Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2903.0 #27512
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Hub | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
merge_group: | |
types: | |
- checks_requested | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
# These are for CI and not credentials of any system | |
DB_USER: prime | |
DB_PASSWORD: changeIT! | |
jobs: | |
pre_job: | |
name: Pre Job | |
runs-on: ubuntu-latest | |
outputs: | |
has_router_change: ${{ steps.build_vars.outputs.has_router_change }} | |
steps: | |
- name: "Check out changes" | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- name: Build vars | |
id: build_vars | |
uses: ./.github/actions/build-vars | |
build_router: | |
name: Build Router | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: ${{ needs.pre_job.outputs.has_router_change == 'true' }} | |
defaults: | |
run: | |
working-directory: prime-router | |
steps: | |
- name: Add swapfile | |
working-directory: / | |
run: | | |
sudo swapoff -a | |
sudo fallocate -l 15G /mnt/swapfile | |
sudo chmod 600 /mnt/swapfile | |
sudo mkswap /mnt/swapfile | |
sudo swapon /mnt/swapfile | |
sudo swapon --show | |
- name: "Check out changes" | |
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 | |
- name: Build backend | |
uses: ./.github/actions/build-backend | |
with: | |
version: ${{ github.run_id }} | |
upload-build: false | |
run-integration-tests: true | |
sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }} | |
- name: Generate New Schema Docs | |
working-directory: ./ | |
run: | | |
# Clean the docs before regenerating | |
rm -rf prime-router/docs/docs_deprecated/schema_documentation/* | |
./gradlew :prime-router:generatedocs | |
- name: Validate YAML | |
working-directory: ./ | |
run: | | |
# Add more YAML checks here | |
./gradlew :prime-router:primeCLI --args='validate-yaml --type Organizations --file settings/organizations.yml --dir settings/STLTs' | |
./gradlew :prime-router:primeCLI --args='validate-yaml --type FhirToFhirTransform --dir src/main/resources/metadata/fhir_transforms' | |
./gradlew :prime-router:primeCLI --args='validate-yaml --type FhirToHL7Mapping --dir src/main/resources/metadata/hl7_mapping' | |
./gradlew :prime-router:primeCLI --args='validate-yaml --type HL7ToFhirMappingMessageTemplate --dir metadata/HL7/catchall/hl7/message' | |
./gradlew :prime-router:primeCLI --args='validate-yaml --type HL7ToFhirMappingResourceTemplate --dir metadata/HL7 --exclude-dir metadata/HL7/catchall/hl7/message metadata/HL7/catchall/hl7/codesystem --exclude-file metadata/HL7/catchall/fhir/resourcemapping.yml metadata/HL7/catchall/hl7/resource/Common.yml' | |
- name: Check for Uncommited Schema Docs | |
id: check_changes | |
continue-on-error: true | |
run: | | |
CHANGED_FILES=$(git status --short docs) | |
if [[ -n "$CHANGED_FILES" ]]; then | |
echo "Updated documentation:" | |
git diff docs | |
# Escape line breaks so they can be used in step output. | |
# See: https://github.community/t/set-output-truncates-multiline-strings/16852 | |
FILES_ESCAPED="$CHANGED_FILES" | |
FILES_ESCAPED="${FILES_ESCAPED//'%'/'%25'}" | |
FILES_ESCAPED="${FILES_ESCAPED//$'\n'/'%0A'}" | |
FILES_ESCAPED="${FILES_ESCAPED//$'\r'/'%0D'}" | |
echo "files=$FILES_ESCAPED" >> $GITHUB_OUTPUT | |
# End with an error | |
false | |
fi | |
- name: Add Schema doc diff as PR comment if there are changes | |
if: ${{ steps.check_changes.outcome == 'failure' }} | |
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
issue-number: ${{ github.event.number }} | |
body: | | |
The changes you’ve made modify the documentation, but you haven’t included new generated documentation in your commits! | |
Please run `./gradlew generatedocs` to generate updated documentation, then commit the results. | |
Expected changes in files: | |
```sh | |
${{ steps.check_changes.outputs.files }} | |
``` | |
- name: Fail if missing Schema docs are found | |
if: ${{ steps.check_changes.outcome == 'failure' }} | |
run: | | |
false |