Build: [AEA-4506] - Add communal Qc. Fix pr-link (#203)

wildjames · web-flow · commit 67f0b74fafa7 · 2024-11-28T11:03:05.000Z
## Summary

- 🤖 Operational or Infrastructure Change

### Details

Replace the `quality-checks.yml` file in the repo with the communal one
shared across all EPS projects
diff --git a/.gitallowed b/.gitallowed
@@ -0,0 +1,33 @@
+# Allow GitHub workflow secrets and tokens
+token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
+token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
+id-token: write
+--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
+--token=\$GITHUB-TOKEN
+
+# Allow CIDR blocks in CloudFormation templates and related files
+CidrBlock: "10\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}"
+DestinationCidrBlock: "0\.0\.0\.0/0"
+
+# Java corretto is not a secret
+.*java corretto.*
+
+# Allow standard code in JSON files for FHIR compliance testing
+"code": "1\.2\.840\.10065\.1\.12\.1\.1"
+
+# Allow IP in X-Forwarded-For header in test files
+.*\"X-Forwarded-For\": \"86\.5\.218\.71\".*
+
+# Allow version for AspectJ in pom.xml
+<aspectj\.version>1\.9\.22\.1</aspectj\.version>
+
+^.*pom\.xml:.*<version>([^<]+)</version>.*$
+^.*Gemfile\.lock:.*$
+^.*\.java:.*\\"id\\":\\"([0-9a-f\-]+)\\".*$
+
+# General ones
+.*\.gitallowed.*
+.*nhsd-rules-deny.txt.*
+.*\.venv.*
+.*node_modules.*
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,9 +9,11 @@ env:
 
 jobs:
   quality_checks:
-    uses: ./.github/workflows/quality_checks.yml
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.0
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    with:
+      install_java: true
 
   get_commit_id:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pr-link.yml b/.github/workflows/pr-link.yml
@@ -14,10 +14,25 @@ jobs:
 
       - name: Grab ticket name
         if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-')
-        run: echo name=TICKET_NAME::"$(echo "$REF" | grep -i -o '\(aea-[0-9]\+\)\|\(apm-[0-9]\+\)\|\(apmspii-[0-9]\+\)\|\(adz-[0-9]\+\)|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]')" >> "$GITHUB_ENV"
         continue-on-error: true
-        env:
-          ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+        run: |
+          # Match ticket name patterns
+          REGEX='
+            (aea-[0-9]+)|
+            (apm-[0-9]+)|
+            (apmspii-[0-9]+)|
+            (adz-[0-9]+)|
+            (amb-[0-9]+)
+          '
+
+          # Remove whitespace and newlines from the regex
+          REGEX=$(echo "$REGEX" | tr -d '[:space:]')
+
+          # Extract the ticket name and convert to uppercase
+          TICKET_NAME=$(echo "$REF" | grep -i -E -o "$REGEX" | tr '[:lower:]' '[:upper:]')
+
+          # Set the environment variable
+          echo "TICKET_NAME=$TICKET_NAME" >> "$GITHUB_ENV"
 
       - name: Comment on PR with link to JIRA ticket
         if: contains(github.event.pull_request.head.ref, 'aea-') || contains(github.event.pull_request.head.ref, 'AEA-') || contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-')
@@ -27,5 +42,5 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           msg: |
-            This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:
+            This branch is work on a ticket in an NHS Digital JIRA Project. Here's a handy link to the ticket:
             # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME }})
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -9,9 +9,11 @@ env:
 
 jobs:
   quality_checks:
-    uses: ./.github/workflows/quality_checks.yml
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.0
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    with:
+      install_java: true
 
   pr_title_format_check:
     uses: ./.github/workflows/pr_title_check.yml
diff --git a/.github/workflows/quality_checks.yml b/.github/workflows/quality_checks.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,9 +8,11 @@ env:
 
 jobs:
   quality_checks:
-    uses: ./.github/workflows/quality_checks.yml
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.0
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    with:
+      install_java: true
 
   get_commit_id:
     runs-on: ubuntu-latest
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,14 @@
+sonar.organization=nhsdigital
+sonar.projectKey=NHSDigital_eps-FHIR-validator-lambda
+sonar.sources=src/main
+sonar.tests=src/test
+sonar.java.binaries=target/classes
+sonar.java.test.binaries=target/test-classes
+
+sonar.host.url=https://sonarcloud.io
+
+sonar.coverage.exclusions=src/test/**
+sonar.cpd.exclusions=src/test/**
+
+sonar.java.coveragePlugin=jacoco
+sonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml
