chore(ci): fix GH var weirdness #1322

Workflow file for this run

.github/workflows/analysis.yml at d56b3f7

	name: Analysis

	on:
	pull_request:
	types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
	push:
	branches: [main]
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	tests-backend:
	name: Tests (Backend)
	if: github.event_name != 'pull_request' \|\| !github.event.pull_request.draft
	runs-on: ubuntu-24.04
	steps:
	- uses: bcgov-nr/action-test-and-analyse-java@v1.0.2
	with:
	commands: mvn --no-transfer-progress clean compile verify package checkstyle:checkstyle -P all-tests
	dir: backend
	java-cache: maven
	java-distribution: temurin
	java-version: 21
	sonar_args: >
	-Dsonar.exclusions=/configuration/,/dto/,/entity/,/exception/,/job/,*/$Builder,*/ResultsApplication.,*/Constants.*,
	-Dsonar.coverage.jacoco.xmlReportPaths=target/coverage-reports/merged-test-report/jacoco.xml
	-Dsonar.organization=bcgov-sonarcloud
	-Dsonar.project.monorepo.enabled=true
	-Dsonar.projectKey=nr-silva-backend
	sonar_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
	# Only use triggers for PRs
	triggers: ${{ github.event_name == 'pull_request' && '("backend/")' \|\| '' }}

	lint-frontend:
	name: Lint (Frontend)
	if: github.event_name != 'pull_request' \|\| !github.event.pull_request.draft
	runs-on: ubuntu-24.04
	steps:
	- uses: bcgov-nr/action-test-and-analyse@v1.2.1
	with:
	commands: \|
	npm ci
	npm run lint \|\| true
	dir: frontend
	node_version: "20"
	# Only use triggers for PRs
	triggers: ${{ github.event_name == 'pull_request' && '("frontend/")' \|\| '' }}

	tests-frontend:
	name: Tests (Frontend)
	if: github.event_name != 'pull_request' \|\| !github.event.pull_request.draft
	runs-on: ubuntu-24.04
	steps:
	- uses: bcgov-nr/action-test-and-analyse@v1.2.1
	with:
	commands: \|
	npm ci
	npm run test:coverage
	dir: frontend
	node_version: "20"
	sonar_args: >
	-Dsonar.organization=bcgov-sonarcloud
	-Dsonar.projectKey=nr-silva-frontend
	-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
	-Dsonar.typescript.tsconfigPaths=tsconfig.json
	-Dsonar.sources=src/
	-Dsonar.exclusions=src/__test__/**
	-Dsonar.tests=src/__test__/
	-Dsonar.project.monorepo.enabled=true
	sonar_token: ${{ secrets.SONAR_TOKEN_FRONTEND }}
	# Only use triggers for PRs
	triggers: ${{ github.event_name == 'pull_request' && '("frontend/")' \|\| '' }}

	codeql:
	name: CodeQL
	if: github.event_name != 'pull_request' \|\| !github.event.pull_request.draft
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4
	- uses: github/codeql-action/init@v3
	- uses: actions/setup-java@v4
	with:
	distribution: "oracle"
	java-version: "21"

	- uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
	restore-keys: \|
	${{ runner.os }}-maven-

	- run: \|
	# Exclude file and build
	rm InstallCert.java
	./mvnw package -DskipTests
	ls -la
	working-directory: backend

	- uses: github/codeql-action/analyze@v3

	# https://github.com/marketplace/actions/aqua-security-trivy
	trivy:
	name: Trivy Security Scan
	if: github.event_name != 'pull_request' \|\| !github.event.pull_request.draft
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@v4

	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@0.28.0
	with:
	format: "sarif"
	output: "trivy-results.sarif"
	ignore-unfixed: true
	scan-type: "fs"
	scanners: "vuln,secret,config"
	severity: "CRITICAL,HIGH"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: "trivy-results.sarif"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(ci): fix GH var weirdness #1322

Workflow file

chore(ci): fix GH var weirdness #1322

Jobs

Run details

Workflow file for this run