Added in the sonar scan job (#61)

* Added in sonar scan job
dvsa · Feb 16, 2024 · 807a81d · 807a81d
1 parent d2f448e
commit 807a81d
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 7 deletions.
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -41,3 +41,33 @@ jobs:
 
       - name: Integration tests
         run: npm run test-i
+
+  scanner:
+    permissions:
+      id-token: write
+    runs-on: X64
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CVS_MGMT_AWS_ROLE }}
+          aws-region: ${{ secrets.DVSA_AWS_REGION }}
+          role-session-name: 'cvs-tsk-atf-daily-schedules'
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with:
+          secret-ids: sonarqube-gha
+          parse-json-secrets: true
+      - name: Install dependencies
+        run: npm ci
+      - name: Run SonarQube scanner
+        run: |
+          npm run test && \
+          npm run sonar-scanner -- \
+          -Dsonar.host.url=${{ env.SONARQUBE_GHA_URL }} \
+          -Dsonar.token=${{ env.SONARQUBE_GHA_TOKEN }} \
+          -Dsonar.login=${{ env.SONARQUBE_GHA_TOKEN }} \
+          -Dsonar.projectName=${{ github.repository }} \
+          -Dsonar.projectVersion=1.0.${{ github.run_id }}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -84,6 +84,7 @@
     "serverless-offline": "8.2.0",
     "serverless-offline-aws-eventbridge": "1.6.5",
     "serverless-plugin-typescript": "2.1.0",
+    "sonar-scanner": "3.1.0",
     "supertest": "6.0.1",
     "ts-jest": "27.0.7",
     "ts-loader": "8.0.14",