1- # SonarQube Code Analysis
2- # Migrated from Jenkins pipeline
1+ # Runs our SonarQube code analysis to check code quality and test coverage.
2+ # (This job was recently moved over from our old Jenkins pipeline!)
33
44name : SonarQube Analysis
55
66on :
77 push :
88 branches :
99 - master
10- pull_request :
11- branches : [master]
10+
1211 workflow_dispatch :
1312
1413env :
15- # These values come from GitHub Repository Variables
16- # Settings → Secrets and variables → Actions → Variables
14+ # We pull these configuration variables directly from GitHub.
15+ # (You can find them in the repo under Settings -> Secrets and variables -> Actions -> Variables)
1716 SONARQUBE_URL : ${{ vars.SONARQUBE_URL }}
1817 SONAR_PROJECT_KEY : ${{ vars.SONAR_PROJECT_KEY }}
1918 DJANGO_SETTINGS_MODULE : ${{ vars.DJANGO_SETTINGS_MODULE }}
2221jobs :
2322 sonarqube :
2423 name : SonarQube Analysis
25- # Use CodeBuild runner - runs inside CMS/AWS network, can reach internal SonarQube
24+ # We use our custom AWS CodeBuild runner for this job because it runs
25+ # directly inside the CMS/AWS network, which allows it to securely talk to our internal SonarQube server!
2626 runs-on :
2727 - codebuild-bb-test-web-server-${{ github.run_id }}-${{ github.run_attempt }}
2828
@@ -44,14 +44,15 @@ jobs:
4444 python3 -m venv /tmp/venv
4545 source /tmp/venv/bin/activate
4646 python3 -m pip install --upgrade pip setuptools wheel
47- pip install -r requirements/requirements.txt --no-deps --prefer-binary || pip install -r requirements/requirements.txt
48- pip install coverage pytest
47+ pip install -r requirements/requirements.dev. txt --no-deps --prefer-binary --require-hashes
48+ pip install coverage
4949 echo "/tmp/venv/bin" >> $GITHUB_PATH
5050
5151 - name : Run tests with coverage
5252 run : |
5353 source /tmp/venv/bin/activate
54- coverage run runtests.py
54+ export DJANGO_SETTINGS_MODULE="hhs_oauth_server.settings.test"
55+ coverage run -m pytest -m 'not integration'
5556 coverage xml
5657
5758 - name : Check SonarQube connectivity
@@ -64,16 +65,17 @@ jobs:
6465 SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
6566 run : |
6667 echo "Installing SonarQube scanner..."
67- curl -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux .zip
68+ curl -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006.zip
6869 unzip -q sonar-scanner.zip
69- export PATH="$PWD/sonar-scanner-5.0.1.3006-linux /bin:$PATH"
70+ export PATH="$PWD/sonar-scanner-5.0.1.3006/bin:$PATH"
7071
7172 echo "Running SonarQube analysis..."
7273 sonar-scanner \
7374 -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} \
7475 -Dsonar.sources=. \
7576 -Dsonar.host.url=${{ env.SONARQUBE_URL }} \
7677 -Dsonar.token=$SONAR_TOKEN \
78+ -Dsonar.ci.autoconfig.disabled=true \
7779 -Dsonar.inclusions=apps/*/*.py,hhs_oauth_server/*/*.py \
7880 -Dsonar.exclusions=apps/*/management/migrations/*.py,apps/*/tests/*.py,apps/integration_tests/* \
7981 -Dsonar.python.coverage.reportPaths=coverage.xml
0 commit comments