Skip to content

Merge pull request #1465 from DFE-Digital/dependabot/nuget/Microsoft.… #3586

Merge pull request #1465 from DFE-Digital/dependabot/nuget/Microsoft.…

Merge pull request #1465 from DFE-Digital/dependabot/nuget/Microsoft.… #3586

Workflow file for this run

name: Run Sonar scanner
on:
pull_request:
types: [assigned, opened, synchronize, reopened]
push:
branches: [ master ]
jobs:
sonarcloud:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: set-up-environment
uses: DFE-Digital/github-actions/set-up-environment@master
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Fetch secrets from key vault
uses: azure/CLI@v2
id: fetch-secrets
with:
inlineScript: |
SECRET_VALUE=$(az keyvault secret show --name "SLACK-WEBHOOK" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT
SECRET_VALUE=$(az keyvault secret show --name "SONAR-TOKEN" --vault-name "${{ secrets.INFRA_KEY_VAULT}}" --query "value" -o tsv)
echo "::add-mask::$SECRET_VALUE"
echo "SONAR-TOKEN=$SECRET_VALUE" >> $GITHUB_OUTPUT
- name: Setup .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '7.0'
- name: Install dotnet-sonarscanner
run: dotnet tool install --global dotnet-sonarscanner --version 5.15.0
- name: Install dependencies
run: dotnet restore
- name: Spin Up Stack
run: docker compose up -d
- name: SonarCloud
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
dotnet sonarscanner begin \
/k:"DFE-Digital_get-into-teaching-api" \
/o:"dfe-digital" \
/n:"get-into-teaching-api" \
/d:sonar.login="${{ steps.fetch-secrets.outputs.SONAR-TOKEN }}" \
/d:sonar.host.url="https://sonarcloud.io" \
/d:sonar.cpd.exclusions="GetIntoTeachingApi/Migrations/*.cs" \
/d:sonar.cs.opencover.reportsPaths="GetIntoTeachingApiTests/coverage.opencover.xml" \
/d:sonar.cs.vstest.reportsPaths="**/*.trx" \
/d:sonar.coverage.exclusions="\
GetIntoTeachingApiTests/**/*,\
GetIntoTeachingApi/Migrations/*.cs,\
GetIntoTeachingApi/Adapters/*.cs,\
GetIntoTeachingApi/Database/GetIntoTeachingDbContextFactory.cs,\
GetIntoTeachingApi/OperationFilters/AuthOperationFilter.cs,\
GetIntoTeachingApi/Startup.cs,\
GetIntoTeachingApi/Program.cs\
" \
/d:sonar.verbose=true \
/d:sonar.log.level="DEBUG"
dotnet build
dotnet test --no-build --logger:trx -e:CollectCoverage=true -e:CoverletOutputFormat=opencover
dotnet sonarscanner end /d:sonar.login="${{ steps.fetch-secrets.outputs.SONAR-TOKEN }}"
- name: Slack Notification
if: failure() && github.ref == 'refs/heads/master'
uses: rtCamp/action-slack-notify@master
env:
SLACK_COLOR: ${{env.SLACK_FAILURE }}
SLACK_MESSAGE: Pipeline Failure carrying out job ${{github.job}}
SLACK_TITLE: 'Failure: ${{ github.workflow }}'
SLACK_WEBHOOK: ${{ steps.fetch-secrets.outputs.SLACK-WEBHOOK }}