From 8e9a5a4237ec1e4c207dc33a0c8a2031264e2ff9 Mon Sep 17 00:00:00 2001
From: Taylor Halfyard <taylor.halfyard@dvsa.gov.uk>
Date: Thu, 15 Feb 2024 16:37:42 +0000
Subject: [PATCH] Added in the build from hash job

---
 .github/workflows/pr-checks.yaml | 40 ++++++++++++++++++++++++++++++++
 package-lock.json                | 17 ++++++++++++++
 package.json                     |  1 +
 3 files changed, 58 insertions(+)
 create mode 100644 .github/workflows/pr-checks.yaml

diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
new file mode 100644
index 0000000..573c71e
--- /dev/null
+++ b/.github/workflows/pr-checks.yaml
@@ -0,0 +1,40 @@
+name: PR-checks
+
+on:
+ push:
+   branches: ['develop','feature/CB2-10778']
+ pull_request:
+   branches: ['develop']
+
+jobs:
+  scanner:
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    runs-on: X64
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CVS_MGMT_AWS_ROLE }}
+          aws-region: ${{ secrets.DVSA_AWS_REGION }}
+          role-session-name: 'cvs-svc-minimum-application-version'
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with:
+          secret-ids: sonarqube-gha
+          parse-json-secrets: true
+      - name: Install dependencies
+        run: npm ci
+      - name: Run SonarQube scanner
+        run: |
+         npm run test && \
+         npm run sonar-scanner -- \
+         -Dsonar.host.url=${{ env.SONARQUBE_GHA_URL }} \
+         -Dsonar.token=${{ env.SONARQUBE_GHA_TOKEN }} \
+         -Dsonar.login=${{ env.SONARQUBE_GHA_TOKEN }} \
+         -Dsonar.projectName=${{ github.repository }} \
+         -Dsonar.projectVersion=1.0.${{ github.run_id }}
diff --git a/package-lock.json b/package-lock.json
index 9756575..9c3fb43 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,6 +30,7 @@
         "eslint-plugin-security": "^1.7.1",
         "fs-extra": "^10.1.0",
         "jest": "^28.1.3",
+        "sonar-scanner": "^3.1.0",
         "source-map-support": "^0.5.21",
         "ts-jest": "^28.0.8",
         "ts-loader": "^9.4.2",
@@ -8775,6 +8776,16 @@
         "node": ">=8"
       }
     },
+    "node_modules/sonar-scanner": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/sonar-scanner/-/sonar-scanner-3.1.0.tgz",
+      "integrity": "sha512-KD7W3wHCKJKAakhn8ckxNYTxkdb1cnJa3ot0NVvO8CCeJjb0yvF0fW2yGdI09zMHsqxCRsl4dLtyCL2SUv47WA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "bin": {
+        "sonar-scanner": "index.js"
+      }
+    },
     "node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -16896,6 +16907,12 @@
       "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
       "dev": true
     },
+    "sonar-scanner": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/sonar-scanner/-/sonar-scanner-3.1.0.tgz",
+      "integrity": "sha512-KD7W3wHCKJKAakhn8ckxNYTxkdb1cnJa3ot0NVvO8CCeJjb0yvF0fW2yGdI09zMHsqxCRsl4dLtyCL2SUv47WA==",
+      "dev": true
+    },
     "source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
diff --git a/package.json b/package.json
index ee8f91c..f2aa810 100644
--- a/package.json
+++ b/package.json
@@ -47,6 +47,7 @@
     "eslint-plugin-security": "^1.7.1",
     "fs-extra": "^10.1.0",
     "jest": "^28.1.3",
+    "sonar-scanner": "^3.1.0",
     "source-map-support": "^0.5.21",
     "ts-jest": "^28.0.8",
     "ts-loader": "^9.4.2",