logranger/.github/workflows/sonarqube.yml

# SPDX-FileCopyrightText: 2023 Winni Neessen <wn@neessen.dev>
#
# SPDX-License-Identifier: MIT

name: Build

on:
  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    permissions: read-all
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
        with:
          egress-policy: audit

      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - uses: sonarsource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
Add SPDX license identifiers and update copyright year All source code files as well as README.md, .gitignore, and various configuration files have been updated with an SPDX license identifier, changing license from CC0-1.0 to MIT. The copyright year has been updated to 2023, and the copyright holder's email address has been corrected from 'winni@neessen.dev' to 'wn@neessen.dev'. An MIT license text file has been additionally added. 2023-12-15 16:35:41 +01:00			`# SPDX-FileCopyrightText: 2023 Winni Neessen <wn@neessen.dev>`
			`#`
			`# SPDX-License-Identifier: MIT`

Add SonarQube configuration and update .gitignore This commit introduces a SonarQube configuration setup, adds an .idea/.gitignore file, and expands the root .gitignore file. The SonarQube setup includes a GitHub Actions workflow and a project properties file. The .gitignore files are updated to properly ignore files for JetBrains IDEs, local testfiles, SonarQube, and others. 2023-12-08 14:37:32 +01:00			`name: Build`

			`on:`
			`push:`
			`branches:`
			`- main`

[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-21 16:21:39 +01:00			`permissions:`
			`contents: read`

Add SonarQube configuration and update .gitignore This commit introduces a SonarQube configuration setup, adds an .idea/.gitignore file, and expands the root .gitignore file. The SonarQube setup includes a GitHub Actions workflow and a project properties file. The .gitignore files are updated to properly ignore files for JetBrains IDEs, local testfiles, SonarQube, and others. 2023-12-08 14:37:32 +01:00			`jobs:`
			`build:`
			`name: Build`
			`runs-on: ubuntu-latest`
			`permissions: read-all`
			`steps:`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-21 16:21:39 +01:00			`- name: Harden Runner`
Bump step-security/harden-runner from 2.9.1 to 2.10.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde...91182cccc01eb5e619899d80e4e971d6181294a7) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2024-09-11 11:00:59 +02:00			`uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1`
[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-03-21 16:21:39 +01:00			`with:`
			`egress-policy: audit`

Bump actions/checkout from 4.1.7 to 4.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2024-09-26 10:18:12 +02:00			`- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0`
Add SonarQube configuration and update .gitignore This commit introduces a SonarQube configuration setup, adds an .idea/.gitignore file, and expands the root .gitignore file. The SonarQube setup includes a GitHub Actions workflow and a project properties file. The .gitignore files are updated to properly ignore files for JetBrains IDEs, local testfiles, SonarQube, and others. 2023-12-08 14:37:32 +01:00			`with:`
			`fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis`
Bump sonarsource/sonarqube-scan-action Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 0c0f3958d90fc466625f1d1af1f47bddd4cc6bd1 to 884b79409bbd464b2a59edc326a4b77dc56b2195. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/0c0f3958d90fc466625f1d1af1f47bddd4cc6bd1...884b79409bbd464b2a59edc326a4b77dc56b2195) --- updated-dependencies: - dependency-name: sonarsource/sonarqube-scan-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> 2024-09-25 11:05:13 +02:00			`- uses: sonarsource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # master`
Add SonarQube configuration and update .gitignore This commit introduces a SonarQube configuration setup, adds an .idea/.gitignore file, and expands the root .gitignore file. The SonarQube setup includes a GitHub Actions workflow and a project properties file. The .gitignore files are updated to properly ignore files for JetBrains IDEs, local testfiles, SonarQube, and others. 2023-12-08 14:37:32 +01:00			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
			`SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}`