mirror of
https://github.com/wneessen/go-mail.git
synced 2024-11-14 01:42:54 +01:00
Winni Neessen
c78388a2cb
This commit adds read permissions for 'contents' in the GitHub workflow files sonarqube.yml and reuse.yml. This allows these specific workflows to access the relevant contents they need for execution.
55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
# SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
|
|
#
|
|
# SPDX-License-Identifier: CC0-1.0
|
|
|
|
name: SonarQube
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main # or the name of your main branch
|
|
pull_request:
|
|
branches:
|
|
- main # or the name of your main branch
|
|
env:
|
|
TEST_HOST: ${{ secrets.TEST_HOST }}
|
|
TEST_FROM: ${{ secrets.TEST_USER }}
|
|
TEST_ALLOW_SEND: "1"
|
|
TEST_SMTPAUTH_USER: ${{ secrets.TEST_USER }}
|
|
TEST_SMTPAUTH_PASS: ${{ secrets.TEST_PASS }}
|
|
TEST_SMTPAUTH_TYPE: "LOGIN"
|
|
jobs:
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
|
with:
|
|
go-version: '1.22.x'
|
|
|
|
- name: Run unit Tests
|
|
run: |
|
|
go test -v -race --coverprofile=./cov.out ./...
|
|
|
|
- uses: sonarsource/sonarqube-scan-action@9ad16418d1dd6d28912bc0047ee387e90181ce1c # master
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
|
|
|
- uses: sonarsource/sonarqube-quality-gate-action@f9fe214a5be5769c40619de2fff2726c36d2d5eb # master
|
|
timeout-minutes: 5
|
|
env:
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|