[NRL-1922] Add sonarqube scan to daily build. Trigger it on every push to develop

mattdean3-nhs · mattdean3-nhs · commit 27243cf5c659 · 2026-02-24T11:19:36.000Z
diff --git a/.github/workflows/daily-build.yml b/.github/workflows/daily-build.yml
@@ -6,6 +6,9 @@ permissions:
   actions: write
 
 on:
+  push:
+    branches:
+      - develop
   schedule:
     - cron: "0 1 * * *"
   workflow_dispatch:
@@ -18,7 +21,7 @@ on:
 
 jobs:
   build:
-    name: Build - ${{ github.ref }}
+    name: Build and test - ${{ github.ref }}
     runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
 
     steps:
@@ -35,12 +38,12 @@ jobs:
       - name: Run Linting
         run: make lint
 
-      - name: Run Unit Tests
-        run: make test
-
       - name: Build Project
         run: make build
 
+      - name: Run Unit Tests
+        run: make test
+
       - name: Configure Management Credentials
         uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1
         with:
@@ -60,10 +63,43 @@ jobs:
           name: build-artifacts
           path: |
             dist/*.zip
+            dist/test-coverage.xml
             !dist/nrlf_permissions.zip
 
       - name: Save NRLF Permissions cache
         uses: actions/cache/save@v4
         with:
           key: ${{ github.run_id }}-nrlf-permissions
           path: dist/nrlf_permissions.zip
+
+  sonar:
+    name: SonarQube scan
+    runs-on: ubuntu-latest
+    needs: build
+    environment: pull-request
+    permissions:
+      contents: read
+      actions: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Get build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-artifacts
+          path: dist
+
+      - name: SonarQube scan
+        uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: SonarQube quality gate check
+        id: sonarqube-quality-gate-check
+        uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0
+        with:
+          pollingTimeoutSec: 600
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
