |
path: ./test_results/latest/testcoverage.out | |
sonar-quality-gate: | |
name: Sonarqube Quality Gate | |
needs: build | |
runs-on: self-hosted | |
steps: | |
- name: Download code coverage | |
uses: actions/download-artifact@v4 | |
with: | |
name: code-coverage-report | |
- name: Set env vars from AWS params | |
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | |
env: | |
AWS_REGION: ${{ vars.AWS_REGION }} | |
with: | |
params: | | |
SONAR_HOST_URL=/sonarqube/url | |
SONAR_TOKEN=/sonarqube/token | |
- name: Run quality gate scan | |
uses: sonarsource/sonarqube-scan-action@master | |
with: | |
args: | |
-Dsonar.projectKey=bcda-aco-api | |
-Dsonar.sources=. -Dsonar.go.coverage.reportPaths=./test_results/latest/testcoverage.out | |
-Dsonar.coverage.exclusions=**/*test.go,**/test/**/*,**/testUtils/*,**/scripts/*,**/ops/*,**/mock*.go | |
-Dsonar.branch.name=${{ github.event.pull_request.head.ref }} -Dsonar.projectVersion=${{ github.event.pull_request.head.sha }} |