Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
84b9af9
[NRL-1922] Generate coverage report when running unit tests. Fixup so…
mattdean3-nhs Feb 13, 2026
00bbefa
[NRL-1922] Add new workflow for PR checks
mattdean3-nhs Feb 13, 2026
b7230f1
[NRL-1922] Remove unused sonarcloud url config
mattdean3-nhs Feb 13, 2026
3980a11
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
f6f4dd3
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
094192f
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
17f9f31
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
3d5f28d
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
3c44d1b
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
2767b3d
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
db55f84
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
31faaf5
[NRL-1922] Fix pr-checks workflow issues
mattdean3-nhs Feb 13, 2026
1437ffc
[NRL-1922] Remove placeholder comments from pr-checks workflow
mattdean3-nhs Feb 13, 2026
64db9ff
[NRL-1922] Set relative flag for coverage config. Rename workflow jobs
mattdean3-nhs Feb 20, 2026
8e9587f
[NRL-1922] WIP add some workflow debug
mattdean3-nhs Feb 20, 2026
3189872
[NRL-1922] Explicitly call our sonar sources and tests paths
mattdean3-nhs Feb 20, 2026
7fa8b1b
[NRL-1922] Explicitly call our sonar sources and tests paths
mattdean3-nhs Feb 20, 2026
709e704
[NRL-1922] Remove debug from pr-checks. Add linting to build job
mattdean3-nhs Feb 24, 2026
27243cf
[NRL-1922] Add sonarqube scan to daily build. Trigger it on every pus…
mattdean3-nhs Feb 24, 2026
8a60b37
[NRL-1922] Move workflow permissions from top-level to job-level
mattdean3-nhs Feb 24, 2026
7e81f3d
Merge branch 'develop' into feature/made14-NRL-1922-sonarcloud-config…
mattdean3-nhs Feb 24, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 44 additions & 8 deletions .github/workflows/daily-build.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
name: Build NRL Project on Environment
run-name: Build NRL Project on ${{ inputs.environment || 'dev' }}
permissions:
id-token: write
contents: read
actions: write

on:
push:
branches:
- develop
schedule:
- cron: "0 1 * * *"
workflow_dispatch:
Expand All @@ -18,8 +17,12 @@ on:

jobs:
build:
name: Build - ${{ github.ref }}
name: Build and test - ${{ github.ref }}
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
permissions:
contents: read
actions: write
id-token: write

steps:
- name: Git clone - ${{ github.ref }}
Expand All @@ -35,12 +38,12 @@ jobs:
- name: Run Linting
run: make lint

- name: Run Unit Tests
run: make test

- name: Build Project
run: make build

- name: Run Unit Tests
run: make test

- name: Configure Management Credentials
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1
with:
Expand All @@ -60,10 +63,43 @@ jobs:
name: build-artifacts
path: |
dist/*.zip
dist/test-coverage.xml
!dist/nrlf_permissions.zip

- name: Save NRLF Permissions cache
uses: actions/cache/save@v4
with:
key: ${{ github.run_id }}-nrlf-permissions
path: dist/nrlf_permissions.zip

sonar:
name: SonarQube scan
runs-on: ubuntu-latest
needs: build
environment: pull-request
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}

- name: Get build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist

- name: SonarQube scan
uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

- name: SonarQube quality gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0
with:
pollingTimeoutSec: 600
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
73 changes: 73 additions & 0 deletions .github/workflows/pr-checks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Run PR checks
run-name: "Running checks for PR #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})"

on:
pull_request:
types: [opened, reopened, synchronize]

jobs:
build:
name: Build and test
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
environment: pull-request
permissions:
contents: read
actions: write

steps:
- name: Git clone - ${{ github.ref }}
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}

- name: Setup environment
run: |
echo "${HOME}/.asdf/bin" >> $GITHUB_PATH
poetry install --no-root

- name: Lint
run: make lint

- name: Build
run: make build

- name: Test
run: make test

- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: dist

sonar:
name: SonarQube scan
runs-on: ubuntu-latest
needs: build
environment: pull-request
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}

- name: Get build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist

- name: SonarQube scan
uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

- name: SonarQube quality gate check
id: sonarqube-quality-gate-check
uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0
with:
pollingTimeoutSec: 600
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ MAKEFLAGS := --no-print-directory
SHELL := /bin/bash

DIST_PATH ?= ./dist
TEST_ARGS ?= --cov --cov-report=term-missing
TEST_ARGS ?= --cov --cov-report=term-missing --cov-report=xml:$(DIST_PATH)/test-coverage.xml
SMOKE_TEST_ARGS ?=
FEATURE_TEST_ARGS ?= ./tests/features --format progress2
TF_WORKSPACE_NAME ?= $(shell terraform -chdir=terraform/infrastructure workspace show)
Expand Down
1 change: 1 addition & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ docstring-code-format = true
docstring-code-line-length = 80

[tool.coverage.run]
relative_files = true
branch = true
omit = [
"*/tests/*",
Expand Down
19 changes: 10 additions & 9 deletions sonar-project.properties
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
sonar.projectKey=NHSDigital_NRLF
sonar.organization=nhsdigital
sonar.projectName=NRLF
sonar.python.version=3.9.5
sonar.terraform.provider.aws.version=4.63.0
# TODO: Some paths here are outdated and perhaps we don't want to exclude everything
sonar.cpd.exclusions=api/tests/**, tests/**, api/**/tests/**, feature_tests/**, cron/seed_sandbox/tests/**, data_contracts/**/tests/**, firehose/**/tests/**, firehose/**/scripts/**, helpers/tests/**, mi/**/tests/**
sonar.exclusions=scripts/**, **/scripts/**, api/tests/**, tests/**, api/**/tests/**, feature_tests/**, cron/seed_sandbox/tests/**, data_contracts/**/tests/**, firehose/**/tests/**, firehose/**/scripts/**, helpers/tests/**, mi/**/tests/**

# Exclude snomed urls as being unsafe
sonar.issue.ignore.multicriteria=exclude_snomed_urls
sonar.issue.ignore.multicriteria.exclude_snomed_urls.ruleKey=python:S5332
sonar.issue.ignore.multicriteria.exclude_snomed_urls.pattern=**http://snomed\.info(/sct)?**
sonar.python.version=3.12

sonar.sources=.
sonar.exclusions=scripts/**
sonar.tests=.
sonar.tests.inclusions=**/tests/**
sonar.coverage.exclusions=scripts/**, tests/**, **/tests/**
sonar.cpd.exclusions=tests/**, **/tests/**

sonar.python.coverage.reportPaths=dist/test-coverage.xml