go-mail/.github/workflows/sonarqube.yml

# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0

name: SonarQube

permissions:
  contents: read

on:
  push:
    branches:
      - main # or the name of your main branch
  pull_request:
    branches:
      - main # or the name of your main branch
env:
  TEST_HOST: ${{ secrets.TEST_HOST }}
  TEST_FROM: ${{ secrets.TEST_USER }}
  TEST_ALLOW_SEND: "1"
  TEST_SMTPAUTH_USER: ${{ secrets.TEST_USER }}
  TEST_SMTPAUTH_PASS: ${{ secrets.TEST_PASS }}
  TEST_SMTPAUTH_TYPE: "LOGIN"
jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
        with:
          egress-policy: audit

      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
        with:
          fetch-depth: 0
          
      - name: Setup Go
        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
          go-version: '1.22.x'
          
      - name: Run unit Tests
        run: |
          go test -v -race --coverprofile=./cov.out ./...

      - uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          
      - uses: sonarsource/sonarqube-quality-gate-action@72f24ebf1f81eda168a979ce14b8203273b7c3ad # master
        timeout-minutes: 5
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
#24: Add SPDX license IDs for REUSE compliance # SUMMARY * Bad licenses: * Deprecated licenses: * Licenses without file extension: * Missing licenses: * Unused licenses: * Used licenses: CC0-1.0, MIT * Read errors: 0 * Files with copyright information: 45 / 45 * Files with license information: 45 / 45 Congratulations! Your project is compliant with version 3.0 of the REUSE Specification :-) 2022-06-17 15:05:54 +02:00			`# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>`
			`#`
			`# SPDX-License-Identifier: CC0-1.0`

Create sonarqube.yaml 2022-04-12 19:35:07 +02:00			`name: SonarQube`
Add read permissions to GitHub workflow files This commit adds read permissions for 'contents' in the GitHub workflow files sonarqube.yml and reuse.yml. This allows these specific workflows to access the relevant contents they need for execution. 2024-03-23 15:49:03 +01:00
			`permissions:`
			`contents: read`

Create sonarqube.yaml 2022-04-12 19:35:07 +02:00			`on:`
			`push:`
			`branches:`
			`- main # or the name of your main branch`
Update sonarqube.yml Run SonarQube on PRs too 2022-07-07 10:52:01 +02:00			`pull_request:`
			`branches:`
			`- main # or the name of your main branch`
Update sonarqube.yml 2022-04-12 23:12:32 +02:00			`env:`
			`TEST_HOST: ${{ secrets.TEST_HOST }}`
			`TEST_FROM: ${{ secrets.TEST_USER }}`
			`TEST_ALLOW_SEND: "1"`
			`TEST_SMTPAUTH_USER: ${{ secrets.TEST_USER }}`
			`TEST_SMTPAUTH_PASS: ${{ secrets.TEST_PASS }}`
			`TEST_SMTPAUTH_TYPE: "LOGIN"`
Create sonarqube.yaml 2022-04-12 19:35:07 +02:00			`jobs:`
			`build:`
			`name: Build`
			`runs-on: ubuntu-latest`
			`steps:`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-22 15:36:47 +01:00			`- name: Harden Runner`
Bump step-security/harden-runner from 2.8.0 to 2.8.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.8.0 to 2.8.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/f086349bfa2bd1361f7909c78558e816508cdc10...17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2024-06-07 15:25:34 +02:00			`uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-22 15:36:47 +01:00			`with:`
			`egress-policy: audit`

			`- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0`
Create sonarqube.yaml 2022-04-12 19:35:07 +02:00			`with:`
			`fetch-depth: 0`
Update sonarqube.yml 2022-04-12 23:12:32 +02:00
			`- name: Setup Go`
Bump actions/setup-go from 5.0.0 to 5.0.1 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0c52d547c9bc32b1aa3301fd7a9cb496313a4491...cdcb36043654635271a94b9a6d1392de5bb323a7) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2024-05-02 16:07:50 +02:00			`uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1`
Update sonarqube.yml 2022-04-12 23:12:32 +02:00			`with:`
Update Go version in GitHub workflow files The Go version has been updated to '1.22' in the 'sonarqube.yml', 'golangci-lint.yml', and 'codecov.yml' GitHub action workflow files. This includes an additional modification for the Go versions matrix and condition statements in the 'codecov.yml' workflow. 2024-02-10 14:14:34 +01:00			`go-version: '1.22.x'`
Update sonarqube.yml 2022-04-12 23:12:32 +02:00
			`- name: Run unit Tests`
			`run: \|`
			`go test -v -race --coverprofile=./cov.out ./...`
Update sonarqube.yml 2022-04-12 23:25:23 +02:00
Bump sonarsource/sonarqube-scan-action from 2.2.0 to 2.3.0 Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/540792c588b5c2740ad2bb4667db5cd46ae678f2...aecaf43ae57e412bd97d70ef9ce6076e672fe0a9) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2024-07-02 15:51:17 +02:00			`- uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # master`
Create sonarqube.yaml 2022-04-12 19:35:07 +02:00			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
			`SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}`
Update sonarqube.yml 2022-04-12 23:12:32 +02:00
Bump sonarsource/sonarqube-quality-gate-action Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action) from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad. - [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-quality-gate-action/compare/f9fe214a5be5769c40619de2fff2726c36d2d5eb...72f24ebf1f81eda168a979ce14b8203273b7c3ad) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-quality-gate-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> 2024-04-04 15:21:20 +02:00			`- uses: sonarsource/sonarqube-quality-gate-action@72f24ebf1f81eda168a979ce14b8203273b7c3ad # master`
Update and rename sonarqube.yaml to sonarqube.yml 2022-04-12 19:36:20 +02:00			`timeout-minutes: 5`
			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`