.github/workflows/analysis.yml

# name: Analysis

# on:
#   push:
#     branches: [main]
#   pull_request:
#     types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
#   schedule:
#     - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
#   workflow_dispatch:

# concurrency:
#   group: ${{ github.workflow }}-${{ github.ref }}
#   cancel-in-progress: true

# jobs:
#   tests:
#     name: Tests
#     if: ${{ ! github.event.pull_request.draft }}
#     runs-on: ubuntu-22.04
#     timeout-minutes: 5
#     services:
#       postgres:
#         image: postgres
#         env:
#           POSTGRES_PASSWORD: postgres
#         options: >-
#           --health-cmd pg_isready
#           --health-interval 10s
#           --health-timeout 5s
#           --health-retries 5
#         ports:
#           - 5432:5432
#     strategy:
#       matrix:
#         dir: [backend, frontend]
#         include:
#           - dir: backend
#             token: SONAR_TOKEN_BACKEND
#           - dir: frontend
#             token: SONAR_TOKEN_FRONTEND
#     steps:
#       - uses: bcgov-nr/action-test-and-analyse@v1.2.1
#         with:
#           commands: |
#             npm ci
#             npm run test:cov
#           dir: ${{ matrix.dir }}
#           node_version: "22"
#           sonar_args: >
#             -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts
#             -Dsonar.organization=bcgov-sonarcloud
#             -Dsonar.projectKey=quickstart-openshift_${{ matrix.dir }}
#             -Dsonar.sources=src
#             -Dsonar.tests.inclusions=**/*spec.ts
#             -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info
#           sonar_token: ${{ secrets[matrix.token] }}
#           triggers: ('${{ matrix.dir }}/')

  # https://github.com/marketplace/actions/aqua-security-trivy
  # trivy:
  #   name: Trivy Security Scan
  #   if: ${{ ! github.event.pull_request.draft }}
  #   runs-on: ubuntu-22.04
  #   timeout-minutes: 1
  #   steps:
  #     - uses: actions/checkout@v4
  #     - name: Run Trivy vulnerability scanner in repo mode
  #       uses: aquasecurity/trivy-action@0.23.0
  #       with:
  #         format: "sarif"
  #         output: "trivy-results.sarif"
  #         ignore-unfixed: true
  #         scan-type: "fs"
  #         scanners: "vuln,secret,config"
  #         severity: "CRITICAL,HIGH"

  #     - name: Upload Trivy scan results to GitHub Security tab
  #       uses: github/codeql-action/upload-sarif@v3
  #       with:
  #         sarif_file: "trivy-results.sarif"

  # results:
  #   name: Analysis Results
  #   needs: [tests, trivy]
  #   runs-on: ubuntu-22.04
  #   steps:
  #     - run: echo "Success!"