code review workflow (#23)

* added code review for functions * add sonar token * properties default value * add plugin sonar to parent * add code review worfflow * test removing if pull_request * fix reference ms * sonat_token and coverage exclusions * replace for code review ms * code review for all * added request and response to exclusions * remove code review workflow for single module
pagopa · Oct 18, 2023 · b2995d6 · b2995d6
1 parent 8ad478e
commit b2995d6
Showing 6 changed files with 105 additions and 48 deletions.
diff --git a/.github/workflows/code_review.yml b/.github/workflows/code_review.yml
@@ -0,0 +1,75 @@
+name: Code Review
+
+# Controls when the workflow will run
+on:
+  pull_request:
+    branches:
+      - main
+      - develop
+    types:
+      - opened
+      - synchronize
+      - reopened
+    paths:
+      - 'onboarding-ms/**'
+      - 'onboarding-functions/**'
+      - 'onboarding-sdk/**'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+  deployments: write
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+
+  code-review:
+    name: Code Review onboarding-ms
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+
+      - name: Cache Maven packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar-project.properties/cache
+          key: ${{ runner.os }}-sonar-project.properties
+          restore-keys: ${{ runner.os }}-sonar-project.properties
+
+      - name: Build and analyze on Pull Requests
+        shell: bash
+        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          -Dsonar.organization=pagopa
+          -Dsonar.projectKey=pagopa_selfcare-onboarding
+          -Dsonar.coverage.jacoco.xmlReportPaths=./target/jacoco-report/jacoco.xml
+          -Dsonar.host.url=https://sonarcloud.io
+          -Dsonar.token=${{ secrets.SONAR_TOKEN }}
+          -Dsonar.coverage.exclusions='**/exception/**, **/response/**, **/request/**, **/entity/**, **/utils/**, **/*Constant*, **/*Config.java, **/src/test/**'
+          -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+          -Dsonar.pullrequest.branch=${{ github.head_ref }}
+          -Dsonar.pullrequest.base=${{ github.base_ref }}
+          --file ./pom.xml
+        env:
+          # Needed to get some information about the pull request, if any
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # SonarCloud access token should be generated from https://sonarcloud.io/account/security/
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/code_review_onboarding_ms.yml b/.github/workflows/code_review_onboarding_ms.yml
diff --git a/.identity/00_data.tf b/.identity/00_data.tf
@@ -27,3 +27,8 @@ data "azurerm_key_vault_secret" "onboarding_functions_api_key" {
   name         = "onboarding-functions-api-key"
   key_vault_id = data.azurerm_key_vault.key_vault.id
 }
+
+data "azurerm_key_vault_secret" "sonar_token" {
+  name         = "sonar-token"
+  key_vault_id = data.azurerm_key_vault.key_vault.id
+}
diff --git a/.identity/03_github_environment.tf b/.identity/03_github_environment.tf
@@ -41,7 +41,7 @@ locals {
     "NAMESPACE" : local.domain,
   }
   repo_secrets = {
-    # "SONAR_TOKEN" : data.azurerm_key_vault_secret.key_vault_sonar.value,
+    "SONAR_TOKEN": data.azurerm_key_vault_secret.sonar_token.value,
     # "BOT_TOKEN_GITHUB" : data.azurerm_key_vault_secret.key_vault_bot_token.value,
     # "CUCUMBER_PUBLISH_TOKEN" : data.azurerm_key_vault_secret.key_vault_cucumber_token.value,
   }

diff --git a/onboarding-functions/src/main/resources/application.properties b/onboarding-functions/src/main/resources/application.properties
@@ -1,9 +1,9 @@
-quarkus.azure-functions.app-name=${AZURE_APP_NAME}
-quarkus.azure-functions.subscription-id=${AZURE_SUBSCRIPTION_ID}
-quarkus.azure-functions.resource-group=${AZURE_RESOURCE_GROUP}
+quarkus.azure-functions.app-name=${AZURE_APP_NAME:selc-d-functions}
+quarkus.azure-functions.subscription-id=${AZURE_SUBSCRIPTION_ID:123456789}
+quarkus.azure-functions.resource-group=${AZURE_RESOURCE_GROUP:selc-d-functions-rg}
 quarkus.azure-functions.region=${AZURE_APP_REGION:westeurope}
-quarkus.azure-functions.app-insights-key=${AZURE_APP_INSIGHTS_KEY}
-quarkus.azure-functions.app-service-plan-name=${AZURE_APP_SERVICE_PLAN_NAME}
+quarkus.azure-functions.app-insights-key=${AZURE_APP_INSIGHTS_KEY:123456789}
+quarkus.azure-functions.app-service-plan-name=${AZURE_APP_SERVICE_PLAN_NAME:selc-d-app-service-plan}
 
 quarkus.azure-functions.app-settings.MONGODB_CONNECTION_URI=${MONGODB_CONNECTION_URI}
 quarkus.azure-functions.app-settings.USER_REGISTRY_API_KEY=${USER_REGISTRY_API_KEY}

diff --git a/pom.xml b/pom.xml
@@ -31,6 +31,25 @@
 
 
 
+    <build>
+        <plugins>
+        <plugin>
+            <groupId>org.sonarsource.scanner.maven</groupId>
+            <artifactId>sonar-maven-plugin</artifactId>
+            <version>3.7.0.1746</version>
+            <executions>
+            <execution>
+                <phase>verify</phase>
+                <goals>
+                <goal>sonar</goal>
+                </goals>
+            </execution>
+            </executions>
+        </plugin>
+        </plugins>
+    </build>
+
+
     <repositories>
         <repository>
             <id>selfcare-platform</id>