Skip to content

fix(admin-ui): password should be hidden in audit logs. #3033

fix(admin-ui): password should be hidden in audit logs.

fix(admin-ui): password should be hidden in audit logs. #3033

# Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally.
# Contact @moabu
# Sonar cloud https://sonarcloud.io/organizations/janssenproject/projects
name: Code quality check
on:
push:
branches:
- main
paths-ignore:
- 'docker-**/CHANGELOG.md'
- 'docker-**/version.txt'
- '**.md'
# TODO: Optimize so that workflow is only triggered for `opened` and `synchronize` actions
pull_request:
branches:
- main
paths-ignore:
- 'docker-**/CHANGELOG.md'
- 'docker-**/version.txt'
- '**.md'
workflow_dispatch:
jobs:
sonar-scan:
name: sonar scan
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
module: [admin-ui, flex-linux-setup]
env:
NON_JVM_PROJECTS: |
admin-ui
flex-linux-setup
steps:
- name: check out code
uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonarqube analysis
- name: find changed directories
run: |
if [ $GITHUB_BASE_REF ]; then
# Pull Request
echo "Triggerring event: pull request"
echo Pull request base ref: $GITHUB_BASE_REF
git fetch origin $GITHUB_BASE_REF --depth=1
if [ ${{ github.event.action }} = "opened" ]; then
echo "Triggerring action: opened"
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
fi
if [ ${{ github.event.action }} = "synchronize" ]; then
echo "Triggerring action: synchronize"
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >>${GITHUB_ENV}
fi
else
# Push
echo "Triggerring event: push"
git fetch origin ${{ github.event.before }} --depth=1
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} $GITHUB_SHA | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV}
fi
- name: check env
run: |
echo changed dir list: ${{ env.CHANGED_DIR }}
echo Matrix module: ${{ matrix.module }}
echo GH event action: ${{ github.event.action }}
echo PR base sha: ${{ github.event.pull_request.base.sha }}
echo PR head sha: ${{ github.event.pull_request.head.sha }}
echo event before: ${{ github.event.before }}
echo GH sha: $GITHUB_SHA
- name: Set up JDK 11
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module)
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
- name: Cache SonarCloud packages for JVM based project
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module)
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Convert repo org name to lowercase for non JVM projects
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module)
env:
REPO_OWNER: ${{ github.repository_owner }}
run: |
echo "REPO_ORG=${REPO_OWNER,,}" >>${GITHUB_ENV}
- name: SonarCloud Scan for non-JVM project
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module)
uses: SonarSource/sonarcloud-github-action@master
with:
args: >
-Dsonar.organization=${{ env.REPO_ORG }}
-Dsonar.projectKey=${{ github.repository_owner }}_${{ matrix.module }}
projectBaseDir: ${{ matrix.module }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}