From ef66882f7181fff80f5e18b360461bac826e3c29 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Fri, 19 Sep 2025 16:55:52 +0100 Subject: [PATCH 01/20] CCM-7478: Remove unnecessary sandbox dependency --- sandbox/package-lock.json | 166 -------------------------------------- sandbox/package.json | 3 +- 2 files changed, 1 insertion(+), 168 deletions(-) diff --git a/sandbox/package-lock.json b/sandbox/package-lock.json index 8dd1074f9..fa556a230 100644 --- a/sandbox/package-lock.json +++ b/sandbox/package-lock.json @@ -20,7 +20,6 @@ "license-checker": "^25.0.1", "mocha": "^10.7.3", "mocha-junit-reporter": "^2.2.1", - "mocha-multi": "^1.1.3", "nodemon": "^3.1.7", "supertest": "^7.0.0" } @@ -1253,21 +1252,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/has-tostringtag": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", - "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", - "dev": true, - "dependencies": { - "has-symbols": "^1.0.3" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/hasown": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", @@ -1438,21 +1422,6 @@ "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==" }, - "node_modules/is-string": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", - "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", - "dev": true, - "dependencies": { - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/is-unicode-supported": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", @@ -1584,12 +1553,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", - "dev": true - }, "node_modules/log-symbols": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", @@ -1918,60 +1881,6 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true }, - "node_modules/mocha-multi": { - "version": "1.1.7", - "resolved": "https://registry.npmjs.org/mocha-multi/-/mocha-multi-1.1.7.tgz", - "integrity": "sha512-SXZRgHy0XiRTASyOp0p6fjOkdj+R62L6cqutnYyQOvIjNznJuUwzykxctypeRiOwPd+gfn4yt3NRulMQyI8Tzg==", - "dev": true, - "dependencies": { - "debug": "^4.1.1", - "is-string": "^1.0.4", - "lodash.once": "^4.1.1", - "mkdirp": "^1.0.4", - "object-assign": "^4.1.1" - }, - "engines": { - "node": ">=6.0.0" - }, - "peerDependencies": { - "mocha": ">=2.2.0 <7 || >=9" - } - }, - "node_modules/mocha-multi/node_modules/debug": { - "version": "4.3.4", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", - "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", - "dev": true, - "dependencies": { - "ms": "2.1.2" - }, - "engines": { - "node": ">=6.0" - }, - "peerDependenciesMeta": { - "supports-color": { - "optional": true - } - } - }, - "node_modules/mocha-multi/node_modules/mkdirp": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", - "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", - "dev": true, - "bin": { - "mkdirp": "bin/cmd.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/mocha-multi/node_modules/ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - }, "node_modules/mocha/node_modules/cliui": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", @@ -2234,15 +2143,6 @@ "integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==", "dev": true }, - "node_modules/object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/object-inspect": { "version": "1.13.1", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", @@ -4400,15 +4300,6 @@ "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" }, - "has-tostringtag": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", - "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", - "dev": true, - "requires": { - "has-symbols": "^1.0.3" - } - }, "hasown": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", @@ -4543,15 +4434,6 @@ "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==" }, - "is-string": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", - "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", - "dev": true, - "requires": { - "has-tostringtag": "^1.0.0" - } - }, "is-unicode-supported": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", @@ -4651,12 +4533,6 @@ "p-locate": "^5.0.0" } }, - "lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", - "dev": true - }, "log-symbols": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", @@ -4958,42 +4834,6 @@ } } }, - "mocha-multi": { - "version": "1.1.7", - "resolved": "https://registry.npmjs.org/mocha-multi/-/mocha-multi-1.1.7.tgz", - "integrity": "sha512-SXZRgHy0XiRTASyOp0p6fjOkdj+R62L6cqutnYyQOvIjNznJuUwzykxctypeRiOwPd+gfn4yt3NRulMQyI8Tzg==", - "dev": true, - "requires": { - "debug": "^4.1.1", - "is-string": "^1.0.4", - "lodash.once": "^4.1.1", - "mkdirp": "^1.0.4", - "object-assign": "^4.1.1" - }, - "dependencies": { - "debug": { - "version": "4.3.4", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", - "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", - "dev": true, - "requires": { - "ms": "2.1.2" - } - }, - "mkdirp": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", - "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", - "dev": true - }, - "ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - } - } - }, "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", @@ -5116,12 +4956,6 @@ "integrity": "sha512-EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==", "dev": true }, - "object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", - "dev": true - }, "object-inspect": { "version": "1.13.1", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", diff --git a/sandbox/package.json b/sandbox/package.json index 34872d502..64c305b8c 100644 --- a/sandbox/package.json +++ b/sandbox/package.json @@ -24,8 +24,7 @@ "license-checker": "^25.0.1", "mocha": "^10.7.3", "mocha-junit-reporter": "^2.2.1", - "mocha-multi": "^1.1.3", "nodemon": "^3.1.7", "supertest": "^7.0.0" } -} \ No newline at end of file +} From d5ffc923555cfcb35ce8fc18de4be169e9213a67 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Fri, 19 Sep 2025 17:13:49 +0100 Subject: [PATCH 02/20] CCM-7478: Configure test coverage reporting --- scripts/config/sonar-scanner.properties | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index acf8916e6..2140ee032 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -6,11 +6,14 @@ sonar.language=js,python sonar.exclusions=.venv/**,proxies/utils/performance/* -#exclude everything from test coverage, this is covered by other tools +#exclude everything from required levels of test coverage, this is covered by other tools sonar.coverage.exclusions=**/* sonar.nodejs.executable=/usr/bin/node sonar.python.version=3.10.8 +# Configure test coverage reporting +sonar.javascript.lcov.reportPaths=/usr/src/sandbox/coverage/lcov.info + #exclusion rules for our proxy JS - rhinojs 1.7.12 -https://mozilla.github.io/rhino/compat/engines.html sonar.issue.ignore.multicriteria=optChain,useLet From 5e82989036801d45e4691a56373de982ba6eaf41 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Fri, 19 Sep 2025 17:19:53 +0100 Subject: [PATCH 03/20] CCM-7478: Try to fix coverage path --- scripts/config/sonar-scanner.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index 2140ee032..5546c8a75 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -12,7 +12,7 @@ sonar.nodejs.executable=/usr/bin/node sonar.python.version=3.10.8 # Configure test coverage reporting -sonar.javascript.lcov.reportPaths=/usr/src/sandbox/coverage/lcov.info +sonar.javascript.lcov.reportPaths=sandbox/coverage/lcov.info #exclusion rules for our proxy JS - rhinojs 1.7.12 -https://mozilla.github.io/rhino/compat/engines.html sonar.issue.ignore.multicriteria=optChain,useLet From db90384216ae00d459cdd89df62b964bd8888d10 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Fri, 19 Sep 2025 17:30:17 +0100 Subject: [PATCH 04/20] CCM-7478: Add debug --- scripts/perform-static-analysis.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/perform-static-analysis.sh b/scripts/perform-static-analysis.sh index 452b37d00..4fb493324 100755 --- a/scripts/perform-static-analysis.sh +++ b/scripts/perform-static-analysis.sh @@ -29,6 +29,7 @@ function main() { } function create-report() { + file sandbox/coverage/lcov.info docker run --rm --platform linux/amd64 \ --volume $PWD:/usr/src \ From 3a1ce515b4616119c63827b62fd582ebd51c0679 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 22 Sep 2025 17:33:39 +0100 Subject: [PATCH 05/20] CCM-7478: Remove debug again --- scripts/perform-static-analysis.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/perform-static-analysis.sh b/scripts/perform-static-analysis.sh index 4fb493324..452b37d00 100755 --- a/scripts/perform-static-analysis.sh +++ b/scripts/perform-static-analysis.sh @@ -29,7 +29,6 @@ function main() { } function create-report() { - file sandbox/coverage/lcov.info docker run --rm --platform linux/amd64 \ --volume $PWD:/usr/src \ From dfa0fc40a32c912cc5240d1b12c7fb8eef825090 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 22 Sep 2025 17:34:44 +0100 Subject: [PATCH 06/20] CCM-7478: Rewrite LCOV file for correct paths --- .github/workflows/build.yml | 3 +++ .gitignore | 1 + scripts/config/sonar-scanner.properties | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 59970be83..f1693379c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -57,6 +57,9 @@ jobs: run: | cd sandbox npm run test + cd - + mkdir coverage + TMPDIR="./coverage" npx lcov-result-merger sandbox/coverage/lcov.info coverage/lcov.info --prepend-source-files - name: Check licenses run: make check-licenses diff --git a/.gitignore b/.gitignore index eb5118c45..6abaa01f3 100644 --- a/.gitignore +++ b/.gitignore @@ -25,6 +25,7 @@ env *.pem sandbox/coverage sandbox/.nyc_output +coverage zap-report/ zap-report.json zap-report.xml diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index 5546c8a75..4fbed345c 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -12,7 +12,7 @@ sonar.nodejs.executable=/usr/bin/node sonar.python.version=3.10.8 # Configure test coverage reporting -sonar.javascript.lcov.reportPaths=sandbox/coverage/lcov.info +sonar.javascript.lcov.reportPaths=coverage/lcov.info #exclusion rules for our proxy JS - rhinojs 1.7.12 -https://mozilla.github.io/rhino/compat/engines.html sonar.issue.ignore.multicriteria=optChain,useLet From de899564682fd5bab1cd93cf01ae1665cc78c082 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Tue, 23 Sep 2025 10:57:59 +0100 Subject: [PATCH 07/20] CCM-7478: Tweak coverage generation --- .github/workflows/build.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f1693379c..adc1af65a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -58,8 +58,9 @@ jobs: cd sandbox npm run test cd - - mkdir coverage - TMPDIR="./coverage" npx lcov-result-merger sandbox/coverage/lcov.info coverage/lcov.info --prepend-source-files + mkdir coverage coverage-temp + TMPDIR="./coverage-temp" npx lcov-result-merger sandbox/coverage/lcov.info coverage/lcov.info --prepend-source-files + rm -r coverage-temp - name: Check licenses run: make check-licenses From a3622a43695eb293c4a6c0a69de5fe9b8abb60c4 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Tue, 23 Sep 2025 11:19:35 +0100 Subject: [PATCH 08/20] CCM-7478: Don't set Node.js path for Sonar --- scripts/config/sonar-scanner.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index 4fbed345c..f9018b277 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -8,7 +8,7 @@ sonar.exclusions=.venv/**,proxies/utils/performance/* #exclude everything from required levels of test coverage, this is covered by other tools sonar.coverage.exclusions=**/* -sonar.nodejs.executable=/usr/bin/node +# sonar.nodejs.executable=/usr/bin/node sonar.python.version=3.10.8 # Configure test coverage reporting From 94bf92e1baff09ce26ee4c2a526134498d993c6e Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Tue, 23 Sep 2025 11:49:56 +0100 Subject: [PATCH 09/20] Enable debug mode for Sonar scan --- scripts/perform-static-analysis.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/perform-static-analysis.sh b/scripts/perform-static-analysis.sh index 452b37d00..9a87a355e 100755 --- a/scripts/perform-static-analysis.sh +++ b/scripts/perform-static-analysis.sh @@ -35,7 +35,8 @@ function create-report() { sonarsource/sonar-scanner-cli:$image_version \ -Dproject.settings=/usr/src/scripts/config/sonar-scanner.properties \ -Dsonar.branch.name="${BRANCH_NAME:-$(git rev-parse --abbrev-ref HEAD)}" \ - -Dsonar.token="$(echo $SONAR_TOKEN)" + -Dsonar.token="$(echo $SONAR_TOKEN)" \ + -Dsonar.verbose=true } function is_arg_true() { From 71335aefd249019354f07a0c230ed045aabaf14f Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Tue, 23 Sep 2025 12:02:26 +0100 Subject: [PATCH 10/20] CCM-7478: Try disabling coverage exclusions --- scripts/config/sonar-scanner.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index f9018b277..e975f443f 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -7,7 +7,7 @@ sonar.language=js,python sonar.exclusions=.venv/**,proxies/utils/performance/* #exclude everything from required levels of test coverage, this is covered by other tools -sonar.coverage.exclusions=**/* +# sonar.coverage.exclusions=**/* # sonar.nodejs.executable=/usr/bin/node sonar.python.version=3.10.8 From dc56cd564ede662c4d47b4571baa26794e6aa1c0 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 15:18:13 +0100 Subject: [PATCH 11/20] CCM-7478: Specify test files to Sonar --- scripts/config/sonar-scanner.properties | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index e975f443f..7863bcc28 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -4,11 +4,9 @@ sonar.projectKey=NHSDigital_communications-manager-api sonar.sourceEncoding=UTF-8 sonar.language=js,python +sonar.tests=tests/,sandbox/__test__ sonar.exclusions=.venv/**,proxies/utils/performance/* -#exclude everything from required levels of test coverage, this is covered by other tools -# sonar.coverage.exclusions=**/* -# sonar.nodejs.executable=/usr/bin/node sonar.python.version=3.10.8 # Configure test coverage reporting From b596fecc2145dc9d176b1b32a25d4738639bfe3e Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 16:10:40 +0100 Subject: [PATCH 12/20] CCM-7478: Attempt to fail Sonar quality gate --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index adc1af65a..9b250f5cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -71,7 +71,9 @@ jobs: - name: Static analysis env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: make static-analysis + run: | + echo ${{ github.event.pull_request.head.ref }} + make static-analysis - name: Compile spec run: make publish From 7ff1310d1f1bf12d9141e0d7e84ea72236680074 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 16:45:25 +0100 Subject: [PATCH 13/20] CCM-7478: Further attempts to break Sonar --- .github/workflows/build.yml | 4 +--- sandbox/handlers/get_message.js | 11 +++++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9b250f5cd..adc1af65a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -71,9 +71,7 @@ jobs: - name: Static analysis env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: | - echo ${{ github.event.pull_request.head.ref }} - make static-analysis + run: make static-analysis - name: Compile spec run: make publish diff --git a/sandbox/handlers/get_message.js b/sandbox/handlers/get_message.js index 92c6738e4..31632a561 100644 --- a/sandbox/handlers/get_message.js +++ b/sandbox/handlers/get_message.js @@ -8,6 +8,17 @@ export async function getMessage(req, res, next) { return; } + var foo1 = 'break sonar' + var foo2 = 'break sonar' + var foo3 = 'break sonar' + var foo4 = 'break sonar' + var foo5 = 'break sonar' + var foo6 = 'break sonar' + var foo7 = 'break sonar' + var foo8 = 'break sonar' + var foo9 = 'break sonar' + var foo10 = 'break sonar' + const { messageId } = req.params; fs.readFile(`./messages/${messageId}.json`, 'utf8', (err, fileContent) => { From e56ce99ea45883294ea5b92de4504edf21bdfe96 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:00:51 +0100 Subject: [PATCH 14/20] CCM-7478: Further attempt to fail Sonar quality gate --- sandbox/handlers/get_message.js | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/sandbox/handlers/get_message.js b/sandbox/handlers/get_message.js index 31632a561..50221b0b2 100644 --- a/sandbox/handlers/get_message.js +++ b/sandbox/handlers/get_message.js @@ -8,16 +8,9 @@ export async function getMessage(req, res, next) { return; } - var foo1 = 'break sonar' - var foo2 = 'break sonar' - var foo3 = 'break sonar' - var foo4 = 'break sonar' - var foo5 = 'break sonar' - var foo6 = 'break sonar' - var foo7 = 'break sonar' - var foo8 = 'break sonar' - var foo9 = 'break sonar' - var foo10 = 'break sonar' + // Not really a password, just something to try and trigger a SonarQube failure. + // eslint-disable-next-line no-unused-vars + const password = "SuperSecret123"; const { messageId } = req.params; From fd86be57e42425a36dab9e5fdb78d59da23f2315 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:09:16 +0100 Subject: [PATCH 15/20] CCM-7478: Try adding a sonar.sources property --- scripts/config/sonar-scanner.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index 7863bcc28..f8023362a 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -4,6 +4,7 @@ sonar.projectKey=NHSDigital_communications-manager-api sonar.sourceEncoding=UTF-8 sonar.language=js,python +sonar.sources=. sonar.tests=tests/,sandbox/__test__ sonar.exclusions=.venv/**,proxies/utils/performance/* From c066b328c8a98b809ca9e1940d7a9a00fc3904bc Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:24:42 +0100 Subject: [PATCH 16/20] CCM-7478: Remove sonar.tests property --- scripts/config/sonar-scanner.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index f8023362a..b95f4504e 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -5,7 +5,6 @@ sonar.sourceEncoding=UTF-8 sonar.language=js,python sonar.sources=. -sonar.tests=tests/,sandbox/__test__ sonar.exclusions=.venv/**,proxies/utils/performance/* sonar.python.version=3.10.8 From df791457a518df6e30fb8ed23eee0edd3ac4f016 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:35:05 +0100 Subject: [PATCH 17/20] CCM-7478: Make Sonar scan fail if quality gate fails --- scripts/config/sonar-scanner.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index b95f4504e..546a44ea7 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -3,6 +3,7 @@ sonar.organization=nhsdigital sonar.projectKey=NHSDigital_communications-manager-api sonar.sourceEncoding=UTF-8 sonar.language=js,python +sonar.qualitygate.wait=true sonar.sources=. sonar.exclusions=.venv/**,proxies/utils/performance/* From e267f3a232f3b312012617aad9d133149fe23f20 Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Mon, 29 Sep 2025 17:46:54 +0100 Subject: [PATCH 18/20] CCM-7478: Attempt to configure test files again --- scripts/config/sonar-scanner.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/config/sonar-scanner.properties b/scripts/config/sonar-scanner.properties index 546a44ea7..03b28d168 100644 --- a/scripts/config/sonar-scanner.properties +++ b/scripts/config/sonar-scanner.properties @@ -6,6 +6,8 @@ sonar.language=js,python sonar.qualitygate.wait=true sonar.sources=. +sonar.tests=tests/, sandbox/__test__ +sonar.test.inclusions=tests/**.py, sandbox/__test__/** sonar.exclusions=.venv/**,proxies/utils/performance/* sonar.python.version=3.10.8 From 4f983d56515a5820937a00041951ba52a004f72f Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Tue, 30 Sep 2025 09:16:32 +0100 Subject: [PATCH 19/20] CCM-7478: Remove deliberate Sonar failure --- sandbox/handlers/get_message.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sandbox/handlers/get_message.js b/sandbox/handlers/get_message.js index 50221b0b2..92c6738e4 100644 --- a/sandbox/handlers/get_message.js +++ b/sandbox/handlers/get_message.js @@ -8,10 +8,6 @@ export async function getMessage(req, res, next) { return; } - // Not really a password, just something to try and trigger a SonarQube failure. - // eslint-disable-next-line no-unused-vars - const password = "SuperSecret123"; - const { messageId } = req.params; fs.readFile(`./messages/${messageId}.json`, 'utf8', (err, fileContent) => { From 5e582acf5e48fef671b94654e26c15d6e2fb72db Mon Sep 17 00:00:00 2001 From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com> Date: Tue, 30 Sep 2025 09:17:13 +0100 Subject: [PATCH 20/20] CCM-7478: Disable Sonar debug output --- scripts/perform-static-analysis.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/perform-static-analysis.sh b/scripts/perform-static-analysis.sh index 9a87a355e..452b37d00 100755 --- a/scripts/perform-static-analysis.sh +++ b/scripts/perform-static-analysis.sh @@ -35,8 +35,7 @@ function create-report() { sonarsource/sonar-scanner-cli:$image_version \ -Dproject.settings=/usr/src/scripts/config/sonar-scanner.properties \ -Dsonar.branch.name="${BRANCH_NAME:-$(git rev-parse --abbrev-ref HEAD)}" \ - -Dsonar.token="$(echo $SONAR_TOKEN)" \ - -Dsonar.verbose=true + -Dsonar.token="$(echo $SONAR_TOKEN)" } function is_arg_true() {