fix(admin-ui): password should be hidden in audit logs. #3033
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally. | |
# Contact @moabu | |
# Sonar cloud https://sonarcloud.io/organizations/janssenproject/projects | |
name: Code quality check | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- 'docker-**/CHANGELOG.md' | |
- 'docker-**/version.txt' | |
- '**.md' | |
# TODO: Optimize so that workflow is only triggered for `opened` and `synchronize` actions | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- 'docker-**/CHANGELOG.md' | |
- 'docker-**/version.txt' | |
- '**.md' | |
workflow_dispatch: | |
jobs: | |
sonar-scan: | |
name: sonar scan | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
module: [admin-ui, flex-linux-setup] | |
env: | |
NON_JVM_PROJECTS: | | |
admin-ui | |
flex-linux-setup | |
steps: | |
- name: check out code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonarqube analysis | |
- name: find changed directories | |
run: | | |
if [ $GITHUB_BASE_REF ]; then | |
# Pull Request | |
echo "Triggerring event: pull request" | |
echo Pull request base ref: $GITHUB_BASE_REF | |
git fetch origin $GITHUB_BASE_REF --depth=1 | |
if [ ${{ github.event.action }} = "opened" ]; then | |
echo "Triggerring action: opened" | |
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV} | |
fi | |
if [ ${{ github.event.action }} = "synchronize" ]; then | |
echo "Triggerring action: synchronize" | |
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} ${{ github.event.pull_request.head.sha }} | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >>${GITHUB_ENV} | |
fi | |
else | |
# Push | |
echo "Triggerring event: push" | |
git fetch origin ${{ github.event.before }} --depth=1 | |
echo "CHANGED_DIR=$( git diff --name-only ${{ github.event.before }} $GITHUB_SHA | cut -d/ -f1 | sort -u | sed -z 's/\n/,/g;s/^/[/;s/,$/]/;s/$/\n/')" >> ${GITHUB_ENV} | |
fi | |
- name: check env | |
run: | | |
echo changed dir list: ${{ env.CHANGED_DIR }} | |
echo Matrix module: ${{ matrix.module }} | |
echo GH event action: ${{ github.event.action }} | |
echo PR base sha: ${{ github.event.pull_request.base.sha }} | |
echo PR head sha: ${{ github.event.pull_request.head.sha }} | |
echo event before: ${{ github.event.before }} | |
echo GH sha: $GITHUB_SHA | |
- name: Set up JDK 11 | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'adopt' | |
- name: Cache SonarCloud packages for JVM based project | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.JVM_PROJECTS, matrix.module) | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Convert repo org name to lowercase for non JVM projects | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module) | |
env: | |
REPO_OWNER: ${{ github.repository_owner }} | |
run: | | |
echo "REPO_ORG=${REPO_OWNER,,}" >>${GITHUB_ENV} | |
- name: SonarCloud Scan for non-JVM project | |
if: contains(env.CHANGED_DIR, matrix.module) && contains(env.NON_JVM_PROJECTS, matrix.module) | |
uses: SonarSource/sonarcloud-github-action@master | |
with: | |
args: > | |
-Dsonar.organization=${{ env.REPO_ORG }} | |
-Dsonar.projectKey=${{ github.repository_owner }}_${{ matrix.module }} | |
projectBaseDir: ${{ matrix.module }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |