Move role assumption closer to need #24
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Checks | |
| on: | |
| push: | |
| workflow_call: | |
| inputs: | |
| ssas_release_version: | |
| description: 'Release version (or branch name)' | |
| required: true | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| ssas_release_version: | |
| description: 'Release version (or branch name)' | |
| required: true | |
| type: string | |
| env: | |
| RELEASE_VERSION: ${{ inputs.ssas_release_version || github.sha }} | |
| jobs: | |
| go_mod_tidy: | |
| name: Modules Lint | |
| runs-on: self-hosted | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: CMSgov/bcda-ssas-app | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - name: Get Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '>=1.23.1' | |
| - name: Tidy modules | |
| run: | | |
| go mod tidy -v | |
| CHANGES_FOUND=$(git diff-files --quiet) | |
| if [[ "$(CHANGES_FOUND)" == "1" ]]; then | |
| echo "Changes found. Run go mod tidy to clean up modules." | |
| git diff | |
| exit 1 | |
| fi | |
| lint_and_test: | |
| name: Lint and Test | |
| runs-on: self-hosted | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: CMSgov/bcda-ssas-app | |
| ref: ${{ env.RELEASE_VERSION }} | |
| - name: Get Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '>=1.23.1' | |
| # TODO: TEMP (can remove this step once PLT-905 is implemented) | |
| - name: Install docker compose manually | |
| run: | | |
| sudo mkdir -p /usr/local/lib/docker/cli-plugins | |
| sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose | |
| sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose | |
| sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose | |
| - name: Build the stack | |
| run: make docker-bootstrap | |
| - name: Lint and Test | |
| run: make test | |
| - name: Archive code coverage results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-coverage-report-ssas | |
| path: ./test_results/latest/testcoverage-ssas.out | |
| sonar-quality-gate: | |
| name: Sonarqube Quality Gate | |
| needs: lint_and_test | |
| runs-on: self-hosted | |
| steps: | |
| - name: Download code coverage | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: code-coverage-report-ssas | |
| - name: Set env vars from AWS params | |
| uses: cmsgov/ab2d-bcda-dpc-platform/actions/aws-params-env-action@main | |
| env: | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| with: | |
| params: | | |
| SONAR_HOST_URL=/sonarqube/url | |
| SONAR_TOKEN=/sonarqube/token | |
| - name: Run quality gate scan | |
| uses: sonarsource/sonarqube-scan-action@master | |
| with: | |
| args: | |
| -Dsonar.projectKey=bcda-ssas-api | |
| -Dsonar.sources=. | |
| -Dsonar.working.directory=./sonar_workspace | |
| -Dsonar.go.coverage.reportPaths=./test_results/latest/testcoverage-ssas.out | |
| -Dsonar.coverage.exclusions=**/*test.go,**/test/**/*,**/testUtils/*,**/scripts/*,**/ops/*,**/mock*.go,**/mock/**/* | |
| -Dsonar.branch.name=${{ github.event.pull_request.head.ref }} | |
| -Dsonar.projectVersion=${{ github.event.pull_request.head.sha }} | |
| -Dsonar.qualitygate.wait=true |