diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml new file mode 100644 index 000000000..823508792 --- /dev/null +++ b/.github/workflows/pr-checks.yml @@ -0,0 +1,75 @@ +name: Run PR checks +run-name: "Running checks for PR #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" + +on: + pull_request: + types: [opened, reopened, synchronize] + +jobs: + build: + name: Build and test + runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} + environment: pull-request + permissions: + contents: read + actions: write + + steps: + - name: Git clone - ${{ github.ref }} + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Setup environment + run: | + echo "${HOME}/.asdf/bin" >> $GITHUB_PATH + poetry install --no-root + + - name: Build + run: make build + + - name: Test + run: make test + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: build-artifacts + path: dist + + sonar: + name: SonarQube scan + runs-on: ubuntu-latest + needs: build + environment: pull-request + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Get build artifacts + uses: actions/download-artifact@v4 + with: + name: build-artifacts + path: dist + + - name: DEBUG - Check things are set up correctly + run: | + find . -name "test-coverage.xml" + ls -la dist + + - name: SonarQube scan + uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: SonarQube quality gate check + id: sonarqube-quality-gate-check + uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0 + with: + pollingTimeoutSec: 600 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/Makefile b/Makefile index 394150e3a..8b44ad164 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ MAKEFLAGS := --no-print-directory SHELL := /bin/bash DIST_PATH ?= ./dist -TEST_ARGS ?= --cov --cov-report=term-missing +TEST_ARGS ?= --cov --cov-report=term-missing --cov-report=xml:$(DIST_PATH)/test-coverage.xml SMOKE_TEST_ARGS ?= FEATURE_TEST_ARGS ?= ./tests/features --format progress2 TF_WORKSPACE_NAME ?= $(shell terraform -chdir=terraform/infrastructure workspace show) diff --git a/pyproject.toml b/pyproject.toml index 322d3a8b1..4e8612ad6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -86,6 +86,7 @@ docstring-code-format = true docstring-code-line-length = 80 [tool.coverage.run] +relative_files = true branch = true omit = [ "*/tests/*", diff --git a/sonar-project.properties b/sonar-project.properties index cac876215..746c4e678 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,13 +1,14 @@ sonar.projectKey=NHSDigital_NRLF sonar.organization=nhsdigital sonar.projectName=NRLF -sonar.python.version=3.9.5 -sonar.terraform.provider.aws.version=4.63.0 -# TODO: Some paths here are outdated and perhaps we don't want to exclude everything -sonar.cpd.exclusions=api/tests/**, tests/**, api/**/tests/**, feature_tests/**, cron/seed_sandbox/tests/**, data_contracts/**/tests/**, firehose/**/tests/**, firehose/**/scripts/**, helpers/tests/**, mi/**/tests/** -sonar.exclusions=scripts/**, **/scripts/**, api/tests/**, tests/**, api/**/tests/**, feature_tests/**, cron/seed_sandbox/tests/**, data_contracts/**/tests/**, firehose/**/tests/**, firehose/**/scripts/**, helpers/tests/**, mi/**/tests/** -# Exclude snomed urls as being unsafe -sonar.issue.ignore.multicriteria=exclude_snomed_urls -sonar.issue.ignore.multicriteria.exclude_snomed_urls.ruleKey=python:S5332 -sonar.issue.ignore.multicriteria.exclude_snomed_urls.pattern=**http://snomed\.info(/sct)?** +sonar.python.version=3.12 + +sonar.sources=. +sonar.exclusions=scripts/** +sonar.tests=. +sonar.tests.inclusions=**/tests/** +sonar.coverage.exclusions=scripts/**, tests/**, **/tests/** +sonar.cpd.exclusions=tests/**, **/tests/** + +sonar.python.coverage.reportPaths=dist/test-coverage.xml