From 9d7d98db559b2cda8ac29876761c0633e4f0286d Mon Sep 17 00:00:00 2001
From: Taylor Halfyard <87978430+TaylorHalf@users.noreply.github.com>
Date: Fri, 16 Feb 2024 07:16:23 +0000
Subject: [PATCH] Added in the sonar scan job (#47)

* Added in the sonar scan job
---
 .github/workflows/pr-plan.yml | 40 +++++++++++++++++++++++++++++++++++
 package-lock.json             | 11 ++++++++++
 package.json                  |  1 +
 3 files changed, 52 insertions(+)
 create mode 100644 .github/workflows/pr-plan.yml

diff --git a/.github/workflows/pr-plan.yml b/.github/workflows/pr-plan.yml
new file mode 100644
index 0000000..e64ac95
--- /dev/null
+++ b/.github/workflows/pr-plan.yml
@@ -0,0 +1,40 @@
+name: PR-checks
+
+on:
+ push:
+   branches: ['develop']
+ pull_request:
+   branches: ['develop']
+
+jobs:
+  scanner:
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    runs-on: X64
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CVS_MGMT_AWS_ROLE }}
+          aws-region: ${{ secrets.DVSA_AWS_REGION }}
+          role-session-name: 'cvs-tsk-edh-marshaller'
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with:
+          secret-ids: sonarqube-gha
+          parse-json-secrets: true
+      - name: Install dependencies
+        run: npm ci
+      - name: Run SonarQube scanner
+        run: |
+         npm run test && \
+         npm run sonar-scanner -- \
+         -Dsonar.host.url=${{ env.SONARQUBE_GHA_URL }} \
+         -Dsonar.token=${{ env.SONARQUBE_GHA_TOKEN }} \
+         -Dsonar.login=${{ env.SONARQUBE_GHA_TOKEN }} \
+         -Dsonar.projectName=${{ github.repository }} \
+         -Dsonar.projectVersion=1.0.${{ github.run_id }}
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index 2c026aa..ae561e9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -38,6 +38,7 @@
         "serverless": "^3.17.0",
         "serverless-plugin-tracing": "^2.0.0",
         "serverless-plugin-typescript": "^2.1.2",
+        "sonar-scanner": "^3.1.0",
         "ts-jest": "^29.0.5",
         "ts-node-register": "^1.0.0",
         "typescript": "^4.6.4"
@@ -10659,6 +10660,16 @@
         "node": ">=8"
       }
     },
+    "node_modules/sonar-scanner": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/sonar-scanner/-/sonar-scanner-3.1.0.tgz",
+      "integrity": "sha512-KD7W3wHCKJKAakhn8ckxNYTxkdb1cnJa3ot0NVvO8CCeJjb0yvF0fW2yGdI09zMHsqxCRsl4dLtyCL2SUv47WA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "bin": {
+        "sonar-scanner": "index.js"
+      }
+    },
     "node_modules/sort-keys": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-1.1.2.tgz",
diff --git a/package.json b/package.json
index 4458c3b..38d94d0 100644
--- a/package.json
+++ b/package.json
@@ -77,6 +77,7 @@
     "serverless": "^3.17.0",
     "serverless-plugin-tracing": "^2.0.0",
     "serverless-plugin-typescript": "^2.1.2",
+    "sonar-scanner": "^3.1.0",
     "ts-jest": "^29.0.5",
     "ts-node-register": "^1.0.0",
     "typescript": "^4.6.4"