Skip to content
Analysis

changed the postgres variables to align local with the test environment, and same for the application.yml for the spring boot #1143

Sign in to view logs

changed the postgres variables to align local with the test environment, and same for the application.yml for the spring boot

changed the postgres variables to align local with the test environment, and same for the application.yml for the spring boot #1143

Workflow file for this run

.github/workflows/analysis.yml at c0fe406
name: Analysis
on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
push:
branches: [main]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
tests-backend:
name: Tests (Backend)
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
steps:
- uses: bcgov-nr/[email protected]
with:
commands: mvn --no-transfer-progress clean compile verify package checkstyle:checkstyle -P all-tests
dir: backend
java-cache: maven
java-distribution: temurin
java-version: 21
sonar_args: >
-Dsonar.exclusions=**/config/**,**/converter/**,**/dto/**,**/entity/**,**/exception/**,**/job/**,**/response/**,**/*$*Builder*,**/RestExceptionEndpoint.*,**/ResultsApplication.*
-Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.project.monorepo.enabled=true
-Dsonar.projectKey=nr-silva-backend
sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
# Only use triggers for PRs
triggers: ${{ github.event_name == 'pull_request' && '("backend/")' || '' }}
lint-frontend:
name: Lint (Frontend)
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
steps:
- uses: bcgov-nr/[email protected]
with:
commands: |
npm ci
npm run lint || true
dir: frontend
node_version: "20"
# Only use triggers for PRs
triggers: ${{ github.event_name == 'pull_request' && '("frontend/")' || '' }}
tests-frontend:
name: Tests (Frontend)
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
steps:
- uses: bcgov-nr/[email protected]
with:
commands: |
npm ci
npm run test:coverage
dir: frontend
node_version: "20"
sonar_args: >
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.projectKey=nr-silva-frontend
-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
-Dsonar.typescript.tsconfigPaths=tsconfig.json
-Dsonar.sources=src/
-Dsonar.exclusions=src/__test__/**
-Dsonar.tests=src/__test__/
-Dsonar.project.monorepo.enabled=true
sonar_token: ${{ secrets.SONAR_TOKEN_FRONTEND }}
# Only use triggers for PRs
triggers: ${{ github.event_name == 'pull_request' && '("frontend/")' || '' }}
codeql:
name: CodeQL
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v3
- uses: actions/setup-java@v4
with:
distribution: "oracle"
java-version: "21"
- uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- run: |
# Exclude file and build
rm InstallCert.java
./mvnw package -DskipTests
ls -la
working-directory: backend
- uses: github/codeql-action/analyze@v3
# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Trivy Security Scan
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/[email protected]
with:
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
scan-type: "fs"
scanners: "vuln,secret,config"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"