DPC-4258 Run sonarqube check in GitHub actions

.github/workflows/ci-workflow.yml

@@ -44,6 +44,14 @@ jobs:
       - name: "DPC Web Build"
         run: |
           make ci-web-portal
+      - name: "Move the test results" # won't upload hidden files
+        run: |
+          sudo mv ./dpc-web/coverage/.resultset.json ./dpc-web/coverage/resultset.json
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v3
+        with:
+          name: code-coverage-report-dpc-web
+          path: ./dpc-web/coverage/resultset.json
 
   build-dpc-admin:
     name: "Build and Test DPC Admin Portal"
@@ -54,6 +62,14 @@ jobs:
       - name: "DPC Admin Portal Build"
         run: |
           make ci-admin-portal
+      - name: "Move the test results" # won't upload hidden files
+        run: |
+          sudo mv ./dpc-admin/coverage/.resultset.json ./dpc-admin/coverage/resultset.json
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v3
+        with:
+          name: code-coverage-report-dpc-admin
+          path: ./dpc-admin/coverage/resultset.json
 
   build-dpc-portal:
     name: "Build and Test DPC Portal"
@@ -64,6 +80,14 @@ jobs:
       - name: "DPC Portal Build"
         run: |
           make ci-portal
+      - name: "Move the test results" # won't upload hidden files
+        run: |
+          sudo mv ./dpc-portal/coverage/.resultset.json ./dpc-portal/coverage/resultset.json
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v3
+        with:
+          name: code-coverage-report-dpc-portal
+          path: ./dpc-portal/coverage/resultset.json
 
   build-dpc-client:
     name: "Build and Test DPC Client"
@@ -74,3 +98,118 @@ jobs:
       - name: "DPC Client Build"
         run: |
           make ci-api-client
+
+  sonar-quality-gate-dpc-web-and-admin:
+    name: Sonarqube Quality Gate for dpc-web and dpc-admin
+    needs: [build-dpc-admin, build-dpc-web]
+    runs-on: self-hosted
+    env:
+      # Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v1
+      - name: Download web code coverage
+        uses: actions/download-artifact@v3
+        with:
+          name: code-coverage-report-dpc-web
+      - name: Download admin code coverage
+        uses: actions/download-artifact@v3
+        with:
+          name: code-coverage-report-dpc-admin
+      - name: Set env vars from AWS params
+        uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            SONAR_HOST_URL=/sonarqube/url
+            SONAR_TOKEN=/sonarqube/token
+      - name: Run quality gate scan
+        uses: sonarsource/sonarqube-scan-action@master
+        with:
+          args:
+            -Dsonar.projectKey=bcda-dpc-web
+            -Dsonar.sources=./dpc-web/app,./dpc-web/lib,./dpc-admin/app,./dpc-admin/lib
+            -Dsonar.ruby.coverage.reportPaths=./dpc-web/coverage/resultset.json,./dpc-admin/coverage/resultset.json
+            -Dsonar.working.directory=./sonar_workspace
+            -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
+            -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }}
+            -Dsonar.qualitygate.wait=true
+
+  sonar-quality-gate-dpc-portal:
+    name: Sonarqube Quality Gate for dpc-portal
+    needs: build-dpc-portal
+    runs-on: self-hosted
+    env:
+      # Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v1
+      - name: Download code coverage
+        uses: actions/download-artifact@v3
+        with:
+          name: code-coverage-report-dpc-portal
+      - name: Set env vars from AWS params
+        uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            SONAR_HOST_URL=/sonarqube/url
+            SONAR_TOKEN=/sonarqube/token
+      - name: Run quality gate scan
+        uses: sonarsource/sonarqube-scan-action@master
+        with:
+          args:
+            -Dsonar.projectKey=bcda-dpc-portal
+            -Dsonar.sources=./dpc-portal/app,./dpc-portal/lib
+            -Dsonar.coverage.exclusions=**/*_preview.rb,**/*html.erb,**/application_*
+            -Dsonar.ruby.coverage.reportPaths=./dpc-portal/coverage/resultset.json
+            -Dsonar.working.directory=./sonar_workspace
+            -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
+            -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }}
+            -Dsonar.qualitygate.wait=true
+
+  sonar-quality-gate-dpc-api:
+    name: Sonarqube Quality Gate for dpc-api
+    runs-on: self-hosted
+    env:
+      # Workaround until https://jira.cms.gov/browse/PLT-338 is implemented.
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v1
+      - name: Setup Java
+        uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: temurin
+          cache: maven
+      - name: Set env vars from AWS params
+        uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main
+        env:
+          AWS_REGION: ${{ vars.AWS_REGION }}
+        with:
+          params: |
+            SONAR_HOST_URL=/sonarqube/url
+            SONAR_TOKEN=/sonarqube/token
+      - name: Install Maven 3.6.3
+        run: |
+          export PATH="$PATH:/opt/maven/bin"
+          echo "PATH=$PATH" >> $GITHUB_ENV
+          if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
+          tmpdir="$(mktemp -d)"
+          curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
+          sudo rm -rf /opt/maven
+          sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
+      - name: Clean maven
+        run: |
+          mvn -ntp -U clean
+      - name: Compile project
+        run: |
+          mvn compile
+      - name: Run quality gate scan
+        run: |
+          mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar -Dsonar.projectKey=bcda-dpc-api -Dsonar.branch.name=${{ github.event_name == 'pull_request' && github.head_ref || github.event_name == 'pull_request' && github.head_ref || github.ref_name }} -Dsonar.working.directory=./.sonar_workspace -Dsonar.projectVersion=${{ github.ref_name == 'main' && github.sha || 'branch' }} -Dsonar.qualitygate.wait=true