DPC CI Workflow #8241
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "DPC CI Workflow" | |
| on: | |
| pull_request: | |
| paths-ignore: | |
| - .github/workflows/opt-out-* | |
| - lambda/** | |
| workflow_dispatch: # Allow manual trigger | |
| env: | |
| VAULT_PW: ${{ secrets.VAULT_PW }} | |
| REPORT_COVERAGE: true | |
| DPC_CA_CERT: ${{ secrets.DPC_CA_CERT }} | |
| ENV: "github-ci" | |
| jobs: | |
| build-dpc-portal: | |
| name: "Build and Test DPC Portal" | |
| runs-on: self-hosted | |
| steps: | |
| - name: Cleanup Runner | |
| run: | | |
| sudo chmod -R 777 . | |
| docker system prune -a --volumes -f | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: "Set up Ansible" | |
| run: | | |
| sudo dnf -y install python3 python3-pip | |
| pip install ansible | |
| - name: Install docker compose manually | |
| run: | | |
| mkdir -p /usr/local/lib/docker/cli-plugins | |
| curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose | |
| chown root:root /usr/local/lib/docker/cli-plugins/docker-compose | |
| chmod +x /usr/local/lib/docker/cli-plugins/docker-compose | |
| - name: "Test Portal" | |
| run: | | |
| export PATH=$PATH:~/.local/bin | |
| make ci-portal | |
| - name: "Reformat test results" # Sonarqube will run in a docker container and wants the paths to be from /github/workspace | |
| run: | | |
| sudo jq '.RSpec.coverage |= with_entries(if .key | contains("dpc-portal") then .key |= sub("/dpc-portal"; "${{ github.workspace }}/dpc-portal") else . end)' dpc-portal/coverage/.resultset.json > portal-resultset.json | |
| - name: Set env vars from AWS params | |
| uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | |
| env: | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| with: | |
| params: | | |
| SONAR_HOST_URL=/sonarqube/url | |
| SONAR_TOKEN=/sonarqube/token | |
| - name: Run quality gate scan | |
| uses: sonarsource/sonarqube-scan-action@master | |
| with: | |
| args: | |
| -Dsonar.projectKey=bcda-dpc-portal | |
| -Dsonar.sources=./dpc-portal/app,./dpc-portal/lib | |
| -Dsonar.coverage.exclusions=**/*_preview.rb,**/*html.erb,**/application_* | |
| -Dsonar.ruby.coverage.reportPaths=./portal-resultset.json | |
| -Dsonar.working.directory=./sonar_workspace | |
| -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }} | |
| -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }} | |
| -Dsonar.qualitygate.wait=true |