[NRL-1922] Add new workflow for PR checks

mattdean3-nhs · mattdean3-nhs · commit 00bbefa794e7 · 2026-02-24T11:08:44.000Z
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -0,0 +1,75 @@
+name: Run PR checks
+run-name: "Running checks for PR #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})"
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+concurrency:
+  cancel-in-progress: false
+
+permissions:
+  id-token: write
+  contents: read
+  actions: write
+  pull-requests: write
+
+jobs:
+  build:
+    name: Build and test
+    runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
+
+    steps:
+      - name: Git clone - ${{ github.ref }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Setup environment
+        run: |
+          echo "${HOME}/.asdf/bin" >> $GITHUB_PATH
+          poetry install --no-root
+
+      - name: Build
+        run: make build
+
+      - name: Test
+        run: make test
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: build-artifacts
+        path: dist
+
+  sonar:
+    name: SonarQube analysis and quality gate check
+    runs-on: ubuntu-latest
+    after: build
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Get build artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: build-artifacts
+        path: dist
+
+      # Triggering SonarQube analysis as results of it are required by Quality Gate check.
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # Check the Quality Gate status.
+      - name: SonarQube Quality Gate check
+        id: sonarqube-quality-gate-check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        with:
+          pollingTimeoutSec: 600
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} #OPTIONAL
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -8,7 +8,7 @@ sonar.exclusions=scripts/**
 sonar.coverage.exclusions=scripts/**, test/**, **/tests/**
 sonar.cpd.exclusions=tests/**, **/tests/**
 
-sonar.python.coverage.reportPaths=coverage.xml
+sonar.python.coverage.reportPaths=dist/test-coverage.xml
 
 # Exclude snomed urls as being unsafe
 sonar.issue.ignore.multicriteria=exclude_snomed_urls
