Skip to content

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2903.0 #27512

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2903.0

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2903.0 #27512

Workflow file for this run

name: Build Hub
on:
pull_request:
branches:
- main
push:
branches:
- main
merge_group:
types:
- checks_requested
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
# These are for CI and not credentials of any system
DB_USER: prime
DB_PASSWORD: changeIT!
jobs:
pre_job:
name: Pre Job
runs-on: ubuntu-latest
outputs:
has_router_change: ${{ steps.build_vars.outputs.has_router_change }}
steps:
- name: "Check out changes"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build vars
id: build_vars
uses: ./.github/actions/build-vars
build_router:
name: Build Router
runs-on: ubuntu-latest
needs: pre_job
if: ${{ needs.pre_job.outputs.has_router_change == 'true' }}
defaults:
run:
working-directory: prime-router
steps:
- name: Add swapfile
working-directory: /
run: |
sudo swapoff -a
sudo fallocate -l 15G /mnt/swapfile
sudo chmod 600 /mnt/swapfile
sudo mkswap /mnt/swapfile
sudo swapon /mnt/swapfile
sudo swapon --show
- name: "Check out changes"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build backend
uses: ./.github/actions/build-backend
with:
version: ${{ github.run_id }}
upload-build: false
run-integration-tests: true
sp-creds: ${{ secrets.SERVICE_PRINCIPAL_CREDS }}
- name: Generate New Schema Docs
working-directory: ./
run: |
# Clean the docs before regenerating
rm -rf prime-router/docs/docs_deprecated/schema_documentation/*
./gradlew :prime-router:generatedocs
- name: Validate YAML
working-directory: ./
run: |
# Add more YAML checks here
./gradlew :prime-router:primeCLI --args='validate-yaml --type Organizations --file settings/organizations.yml --dir settings/STLTs'
./gradlew :prime-router:primeCLI --args='validate-yaml --type FhirToFhirTransform --dir src/main/resources/metadata/fhir_transforms'
./gradlew :prime-router:primeCLI --args='validate-yaml --type FhirToHL7Mapping --dir src/main/resources/metadata/hl7_mapping'
./gradlew :prime-router:primeCLI --args='validate-yaml --type HL7ToFhirMappingMessageTemplate --dir metadata/HL7/catchall/hl7/message'
./gradlew :prime-router:primeCLI --args='validate-yaml --type HL7ToFhirMappingResourceTemplate --dir metadata/HL7 --exclude-dir metadata/HL7/catchall/hl7/message metadata/HL7/catchall/hl7/codesystem --exclude-file metadata/HL7/catchall/fhir/resourcemapping.yml metadata/HL7/catchall/hl7/resource/Common.yml'
- name: Check for Uncommited Schema Docs
id: check_changes
continue-on-error: true
run: |
CHANGED_FILES=$(git status --short docs)
if [[ -n "$CHANGED_FILES" ]]; then
echo "Updated documentation:"
git diff docs
# Escape line breaks so they can be used in step output.
# See: https://github.community/t/set-output-truncates-multiline-strings/16852
FILES_ESCAPED="$CHANGED_FILES"
FILES_ESCAPED="${FILES_ESCAPED//'%'/'%25'}"
FILES_ESCAPED="${FILES_ESCAPED//$'\n'/'%0A'}"
FILES_ESCAPED="${FILES_ESCAPED//$'\r'/'%0D'}"
echo "files=$FILES_ESCAPED" >> $GITHUB_OUTPUT
# End with an error
false
fi
- name: Add Schema doc diff as PR comment if there are changes
if: ${{ steps.check_changes.outcome == 'failure' }}
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043
with:
token: ${{ secrets.GITHUB_TOKEN }}
issue-number: ${{ github.event.number }}
body: |
The changes you’ve made modify the documentation, but you haven’t included new generated documentation in your commits!
Please run `./gradlew generatedocs` to generate updated documentation, then commit the results.
Expected changes in files:
```sh
${{ steps.check_changes.outputs.files }}
```
- name: Fail if missing Schema docs are found
if: ${{ steps.check_changes.outcome == 'failure' }}
run: |
false