Merge pull request #41 from safeinsights/update-ci

Updating CI

Author: sparksam

.github/workflows/checks.yml

@@ -1,9 +1,8 @@
 name: Checks
 on:
     push:
-        branches: [main, master]
+        branches: [main]
     pull_request:
-        branches: [main, master]
 jobs:
     all:
         timeout-minutes: 60
@@ -23,6 +22,18 @@ jobs:
                   scan-type: 'fs'
                   scan-ref: '.'
                   trivy-config: trivy.yaml
+            - name: Run SonarQube SAST Scan
+              uses: SonarSource/sonarqube-scan-action@v6
+              env:
+                  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+                  SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+            # If you wish to fail your job when the Quality Gate is red, uncomment the
+            # following lines. This would typically be used to fail a deployment.
+            - name: Check SonarQube SAST Sca
+              uses: SonarSource/sonarqube-quality-gate-action@v1
+              timeout-minutes: 5
+              env:
+                  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
             - name: Typecheck
               run: npm run typecheck
             - name: Unit Test