diff --git a/.github/workflows/environment-main-plan.yaml b/.github/workflows/environment-main-plan.yaml index 061a89b4..b242a59f 100644 --- a/.github/workflows/environment-main-plan.yaml +++ b/.github/workflows/environment-main-plan.yaml @@ -30,6 +30,12 @@ jobs: - name: Compile, check and test graphql run: IN_PIPELINE=true make graphql + - name: Run codacy-coverage-reporter + uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 + with: + project-token: ${{ secrets.CODACY_API_TOKEN }} + coverage-reports: graphql/coverage/lcov.info + - name: Configure AWS Access uses: aws-actions/configure-aws-credentials@ead1e6af28a20f26cc47437fa7e4c8357409ef24 with: diff --git a/.gitignore b/.gitignore index bec5d45d..eeb34567 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,4 @@ plan.tfplan graphql/node_modules graphql/mutation/*/appsync.js graphql/query/*/appsync.js +graphql/coverage/ diff --git a/README.md b/README.md index fcaaad67..a741ed1b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ Wildsea companion app +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/31f30fef56544a3c931c56da17afc2e9)](https://app.codacy.com/gh/jarrod-lowe/wildsea/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) + ## Setup * Clone `git@github.com:jarrod-lowe/wildsea.git` and then `cd wildsea` @@ -28,10 +30,12 @@ Wildsea companion app * NOT deprecated * NOT remark-lint * Matches one of the above languages +* In codacy, go to the repo -> settings -> coverage and copy the repository API token * Log into Github and create a personal access token with the "repo" scope, and 7 days expiry * Create `terraform/environment/github/terraform.tfvars` * Add `token = ""` to the vars file * Add `workspace = ""` to the vars file + * Add `codacy_api_token = ""` to the vars file * Run `.AWS_PROFILE= ./terraform/environment/github/deploy.sh ` * Install into the repo * Go into the two environments, and set a secret called `SAML_METADATA_URL` with the metadata URL for you SAML (See Jumpcloud for an example) diff --git a/graphql/graphql.mk b/graphql/graphql.mk index 502abf33..d50620c8 100644 --- a/graphql/graphql.mk +++ b/graphql/graphql.mk @@ -24,9 +24,9 @@ graphql: $(GRAPHQL_JS) graphql-test .PHONY: graphql-test graphql-test: graphql/node_modules if [ -z "$(IN_PIPELINE)" ] ; then \ - docker run --rm -it --user $$(id -u):$$(id -g) -v $(PWD)/graphql:/app -w /app --entrypoint ./node_modules/jest/bin/jest.js node:20 ; \ + docker run --rm -it --user $$(id -u):$$(id -g) -v $(PWD)/graphql:/app -w /app --entrypoint ./node_modules/jest/bin/jest.js node:20 --coverage ; \ else \ - cd graphql && ./node_modules/jest/bin/jest.js ; \ + cd graphql && ./node_modules/jest/bin/jest.js --coverage ; \ fi # Won't auto-fix in pipeline diff --git a/terraform/environment/github/main.tf b/terraform/environment/github/main.tf index 75da65a7..9e52787d 100644 --- a/terraform/environment/github/main.tf +++ b/terraform/environment/github/main.tf @@ -46,6 +46,12 @@ variable "environment" { default = "primary" } +variable "codacy_api_token" { + description = "Codacy API Token" + sensitive = true + type = string +} + terraform { backend "s3" { // region, bucket and key come from -backend-config @@ -127,6 +133,12 @@ locals { STATE_BUCKET = var.state_bucket ENVIRONMENT = var.environment } + rw_secrets = { + CODACY_API_TOKEN = var.codacy_api_token + } + ro_secrets = { + CODACY_API_TOKEN = var.codacy_api_token + } } resource "github_repository_environment" "rw" { @@ -166,3 +178,23 @@ resource "github_actions_environment_variable" "ro" { variable_name = each.key value = each.value } + +resource "github_actions_environment_secret" "rw" { + # checkov:skip=CKV_GIT_4:Value comes from a file not checked in + for_each = local.rw_secrets + + environment = github_repository_environment.rw.environment + repository = data.github_repository.repo.name + secret_name = each.key + plaintext_value = each.value +} + +resource "github_actions_environment_secret" "ro" { + # checkov:skip=CKV_GIT_4:Value comes from a file not checked in + for_each = local.ro_secrets + + environment = github_repository_environment.ro.environment + repository = data.github_repository.repo.name + secret_name = each.key + plaintext_value = each.value +}