You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,15 +11,18 @@ It also contains a dockerfile that builds an image that contains git-secrets whi
11
11
12
12
The main quality checks workflow runs comprehensive checks for EPS repositories. The steps executed by this workflow are as follows:
13
13
14
+
-**Scan git history for secrets**: Scans for secret-like patterns, using https://github.com/NHSDigital/software-engineering-quality-framework/blob/main/tools/nhsd-git-secrets/git-secrets
14
15
-**Install Project Dependencies**
16
+
-**Check Licenses**: Runs `make check-licenses`.
17
+
-**Run Linting** Runs `make lint`.
18
+
-**Run actionlint** Runs actionlint using [actionlint](https://github.com/raven-actions/actionlint)
19
+
-**Run shellcheck**: Runs shellcheck using [action-shellcheck](https://github.com/ludeeus/action-shellcheck)
20
+
-**Run cfn-lint** Runs [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) against files in cloudformation and SAMtemplates folders
21
+
-**Run Unit Tests** Runs `make test`.
22
+
-**CDK Synth** (*Conditional*): Runs `make cdk-synth` if packages/cdk folder exists
23
+
-**Run cloudformation-guard** (*Conditional*): Runs [cfn-guard](https://github.com/aws-cloudformation/cloudformation-guard) if CloudFormation, AWS SAM templates or CDK are present
15
24
-**Generate and Check SBOMs**: Creates Software Bill of Materials (SBOMs) to track dependencies for security and compliance. Uses [THIS](https://github.com/NHSDigital/eps-action-sbom) action.
16
-
-**Run Linting**
17
-
-**Run Unit Tests**
18
-
-**Scan git history for secrets**: Scans for secret-like patterns, using https://github.com/NHSDigital/software-engineering-quality-framework/blob/main/tools/nhsd-git-secrets/git-secrets
19
25
-**SonarCloud Scan**: Performs code analysis using SonarCloud to detect quality issues and vulnerabilities.
20
-
-**Validate CloudFormation Templates** (*Conditional*): If CloudFormation, AWS SAM templates or CDK are present, runs `cfn-lint` (SAM and cloudformation only) and `cfn-guard` to validate templates against AWS best practices and security rules.
21
-
-**CDK Synth** (*Conditional*): Runs `make cdk-synth` if packages/cdk folder exists
22
-
-**Check Licenses**: Runs `make check-licenses`.
23
26
-- **Build dev containers**: Builds dev containers (for x64 and arm64 architecture), pushes to ECR and checks vulnerability scan results
0 commit comments