DCMAW-11654: investigating github actions

Author: kikidawson-gds

.github/workflows/backend-api-post-merge.yml

@@ -0,0 +1,54 @@
+name: backend-api post merge
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "backend-api/**"
+      - ".github/workflows/backend-api-post-merge.yml"
+      - "!backend-api/**/*.md"
+      - "!backend-api/**/*.png"
+
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  sonarqube-scan:
+    name: SonarQube Scan
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/job_sonarqube.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: ${{ inputs.WORKING_DIRECTORY }}
+    secrets: inherit
+
+  dev-post-merge:
+    name: Dev Post Merge
+    needs: sonarqube-scan
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/workflow_post-merge.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: backend-api
+    secrets:
+      ARTIFACT_BUCKET_NAME: ${{ secrets.TEST_RESOURCES_DEV_ARTIFACT_BUCKET }}
+      CONTAINER_SIGN_KMS_KEY: ${{ secrets.DEV_CONTAINER_SIGN_KMS_KEY }}
+      GH_ACTIONS_ROLE_ARN: ${{ secrets.BACKEND_API_DEV_GH_ACTIONS_ROLE_ARN }}
+      SIGNING_PROFILE_NAME: ${{ secrets.DEV_SIGNING_PROFILE_NAME }}
+      TEST_IMAGE_REPOSITORY_URI: ${{ secrets.BACKEND_API_DEV_TEST_IMAGE_REPOSITORY }}
+
+  build-post-merge:
+    name: Build Post Merge
+    needs: dev-post-merge
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/workflow_post-merge.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: backend-api
+    secrets:
+      ARTIFACT_BUCKET_NAME: ${{ secrets.TEST_RESOURCES_BUILD_ARTIFACT_BUCKET }}
+      CONTAINER_SIGN_KMS_KEY: ${{ secrets.BUILD_CONTAINER_SIGN_KMS_KEY }}
+      GH_ACTIONS_ROLE_ARN: ${{ secrets.BACKEND_API_BUILD_GH_ACTIONS_ROLE_ARN }}
+      SIGNING_PROFILE_NAME: ${{ secrets.BUILD_SIGNING_PROFILE_NAME }}
+      TEST_IMAGE_REPOSITORY_URI: ${{ secrets.BACKEND_API_BUILD_TEST_IMAGE_REPOSITORY }}

.github/workflows/backend-api-pull-request.yml

@@ -1,6 +1,5 @@
 name: backend-api pull request
 on:
-  # Triggers the workflow on pull request events for all branches
   pull_request:
     branches:
       - main
@@ -12,64 +11,28 @@ on:
     paths:
       - "backend-api/**"
       - ".github/workflows/backend-api-pull-request.yml"
-  # Allows you to run this workflow manually from the Actions tab
+      - "!backend-api/**/*.md"
+      - "!backend-api/**/*.png"
+
   workflow_dispatch:
 
 jobs:
   ci-checks:
-    name: Run CI checks
-    runs-on: ubuntu-22.04
-    defaults:
-      run:
-        shell: bash
-        working-directory: backend-api
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-        with:
-          submodules: true
-          fetch-depth: 0
-
-      - name: Setup nodeJS v20
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: npm
-          cache-dependency-path: backend-api/package-lock.json
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: Linting
-        run: npm run lint
-
-      - name: Check formatting using Prettier
-        run: npm run format:check
-
-      # Runs unit, infra and pact tests
-      - name: Run tests
-        run: npm run test
-
-      - name: Generate proxy open api spec
-        run: npm run generate-proxy-open-api
-
-      - name: Validate SAM template
-        run: sam validate --lint
-
-      - name: Run SonarCloud Scan
-        uses: sonarsource/sonarqube-scan-action@0303d6b62e310685c0e34d0b9cde218036885c4d # v5.0.0
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          projectBaseDir: backend-api
-
-      - name: SonarQube Quality Gate check
-        uses: Sonarsource/sonarqube-quality-gate-action@8406f4f1edaffef38e9fb9c53eb292fc1d7684fa # master
-        # Force to fail step after specific time
-        timeout-minutes: 5
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          scanMetadataReportFile: backend-api/.scannerwork/report-task.txt
-
+    name: CI Checks
+    if: github.event.pull_request.draft == false
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/job_ci-checks.yml@DCMAW-11654
+    with:
+      GENERATE_PROXY_OPEN_API_SPEC: true
+      WORKING_DIRECTORY: backend-api
+    secrets: inherit
+        
+  sonarqube:
+    name: SonarQube
+    needs: ci-checks
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/job_sonarqube.yml@DCMAW-11654
+    with:
+      RUN_SONARQUBE_QUALITY_GATE_CHECK: true
+      WORKING_DIRECTORY: backend-api
+    secrets: inherit