niljson/.github/workflows/sonarqube.yml

# SPDX-FileCopyrightText: 2024 Winni Neessen <winni@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0

name: SonarQube

permissions:
  contents: read

on:
  push:
    branches:
      - main

jobs:
  build:
    name: Build and analyze
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
        with:
          egress-policy: audit

      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0

      - name: Setup Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: '1.23'

      - name: Run unit Tests
        run: |
          go test -v -race --coverprofile=./cov.out ./...

      - uses: sonarsource/sonarqube-scan-action@2af7c4bea3abd8c236b5edb80998f31374896f09 # master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

      - uses: sonarsource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3028f89193576e958b9 # master
        timeout-minutes: 5
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
Add SonarQube integration for code analysis Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored. 2024-09-11 10:19:00 +02:00			`# SPDX-FileCopyrightText: 2024 Winni Neessen <winni@neessen.dev>`
			`#`
			`# SPDX-License-Identifier: CC0-1.0`

			`name: SonarQube`

			`permissions:`
			`contents: read`

			`on:`
			`push:`
			`branches:`
			`- main`

			`jobs:`
			`build:`
			`name: Build and analyze`
			`runs-on: ubuntu-latest`

			`steps:`
			`- name: Harden Runner`
Bump step-security/harden-runner from 2.9.1 to 2.10.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/v2.9.1...91182cccc01eb5e619899d80e4e971d6181294a7) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2024-09-13 20:29:05 +02:00			`uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1`
Add SonarQube integration for code analysis Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored. 2024-09-11 10:19:00 +02:00			`with:`
			`egress-policy: audit`

[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-09-13 20:26:26 +02:00			`- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7`
Add SonarQube integration for code analysis Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored. 2024-09-11 10:19:00 +02:00			`with:`
			`fetch-depth: 0`

			`- name: Setup Go`
			`uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2`
			`with:`
Fix Go version syntax in SonarQube workflow Corrected the Go version syntax from '1.23.x' to '1.23' in the SonarQube GitHub Action workflow configuration to ensure proper version setup. This change addresses potential issues with version resolution in the setup-go action. 2024-09-11 10:22:51 +02:00			`go-version: '1.23'`
Add SonarQube integration for code analysis Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored. 2024-09-11 10:19:00 +02:00
			`- name: Run unit Tests`
			`run: \|`
			`go test -v -race --coverprofile=./cov.out ./...`

[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-09-13 20:26:26 +02:00			`- uses: sonarsource/sonarqube-scan-action@2af7c4bea3abd8c236b5edb80998f31374896f09 # master`
Add SonarQube integration for code analysis Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored. 2024-09-11 10:19:00 +02:00			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
			`SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}`

[StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> 2024-09-13 20:26:26 +02:00			`- uses: sonarsource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3028f89193576e958b9 # master`
Add SonarQube integration for code analysis Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored. 2024-09-11 10:19:00 +02:00			`timeout-minutes: 5`
			`env:`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`