[Snyk] Security upgrade golang from 1.21.12-alpine3.20 to alpine3.20 … #879
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "SSAS CI Workflow" | |
on: [push] | |
jobs: | |
lint: | |
name: Modules Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Tidy modules | |
run: | | |
go mod tidy -v | |
CHANGES_FOUND=$(git diff-files --quiet) | |
if [[ "$(CHANGES_FOUND)" == "1" ]]; then | |
echo "Changes found. Run go mod tidy to clean up modules." | |
git diff | |
exit 1 | |
fi | |
build: | |
name: "Build and Test" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Checkout code" | |
uses: actions/checkout@v1 | |
- name: "Build the stack" | |
run: | | |
make docker-bootstrap | |
- name: "Run all tests" | |
run: | | |
make test | |
- name: Archive code coverage results | |
uses: actions/upload-artifact@v3 | |
with: | |
name: code-coverage-report | |
path: ./test_results/latest/testcoverage.out | |
sonar-quality-gate: | |
name: Sonarqube Quality Gate | |
needs: build | |
runs-on: self-hosted | |
env: | |
# Workaround until https://jira.cms.gov/browse/PLT-338 is implemented. | |
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true" | |
steps: | |
- name: Download code coverage | |
uses: actions/download-artifact@v3 | |
with: | |
name: code-coverage-report | |
- name: Set env vars from AWS params | |
uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | |
env: | |
AWS_REGION: ${{ vars.AWS_REGION }} | |
with: | |
params: | | |
SONAR_HOST_URL=/sonarqube/url | |
SONAR_TOKEN=/sonarqube/token | |
- name: Run quality gate scan | |
uses: sonarsource/sonarqube-scan-action@master | |
with: | |
args: -Dsonar.projectKey=bcda-ssas-api | |
-Dsonar.sources=. -Dsonar.go.coverage.reportPaths=./test_results/latest/testcoverage.out | |
-Dsonar.coverage.exclusions=**/*test.go,**/test/**/*,**/testUtils/*,**/scripts/*,**/ops/*,**/mock*.go | |
-Dsonar.branch.name=${{ github.event.pull_request.head.ref }} -Dsonar.projectVersion=${{ github.event.pull_request.head.sha }} |