DCMAW-10737: Add post-merge GH Actions workflow with Sonar scan for t…

…est-resources directory (#283)
govuk-one-login · Dec 4, 2024 · fe5190e · fe5190e
1 parent 63a7f97
commit fe5190e
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/.github/workflows/test-resources-push-to-main.yml b/.github/workflows/test-resources-push-to-main.yml
@@ -0,0 +1,52 @@
+name: test-resources push to main
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "test-resources/**"
+      - ".github/workflows/test-resources-push-to-main.yml"
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  sonar-scan:
+    name: Sonar main branch scan
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        shell: bash
+        working-directory: test-resources
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 #main
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Setup nodeJS v20
+        uses: actions/setup-node@26961cf329f22f6837d5f54c3efd76b480300ace #main
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: test-resources/package-lock.json
+
+      - name: Install dependencies
+        run: npm install
+
+      # Generate test coverage report for Sonar main branch analysis
+      - name: Run Tests
+        run: npm run test:unit
+
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 #master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          projectBaseDir: test-resources