Added in the sonar scan job (#47)

* Added in the sonar scan job
dvsa · Feb 16, 2024 · 9d7d98d · 9d7d98d
1 parent fbad9f7
commit 9d7d98d
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/.github/workflows/pr-plan.yml b/.github/workflows/pr-plan.yml
@@ -0,0 +1,40 @@
+name: PR-checks
+
+on:
+ push:
+   branches: ['develop']
+ pull_request:
+   branches: ['develop']
+
+jobs:
+  scanner:
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    runs-on: X64
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CVS_MGMT_AWS_ROLE }}
+          aws-region: ${{ secrets.DVSA_AWS_REGION }}
+          role-session-name: 'cvs-tsk-edh-marshaller'
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with:
+          secret-ids: sonarqube-gha
+          parse-json-secrets: true
+      - name: Install dependencies
+        run: npm ci
+      - name: Run SonarQube scanner
+        run: |
+         npm run test && \
+         npm run sonar-scanner -- \
+         -Dsonar.host.url=${{ env.SONARQUBE_GHA_URL }} \
+         -Dsonar.token=${{ env.SONARQUBE_GHA_TOKEN }} \
+         -Dsonar.login=${{ env.SONARQUBE_GHA_TOKEN }} \
+         -Dsonar.projectName=${{ github.repository }} \
+         -Dsonar.projectVersion=1.0.${{ github.run_id }}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -77,6 +77,7 @@
     "serverless": "^3.17.0",
     "serverless-plugin-tracing": "^2.0.0",
     "serverless-plugin-typescript": "^2.1.2",
+    "sonar-scanner": "^3.1.0",
     "ts-jest": "^29.0.5",
     "ts-node-register": "^1.0.0",
     "typescript": "^4.6.4"