diff --git a/.github/workflows/daily-build.yml b/.github/workflows/daily-build.yml index f7c84d787..2a74d63fd 100644 --- a/.github/workflows/daily-build.yml +++ b/.github/workflows/daily-build.yml @@ -1,11 +1,10 @@ name: Build NRL Project on Environment run-name: Build NRL Project on ${{ inputs.environment || 'dev' }} -permissions: - id-token: write - contents: read - actions: write on: + push: + branches: + - develop schedule: - cron: "0 1 * * *" workflow_dispatch: @@ -18,8 +17,12 @@ on: jobs: build: - name: Build - ${{ github.ref }} + name: Build and test - ${{ github.ref }} runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} + permissions: + contents: read + actions: write + id-token: write steps: - name: Git clone - ${{ github.ref }} @@ -35,12 +38,12 @@ jobs: - name: Run Linting run: make lint - - name: Run Unit Tests - run: make test - - name: Build Project run: make build + - name: Run Unit Tests + run: make test + - name: Configure Management Credentials uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1 with: @@ -60,6 +63,7 @@ jobs: name: build-artifacts path: | dist/*.zip + dist/test-coverage.xml !dist/nrlf_permissions.zip - name: Save NRLF Permissions cache @@ -67,3 +71,35 @@ jobs: with: key: ${{ github.run_id }}-nrlf-permissions path: dist/nrlf_permissions.zip + + sonar: + name: SonarQube scan + runs-on: ubuntu-latest + needs: build + environment: pull-request + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Get build artifacts + uses: actions/download-artifact@v4 + with: + name: build-artifacts + path: dist + + - name: SonarQube scan + uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: SonarQube quality gate check + id: sonarqube-quality-gate-check + uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0 + with: + pollingTimeoutSec: 600 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml new file mode 100644 index 000000000..ad5b9e56e --- /dev/null +++ b/.github/workflows/pr-checks.yml @@ -0,0 +1,73 @@ +name: Run PR checks +run-name: "Running checks for PR #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" + +on: + pull_request: + types: [opened, reopened, synchronize] + +jobs: + build: + name: Build and test + runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} + environment: pull-request + permissions: + contents: read + actions: write + + steps: + - name: Git clone - ${{ github.ref }} + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Setup environment + run: | + echo "${HOME}/.asdf/bin" >> $GITHUB_PATH + poetry install --no-root + + - name: Lint + run: make lint + + - name: Build + run: make build + + - name: Test + run: make test + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: build-artifacts + path: dist + + sonar: + name: SonarQube scan + runs-on: ubuntu-latest + needs: build + environment: pull-request + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Get build artifacts + uses: actions/download-artifact@v4 + with: + name: build-artifacts + path: dist + + - name: SonarQube scan + uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: SonarQube quality gate check + id: sonarqube-quality-gate-check + uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0 + with: + pollingTimeoutSec: 600 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/Makefile b/Makefile index 394150e3a..8b44ad164 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ MAKEFLAGS := --no-print-directory SHELL := /bin/bash DIST_PATH ?= ./dist -TEST_ARGS ?= --cov --cov-report=term-missing +TEST_ARGS ?= --cov --cov-report=term-missing --cov-report=xml:$(DIST_PATH)/test-coverage.xml SMOKE_TEST_ARGS ?= FEATURE_TEST_ARGS ?= ./tests/features --format progress2 TF_WORKSPACE_NAME ?= $(shell terraform -chdir=terraform/infrastructure workspace show) diff --git a/pyproject.toml b/pyproject.toml index 322d3a8b1..4e8612ad6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -86,6 +86,7 @@ docstring-code-format = true docstring-code-line-length = 80 [tool.coverage.run] +relative_files = true branch = true omit = [ "*/tests/*", diff --git a/sonar-project.properties b/sonar-project.properties index cac876215..746c4e678 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,13 +1,14 @@ sonar.projectKey=NHSDigital_NRLF sonar.organization=nhsdigital sonar.projectName=NRLF -sonar.python.version=3.9.5 -sonar.terraform.provider.aws.version=4.63.0 -# TODO: Some paths here are outdated and perhaps we don't want to exclude everything -sonar.cpd.exclusions=api/tests/**, tests/**, api/**/tests/**, feature_tests/**, cron/seed_sandbox/tests/**, data_contracts/**/tests/**, firehose/**/tests/**, firehose/**/scripts/**, helpers/tests/**, mi/**/tests/** -sonar.exclusions=scripts/**, **/scripts/**, api/tests/**, tests/**, api/**/tests/**, feature_tests/**, cron/seed_sandbox/tests/**, data_contracts/**/tests/**, firehose/**/tests/**, firehose/**/scripts/**, helpers/tests/**, mi/**/tests/** -# Exclude snomed urls as being unsafe -sonar.issue.ignore.multicriteria=exclude_snomed_urls -sonar.issue.ignore.multicriteria.exclude_snomed_urls.ruleKey=python:S5332 -sonar.issue.ignore.multicriteria.exclude_snomed_urls.pattern=**http://snomed\.info(/sct)?** +sonar.python.version=3.12 + +sonar.sources=. +sonar.exclusions=scripts/** +sonar.tests=. +sonar.tests.inclusions=**/tests/** +sonar.coverage.exclusions=scripts/**, tests/**, **/tests/** +sonar.cpd.exclusions=tests/**, **/tests/** + +sonar.python.coverage.reportPaths=dist/test-coverage.xml