govuk-one-login
diff --git a/‎.github/actions/node-setup/action.yml‎
Lines changed: 15 additions & 0 deletions b/‎.github/actions/node-setup/action.yml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎.github/workflows/check-pr.yml‎
Lines changed: 0 additions & 44 deletions b/‎.github/workflows/check-pr.yml‎
Lines changed: 0 additions & 44 deletions
diff --git a/‎.github/workflows/post-merge.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/post-merge.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/pr-check.yml‎
Lines changed: 67 additions & 0 deletions b/‎.github/workflows/pr-check.yml‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎.github/workflows/run-sonar-scan.yml‎
Lines changed: 0 additions & 33 deletions b/‎.github/workflows/run-sonar-scan.yml‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎.github/workflows/run-ts-style-check.yml‎
Lines changed: 0 additions & 37 deletions b/‎.github/workflows/run-ts-style-check.yml‎
Lines changed: 0 additions & 37 deletions
diff --git a/‎.github/workflows/run-unit-tests.yml‎
Lines changed: 0 additions & 57 deletions b/‎.github/workflows/run-unit-tests.yml‎
Lines changed: 0 additions & 57 deletions
diff --git a/‎.github/workflows/run-vite-build-check.yml‎
Lines changed: 0 additions & 33 deletions b/‎.github/workflows/run-vite-build-check.yml‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎.npmrc‎
Lines changed: 1 addition & 0 deletions b/‎.npmrc‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 5 additions & 11 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 5 additions & 11 deletions
@@ -0,0 +1,15 @@
+name: Node project setup
+description: Checkout and install dependencies
+
+runs:
+  using: composite
+  steps:
+    - name: Node setup
+      uses: actions/setup-node@v6
+      with:
+        node-version-file: '.nvmrc'
+        cache: 'npm'
+        package-manager-cache: true
+    - name: Install dependencies
+      run: npm ci
+      shell: bash
@@ -0,0 +1,25 @@
+name: Post merge
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  sonar-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0 # required for sonar
+      - name: Setup Node
+        uses: ./.github/actions/node-setup
+      - name: Unit tests
+        run: npm run test:coverage
+      - name: Sonar scan
+        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -0,0 +1,67 @@
+name: PR check
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - ready_for_review
+      - synchronize
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Pre-commit checks
+        uses: govuk-one-login/github-actions/code-quality/run-pre-commit@3b0015c58dd0e19e1572fda59dda4184df387d1e
+        with:
+          package-manager: 'npm'
+          install-dependencies: 'true'
+          all-files: 'true'
+
+  type-check:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Setup Node
+        uses: ./.github/actions/node-setup
+      - name: Type check
+        run: npm run type-check
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    needs: type-check
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0 # required for sonar
+      - name: Setup Node
+        uses: ./.github/actions/node-setup
+      - name: Unit tests
+        run: npm run test:coverage
+      - name: Sonar scan # runs after unit tests in order to consume coverage report
+        uses: SonarSource/sonarqube-scan-action@v7.0.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  merge-status:
+    runs-on: ubuntu-latest
+    needs: [pre-commit, type-check, unit-tests]
+    if: always()
+    steps:
+      - run: |
+          failed=()
+          [[ "${{ needs.pre-commit.result }}" != "success" ]] && failed+=("pre-commit")
+          [[ "${{ needs.type-check.result }}" != "success" ]] && failed+=("type-check")
+          [[ "${{ needs.unit-tests.result }}" != "success" ]] && failed+=("unit-tests")
+
+          if [[ ${#failed[@]} -gt 0 ]]; then
+            echo "The following jobs failed: ${failed[*]}"
+            exit 1
+          fi
@@ -1 +1,2 @@
 ignore-scripts=true
+save-exact=true
@@ -8,37 +8,31 @@ repos:
       - id: detect-aws-credentials
         args: [--allow-missing-credentials]
       - id: detect-private-key
-
   - repo: https://github.com/aws-cloudformation/cfn-lint
-    rev: v1.43.2
+    rev: v1.46.0
     hooks:
       - id: cfn-lint
         files: template\.ya?ml$
-
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.506'
+    rev: 3.2.506
     hooks:
       - id: checkov
-        verbose: true
+        files: template\.ya?ml$
         args: [--soft-fail]
-        files: deploy/.*\.ya?ml$
-
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.5.0
     hooks:
       - id: detect-secrets
         args: ['--baseline', '.secrets.baseline']
-
   - repo: local
     hooks:
       - id: eslint
-        name: eslint
+        name: ESLint
         entry: npm run lint
         language: system
         pass_filenames: false
-
       - id: prettier
-        name: prettier
+        name: Prettier
         entry: npm run format
         language: system
         pass_filenames: false
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`ignore-scripts=true`
	`2`	`+save-exact=true`