BCDA-9846: update paths to be sops compatible #1529
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Checks | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_call: | |
| inputs: | |
| ref: | |
| description: 'Ref of bcda-app to checkout (tag, branch name, or full SHA)' | |
| required: true | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'Ref of bcda-app to checkout (tag, branch name, or full SHA)' | |
| required: true | |
| type: string | |
| env: | |
| REF: ${{ inputs.ref || github.sha }} | |
| jobs: | |
| go_mod_tidy: | |
| name: Modules Lint | |
| runs-on: codebuild-bcda-app-${{github.run_id}}-${{github.run_attempt}} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: CMSgov/bcda-app | |
| ref: ${{ env.REF }} | |
| - name: Get Go # TEMP | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Tidy modules | |
| run: | | |
| go mod tidy -v | |
| CHANGES_FOUND=$(git diff-files --quiet) | |
| if [[ "$(CHANGES_FOUND)" == "1" ]]; then | |
| echo "Changes found. Run go mod tidy to clean up modules." | |
| git diff | |
| exit 1 | |
| fi | |
| lint_and_test: | |
| name: Lint and Test | |
| runs-on: codebuild-bcda-app-${{github.run_id}}-${{github.run_attempt}} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: CMSgov/bcda-app | |
| ref: ${{ env.REF }} | |
| - name: Get Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Install Ansible | |
| run: | | |
| sudo yum update -y | |
| sudo yum install python3-pip -y | |
| sudo dnf install ansible-8.3.0 -y | |
| - name: Decrypt secrets | |
| env: | |
| VAULT_PW: ${{ secrets.VAULT_PW }} | |
| run: | | |
| echo "$VAULT_PW" > .vault_password | |
| bash ops/secrets --decrypt | |
| mv -fv shared_files/encrypted/* shared_files/decrypted/ | |
| - name: Build the stack | |
| run: make docker-bootstrap | |
| - name: Lint and Test | |
| run: make test | |
| - name: Archive code coverage results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-coverage-report | |
| path: ./test_results/latest/testcoverage.out | |
| - name: Cleanup secrets | |
| if: ${{ always() }} | |
| run: rm -rf shared_files/decrypted shared_files/encrypted .vault_password | |
| sonar-quality-gate: | |
| name: Sonarqube Quality Gate | |
| needs: lint_and_test | |
| runs-on: codebuild-bcda-app-${{github.run_id}}-${{github.run_attempt}} | |
| steps: | |
| - name: Set env vars from AWS params | |
| uses: cmsgov/cdap/actions/aws-params-env-action@main | |
| env: | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| with: | |
| params: | | |
| SONAR_HOST_URL=/sonarqube/url | |
| SONAR_TOKEN=/sonarqube/token | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: CMSgov/bcda-app | |
| fetch-depth: 0 | |
| - name: Download code coverage | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code-coverage-report | |
| - name: Run quality gate scan | |
| uses: sonarsource/sonarqube-scan-action@master | |
| with: | |
| args: | |
| -Dsonar.projectKey=bcda-aco-api | |
| -Dsonar.sources=. | |
| -Dsonar.go.coverage.reportPaths=testcoverage.out | |
| -Dsonar.coverage.exclusions=**/*test.go,**/test/**/*,**/testUtils/*,**/scripts/*,**/ops/*,**/mock*.go,**/mock/**/* | |
| -Dsonar.branch.name=${{ env.REF }} | |
| -Dsonar.projectVersion=${{ github.sha }} | |
| -Dsonar.qualitygate.wait=true | |
| -Dsonar.ci.autoconfig.disabled=true |