apg-go/.github/workflows/sonarqube.yml

# SPDX-FileCopyrightText: 2021-2024 Winni Neessen <wn@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0

name: SonarQube
permissions: read-all
on:
  push:
    branches:
      - main # or the name of your main branch
    paths:
      - '**.go'
      - 'go.*'
      - '.github/workflow/sonarqube.yml'
      - 'codecov.yml'
jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
        with:
          fetch-depth: 0
      - uses: sonarsource/sonarqube-scan-action@94d4f8ac4aaefccd7fb84bff00b0aeb2d65fcd49 # master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
      # If you wish to fail your job when the Quality Gate is red, uncomment the
      # following lines. This would typically be used to fail a deployment.
      - uses: sonarsource/sonarqube-quality-gate-action@8406f4f1edaffef38e9fb9c53eb292fc1d7684fa # master
        timeout-minutes: 5
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
Add .gitgnore and SPDX headers in several files This commit introduces the .gitignore configuration file and adds SPDX headers to several files including test and documentation files. The headers provide license information in a standardized format which can be easily picked up by automated tools for license compliance checks. Additionally, it deleted a .idea/.gitignore file, which is a project specific IDE configuration file not necessary for the repository. It also introduced a README.md file providing more insightful information about the project. 2024-03-12 20:59:07 +01:00			`# SPDX-FileCopyrightText: 2021-2024 Winni Neessen <wn@neessen.dev>`
			`#`
			`# SPDX-License-Identifier: CC0-1.0`

Create sonarqube.yml 2022-04-12 20:01:09 +02:00			`name: SonarQube`
Add read-all permissions to workflow files This commit adds "read-all" permissions to golangci-lint, codecov, and sonarqube workflow files. This change ensures that all necessary activities are allowed during the workflow processes. 2024-03-17 19:15:34 +01:00			`permissions: read-all`
Create sonarqube.yml 2022-04-12 20:01:09 +02:00			`on:`
			`push:`
			`branches:`
			`- main # or the name of your main branch`
Update workflows to trigger on specific file changes The update limits the GolangCI, Codecov, SonarQube, and Docker workflow triggers to only fire when specific related files are modified. By focusing on relevant paths like '*.go', 'go.' and respective workflow files, we enhance the efficiency of our CI/CD process. 2024-03-25 19:32:40 +01:00			`paths:`
			`- '**.go'`
			`- 'go.*'`
			`- '.github/workflow/sonarqube.yml'`
			`- 'codecov.yml'`
Create sonarqube.yml 2022-04-12 20:01:09 +02:00			`jobs:`
			`build:`
			`name: Build`
			`runs-on: ubuntu-latest`
			`steps:`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-17 23:22:53 +01:00			`- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0`
Create sonarqube.yml 2022-04-12 20:01:09 +02:00			`with:`
			`fetch-depth: 0`
Bump sonarsource/sonarqube-scan-action from 3.1.0 to 4.0.0 Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 3.1.0 to 4.0.0. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/13990a695682794b53148ff9f6a8b6e22e43955e...94d4f8ac4aaefccd7fb84bff00b0aeb2d65fcd49) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2024-11-12 21:02:49 +01:00			`- uses: sonarsource/sonarqube-scan-action@94d4f8ac4aaefccd7fb84bff00b0aeb2d65fcd49 # master`
Create sonarqube.yml 2022-04-12 20:01:09 +02:00			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
			`SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}`
			`# If you wish to fail your job when the Quality Gate is red, uncomment the`
			`# following lines. This would typically be used to fail a deployment.`
Bump sonarsource/sonarqube-quality-gate-action Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action) from dc2f7b0dd95544cd550de3028f89193576e958b9 to 8406f4f1edaffef38e9fb9c53eb292fc1d7684fa. - [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-quality-gate-action/compare/dc2f7b0dd95544cd550de3028f89193576e958b9...8406f4f1edaffef38e9fb9c53eb292fc1d7684fa) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-quality-gate-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> 2024-10-29 20:40:08 +01:00			`- uses: sonarsource/sonarqube-quality-gate-action@8406f4f1edaffef38e9fb9c53eb292fc1d7684fa # master`
Create sonarqube.yml 2022-04-12 20:01:09 +02:00			`timeout-minutes: 5`
			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`