Skip to content

Merge pull request #1452 from DFE-Digital/renovate/azurerm-3.x-lockfile #1382

Merge pull request #1452 from DFE-Digital/renovate/azurerm-3.x-lockfile

Merge pull request #1452 from DFE-Digital/renovate/azurerm-3.x-lockfile #1382

Workflow file for this run

name: CI Checks
on:
pull_request:
push:
branches:
- main
jobs:
build-and-cache:
name: Build and cache image
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and cache
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
build-args: RAILS_ENV=test
push: false
tags: complete-app:latest
cache-from: type=gha
cache-to: type=gha,mode=min
lint-and-format:
name: Linting and formatting
runs-on: ubuntu-latest
needs: build-and-cache
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and cache
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
build-args: |
RAILS_ENV=test
push: false
load: true
tags: complete-app:latest
cache-from: type=gha
-
name: Run linters and formaters
run: |
docker run --rm complete-app:latest sh -c "bin/standardrb -f simple && bin/erblint --lint-all \
&& yarn run lint:format && yarn run lint:js"
static-analysis:
name: Static analysis
runs-on: ubuntu-latest
needs: build-and-cache
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and cache
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
build-args: |
RAILS_ENV=test
push: false
load: true
tags: complete-app:latest
cache-from: type=gha
-
name: Run Brakeman
run: |
docker run --rm complete-app:latest bin/brakeman
specs:
name: Specs and coverage
runs-on: ubuntu-latest
needs: build-and-cache
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and cache
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
build-args: |
RAILS_ENV=test
push: false
load: true
tags: complete-app:latest
cache-from: type=gha
-
name: Run RSpec and Simplecov
run: |
docker compose -p complete-app -f docker-compose.checks.yml \
run --name complete-app test bin/rspec
-
name: Grab coverage report from container
run:
docker cp complete-app:/srv/app/coverage/coverage.json coverage/coverage.json
-
name: Shutdown containers
run: docker compose -p complete-app down && docker compose -p complete-app rm
-
name: Upload coverage report
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: coverage/coverage.json
accessibility:
name: Accessibility
runs-on: ubuntu-latest
needs: build-and-cache
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build and cache
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
build-args: RAILS_ENV=test
push: false
load: true
tags: complete-app:latest
cache-from: type=gha
-
name: Run RSpec AXE tests
run: |
docker compose -p complete-app -f docker-compose.checks.yml \
run -e NO_COVERAGE=true --rm test bin/rspec --tag accessibility spec/accessibility
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
needs: specs
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: coverage-report
path: ./coverage
- name: Update coverage report paths
run: sed -i "s|/srv/app|/github/workspace|g" ./coverage/coverage.json
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}