nhs-notify-digital-letters/.github/actions/perform-static-analysis/action.yaml at d3dce52d438049f1b915b008dd1868ddb41ec288 · NHSDigital/nhs-notify-digital-letters · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: "Perform static analysis"
description: "Perform static analysis"
inputs:
  sonar_organisation_key:
    description: "Sonar organisation key, used to identify the project"
    required: false
  sonar_project_key:
    description: "Sonar project key, used to identify the project"
    required: false
  sonar_token:
    description: "Sonar token, the API key"
    required: false
  # Note, conmpsite actions only support string inputs
  ignore_sonar_failure:
    description: "Whether to fail the build if the quality gate fails"
    default: 'false'

outputs:
  sonar_report_url:
    description: "URL to the SonarCloud report for this branch"
    value: ${{ steps.report.outputs.url }}

runs:
  using: "composite"
  steps:
    - name: "Warn that ignore failure is enabled"
      if: ${{ fromJSON(inputs.ignore_sonar_failure) }}
      shell: bash
      run: |
        echo "WARNING: SonarQube failures will be ignored as per configuration."
        echo "::warning title=Ignore Sonar failures is enabled:: SonarQube failures will be ignored as per configuration."
    - name: "Check prerequisites for performing static analysis"
      shell: bash
      id: check
      run: echo "secret_exist=${{ inputs.sonar_token != '' }}" >> $GITHUB_OUTPUT
    - name: "Perform static analysis"
      shell: bash
      id: sonar
      if: steps.check.outputs.secret_exist == 'true'
      continue-on-error: ${{ fromJSON(inputs.ignore_sonar_failure) }}
      env:
        SONAR_ORGANISATION_KEY: ${{ inputs.sonar_organisation_key }}
        SONAR_PROJECT_KEY: ${{ inputs.sonar_project_key }}
        SONAR_TOKEN: ${{ inputs.sonar_token }}
      run: |
        export BRANCH_NAME=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
        ./scripts/reports/perform-static-analysis.sh
    - name: "Add SonarCloud report link to step summary"
      shell: bash
      id: report
      if: steps.sonar.outcome == 'success' || (steps.sonar.outcome == 'failure' && fromJSON(inputs.ignore_sonar_failure))
      env:
        SONAR_ORGANISATION_KEY: ${{ inputs.sonar_organisation_key }}
        SONAR_PROJECT_KEY: ${{ inputs.sonar_project_key }}
      run: |
        export BRANCH_NAME=${GITHUB_HEAD_REF:-$(echo $GITHUB_REF | sed 's#refs/heads/##')}
        ENCODED_BRANCH=$(echo "$BRANCH_NAME" | sed 's/\//%2F/g')
        SONAR_URL="https://sonarcloud.io/summary/overall?id=${SONAR_PROJECT_KEY}&branch=${ENCODED_BRANCH}"
        echo "url=${SONAR_URL}" >> $GITHUB_OUTPUT
        echo "### :bar_chart: SonarCloud Analysis Report" >> $GITHUB_STEP_SUMMARY
        echo "" >> $GITHUB_STEP_SUMMARY
        echo "**Branch:** \`${BRANCH_NAME}\`" >> $GITHUB_STEP_SUMMARY
        echo "" >> $GITHUB_STEP_SUMMARY
        echo "[View detailed SonarCloud report →]($SONAR_URL)" >> $GITHUB_STEP_SUMMARY