Skip to content

DO NOT MERGE; RUNNER TESTING #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kevinspurrier wants to merge 4 commits into
base: development
Choose a base branch
from
Open

DO NOT MERGE; RUNNER TESTING #76

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2e78c4c
CI Build Stage: change to self hosted
kevinspurrier Nov 6, 2025
d065e1c
Test conttainer timeout
kevinspurrier Nov 6, 2025
9408749
CI: Comment out failing non-configured SonarQube Scan
kevinspurrier Nov 7, 2025
001b4c1
CI: Remove sonarqube-internal from needs list
kevinspurrier Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 22 additions & 21 deletions .github/workflows/ngwpc-cicd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
build:
name: build
if: github.event_name == 'pull_request' || github.event_name == 'push'
runs-on: ubuntu-latest
runs-on: self-hosted
needs: setup
steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -110,25 +110,25 @@ jobs:
}

# SonarQube scan (only runs on internal NGWPC self-hosted runners)
sonarqube-internal:
name: sonarqube-internal
if: (github.event_name == 'pull_request' || github.event_name == 'push') && github.repository_owner == 'NGWPC'
runs-on: self-hosted
needs: [setup, build, unit-test]
#TODO: Configure SonarQube Scans
continue-on-error: true
container:
image: sonarsource/sonar-scanner-cli
options: --entrypoint="" --user 0
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: SonarQube Scan
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: sonar-scanner -X -Dsonar.verbose=true
#sonarqube-internal:
# name: sonarqube-internal
# if: (github.event_name == 'pull_request' || github.event_name == 'push') && github.repository_owner == 'NGWPC'
# runs-on: self-hosted
# needs: [setup, build, unit-test]
# #TODO: Configure SonarQube Scans
# continue-on-error: true
# container:
# image: sonarsource/sonar-scanner-cli
# options: --entrypoint="" --user 0
# steps:
# - uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - name: SonarQube Scan
# env:
# SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# run: sonar-scanner -X -Dsonar.verbose=true

# CodeQL scan
# TODO: Update to scan as desired.
Expand Down Expand Up @@ -197,6 +197,7 @@ jobs:
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
timeout: 15m
- name: Upload Trivy results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
Expand All @@ -206,7 +207,7 @@ jobs:
name: deploy-latest-on-development
if: github.event_name == 'push' && github.ref_name == 'development'
runs-on: ubuntu-latest
needs: [setup, build, unit-test, sonarqube-internal, codeql-scan, container-scanning]
needs: [setup, build, unit-test, codeql-scan, container-scanning]
steps:
- name: Tag image with 'latest'
shell: bash
Expand Down