mesh-client/.github/workflows/merge-develop.yml at develop · NHSDigital/mesh-client · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
name: merge-develop
on:
  push:
    branches:
      - develop

jobs:

  coverage:
    runs-on: ubuntu-latest
    if: github.repository == 'NHSDigital/mesh-client' && !contains(github.event.head_commit.message, 'tag release version:')
    steps:
      - name: checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          fetch-depth: 0

      - name: setup python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
        with:
          python-version-file: 'pyproject.toml'

      - name: setup poetry
        uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1
        with:
          poetry-version: 2.1.3

      - name: add poetry plugins
        run: |
          poetry self add "poetry-dynamic-versioning[plugin]"

      - name: cache virtualenv
        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            .venv
          key: ${{ runner.os }}-v3-poetry-py${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('./poetry.lock') }}

      - name: git reset
        run: git reset --hard

      - name: install dependencies
        run: make install-ci

      - name: start docker containers
        run: make up

      - name: code coverage
        run: make coverage-ci

      - name: code coverage report
        if: ${{ github.event_name == 'pull_request' }}
        uses: orgoro/coverage@3f13a558c5af7376496aa4848bf0224aead366ac
        with:
          coverageFile: reports/coverage.xml
          token: ${{ secrets.GITHUB_TOKEN }}
          thresholdAll: 0.70

      - name: setup java
        if: github.actor != 'dependabot[bot]' && (success() || failure())
        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
          distribution: "corretto"
          java-version: "17"

      - name: provision sonar-scanner
        if: github.actor != 'dependabot[bot]' && (success() || failure())
        run: |
          export SONAR_VERSION="5.0.1.3006"
          wget -q --max-redirect=0 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip
          unzip -q ./sonar-scanner.zip
          mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner
          scripts/sonar_tests.py

      - name: run sonar scan
        if: github.actor != 'dependabot[bot]' && (success() || failure())
        run: |
          PATH="$PWD/sonar-scanner/bin:$PATH"
          sonar-scanner
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: publish junit reports
        if: success() || failure()
        uses: mikepenz/action-junit-report@bccf2e31636835cf0874589931c4116687171386 # v6.4.0
        with:
          check_name: junit reports
          report_paths: reports/junit/*.xml

      - name: stop docker containers
        if: success() || failure()
        run: make down