From 991673ce10e81e466297da5d7a8c1d96dc8f7bd6 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Tue, 18 Feb 2025 11:05:29 -0800 Subject: [PATCH 1/4] chore(ci): handle secrets conditionally to avoid over exposure --- .github/workflows/analysis.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index c4f7a08fc..4f72d7cd5 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -36,13 +36,10 @@ jobs: strategy: matrix: dir: [backend, frontend] - include: - - dir: backend - token: SONAR_TOKEN_BACKEND - - dir: frontend - token: SONAR_TOKEN_FRONTEND steps: - uses: bcgov/action-test-and-analyse@v1.2.1 + env: + SONAR_TOKEN: ${{ matrix.dir == 'backend' && secrets.SONAR_TOKEN_BACKEND || secrets.SONAR_TOKEN_FRONTEND }} with: commands: | npm ci @@ -56,7 +53,7 @@ jobs: -Dsonar.sources=src -Dsonar.tests.inclusions=**/*spec.ts -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info - sonar_token: ${{ secrets[matrix.token] }} + sonar_token: ${{ env.SONAR_TOKEN }} triggers: ('${{ matrix.dir }}/') # https://github.com/marketplace/actions/aqua-security-trivy From 6035f8be6734714f3a0539f2599df221b2888332 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Tue, 18 Feb 2025 11:07:05 -0800 Subject: [PATCH 2/4] Test --- .github/workflows/pr-open.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index 7f35aff3b..1a9ae3942 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -41,7 +41,7 @@ jobs: with: db_user: app-${{ github.event.number }} params: --set global.secrets.persist=false - triggers: ('backend/' 'frontend/' 'migrations/' 'charts/') + # triggers: ('backend/' 'frontend/' 'migrations/' 'charts/') tests: name: Tests From 553024ff326227423f9d412d8c7658bf1226c1ef Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Tue, 18 Feb 2025 11:18:35 -0800 Subject: [PATCH 3/4] Simplify --- .github/workflows/analysis.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 4f72d7cd5..c7e517afc 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -38,8 +38,6 @@ jobs: dir: [backend, frontend] steps: - uses: bcgov/action-test-and-analyse@v1.2.1 - env: - SONAR_TOKEN: ${{ matrix.dir == 'backend' && secrets.SONAR_TOKEN_BACKEND || secrets.SONAR_TOKEN_FRONTEND }} with: commands: | npm ci @@ -53,7 +51,7 @@ jobs: -Dsonar.sources=src -Dsonar.tests.inclusions=**/*spec.ts -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info - sonar_token: ${{ env.SONAR_TOKEN }} + sonar_token: ${{ matrix.dir == 'backend' && secrets.SONAR_TOKEN_BACKEND || secrets.SONAR_TOKEN_FRONTEND }} triggers: ('${{ matrix.dir }}/') # https://github.com/marketplace/actions/aqua-security-trivy From 818c8ca22dd6427b7a2e407c59240c0e06a762a3 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Tue, 18 Feb 2025 11:55:02 -0800 Subject: [PATCH 4/4] Tests - parallel jobs instead of matrix --- .github/workflows/analysis.yml | 46 ++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index c7e517afc..9e8f543f0 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -16,8 +16,8 @@ concurrency: permissions: {} jobs: - tests: - name: Tests + backend-tests: + name: Backend Tests if: (! github.event.pull_request.draft) runs-on: ubuntu-24.04 timeout-minutes: 5 @@ -33,26 +33,50 @@ jobs: --health-retries 5 ports: - 5432:5432 - strategy: - matrix: - dir: [backend, frontend] steps: - uses: bcgov/action-test-and-analyse@v1.2.1 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} + with: + commands: | + npm ci + npm run test:cov + dir: backend + node_version: "22" + sonar_args: > + -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts + -Dsonar.organization=bcgov-sonarcloud + -Dsonar.projectKey=quickstart-openshift_backend + -Dsonar.sources=src + -Dsonar.tests.inclusions=**/*spec.ts + -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info + sonar_token: ${{ env.SONAR_TOKEN }} + triggers: ('backend/') + + frontend-tests: + name: Frontend Tests + if: (! github.event.pull_request.draft) + runs-on: ubuntu-24.04 + timeout-minutes: 5 + steps: + - uses: bcgov/action-test-and-analyse@v1.2.1 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FRONTEND }} with: commands: | npm ci npm run test:cov - dir: ${{ matrix.dir }} + dir: frontend node_version: "22" sonar_args: > -Dsonar.exclusions=**/coverage/**,**/node_modules/**,**/*spec.ts -Dsonar.organization=bcgov-sonarcloud - -Dsonar.projectKey=quickstart-openshift_${{ matrix.dir }} + -Dsonar.projectKey=quickstart-openshift_frontend -Dsonar.sources=src -Dsonar.tests.inclusions=**/*spec.ts -Dsonar.javascript.lcov.reportPaths=./coverage/lcov.info - sonar_token: ${{ matrix.dir == 'backend' && secrets.SONAR_TOKEN_BACKEND || secrets.SONAR_TOKEN_FRONTEND }} - triggers: ('${{ matrix.dir }}/') + sonar_token: ${{ env.SONAR_TOKEN }} + triggers: ('frontend/') # https://github.com/marketplace/actions/aqua-security-trivy trivy: @@ -82,8 +106,8 @@ jobs: results: name: Analysis Results - needs: [tests] - if: always() + needs: [backend-tests, frontend-tests] + if: (! github.event.pull_request.draft) runs-on: ubuntu-24.04 steps: - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled')