feat(cb2-10067): added scanner job (#332)

dvsa · Dec 5, 2023 · c32618d · c32618d
1 parent e5fb816
commit c32618d
Show file tree

Hide file tree

Showing 3 changed files with 131 additions and 0 deletions.
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -36,3 +36,33 @@ jobs:
           AWS_SECRET_ACCESS_KEY: bar
       - name: Run linter
         run: npm run lint
+
+  scanner:
+    permissions:
+      id-token: write
+    runs-on: X64
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CVS_MGMT_AWS_ROLE }}
+          aws-region: ${{ secrets.DVSA_AWS_REGION }}
+          role-session-name: 'cvs-app-vtm'
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        with: 
+          secret-ids: sonarqube-gha
+          parse-json-secrets: true
+      - name: Install dependencies
+        run: npm ci
+      - name: Run SonarQube scanner
+        run: |
+          npm run test && \
+          npm run sonar-scanner -- \
+          -Dsonar.host.url=${{ env.SONARQUBE_GHA_URL }} \
+          -Dsonar.token=${{ env.SONARQUBE_GHA_TOKEN }} \
+          -Dsonar.login=${{ env.SONARQUBE_GHA_TOKEN }} \
+          -Dsonar.projectName=${{ github.repository }} \
+          -Dsonar.projectVersion=1.0.${{ github.run_id }}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -56,6 +56,7 @@
     "serverless-openapi-documentation": "^0.4.0",
     "serverless-plugin-tracing": "^2.0.0",
     "serverless-plugin-typescript": "^1.1.9",
+    "sonarqube-scanner": "^3.3.0",
     "standard": "^12.0.1",
     "supertest": "^4.0.2",
     "ts-jest": "^26.1.1",