Add coverage (#39)

.github/workflows/environment-main-plan.yaml

@@ -30,6 +30,12 @@ jobs:
     - name: Compile, check and test graphql
       run: IN_PIPELINE=true make graphql
 
+    - name: Run codacy-coverage-reporter
+      uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699
+      with:
+        project-token: ${{ secrets.CODACY_API_TOKEN }}
+        coverage-reports: graphql/coverage/lcov.info
+
     - name: Configure AWS Access
       uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24
       with:

.gitignore

@@ -40,3 +40,4 @@ plan.tfplan
 graphql/node_modules
 graphql/mutation/*/appsync.js
 graphql/query/*/appsync.js
+graphql/coverage/

README.md

@@ -2,6 +2,8 @@
 
 Wildsea companion app
 
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/31f30fef56544a3c931c56da17afc2e9)](https://app.codacy.com/gh/jarrod-lowe/wildsea/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade)
+
 ## Setup
 
 * Clone `[email protected]:jarrod-lowe/wildsea.git` and then `cd wildsea`
@@ -28,10 +30,12 @@ Wildsea companion app
     * NOT deprecated
     * NOT remark-lint
     * Matches one of the above languages
+* In codacy, go to the repo -> settings -> coverage and copy the repository API token
 * Log into Github and create a personal access token with the "repo" scope, and 7 days expiry
 * Create `terraform/environment/github/terraform.tfvars`
   * Add `token = "<the token>"` to the vars file
   * Add `workspace = "<your github org>"` to the vars file
+  * Add `codacy_api_token = "<the token>"` to the vars file
 * Run `.AWS_PROFILE=<profile> ./terraform/environment/github/deploy.sh <aws account id>`
 * Install <https://github.com/apps/renovate> into the repo
 * Go into the two environments, and set a secret called `SAML_METADATA_URL` with the metadata URL for you SAML (See Jumpcloud for an example)

graphql/graphql.mk

@@ -24,9 +24,9 @@ graphql: $(GRAPHQL_JS) graphql-test
 .PHONY: graphql-test
 graphql-test: graphql/node_modules
 	if [ -z "$(IN_PIPELINE)" ] ; then \
-		docker run --rm -it --user $$(id -u):$$(id -g) -v $(PWD)/graphql:/app -w /app --entrypoint ./node_modules/jest/bin/jest.js node:20 ; \
+		docker run --rm -it --user $$(id -u):$$(id -g) -v $(PWD)/graphql:/app -w /app --entrypoint ./node_modules/jest/bin/jest.js node:20 --coverage ; \
 	else \
-		cd graphql && ./node_modules/jest/bin/jest.js ; \
+		cd graphql && ./node_modules/jest/bin/jest.js --coverage ; \
 	fi
 
 # Won't auto-fix in pipeline

terraform/environment/github/main.tf

@@ -46,6 +46,12 @@ variable "environment" {
   default     = "primary"
 }
 
+variable "codacy_api_token" {
+  description = "Codacy API Token"
+  sensitive   = true
+  type        = string
+}
+
 terraform {
   backend "s3" {
     // region, bucket and key come from -backend-config
@@ -127,6 +133,12 @@ locals {
     STATE_BUCKET = var.state_bucket
     ENVIRONMENT  = var.environment
   }
+  rw_secrets = {
+    CODACY_API_TOKEN = var.codacy_api_token
+  }
+  ro_secrets = {
+    CODACY_API_TOKEN = var.codacy_api_token
+  }
 }
 
 resource "github_repository_environment" "rw" {
@@ -166,3 +178,23 @@ resource "github_actions_environment_variable" "ro" {
   variable_name = each.key
   value         = each.value
 }
+
+resource "github_actions_environment_secret" "rw" {
+  # checkov:skip=CKV_GIT_4:Value comes from a file not checked in
+  for_each = local.rw_secrets
+
+  environment     = github_repository_environment.rw.environment
+  repository      = data.github_repository.repo.name
+  secret_name     = each.key
+  plaintext_value = each.value
+}
+
+resource "github_actions_environment_secret" "ro" {
+  # checkov:skip=CKV_GIT_4:Value comes from a file not checked in
+  for_each = local.ro_secrets
+
+  environment     = github_repository_environment.ro.environment
+  repository      = data.github_repository.repo.name
+  secret_name     = each.key
+  plaintext_value = each.value
+}