name: SonarQube on: push: branches: - main # or the name of your main branch jobs: build: name: Build runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Setup Go uses: actions/setup-go@v2.1.3 with: go-version: 1.18.x - name: Run unit Tests run: | go test -v -race --coverprofile=./cov.out ./... - name: Run Gosec Security Scanner uses: securego/gosec@master with: args: '-no-fail -fmt sonarqube -out report.json ./...' - uses: sonarsource/sonarqube-scan-action@master env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} # If you wish to fail your job when the Quality Gate is red, uncomment the # following lines. This would typically be used to fail a deployment. - uses: sonarsource/sonarqube-quality-gate-action@master timeout-minutes: 5 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}