From e557e4caace5cabeff95383837db612643e8196a Mon Sep 17 00:00:00 2001
From: Winni Neessen <wn@neessen.net>
Date: Wed, 11 Sep 2024 10:19:00 +0200
Subject: [PATCH] Add SonarQube integration for code analysis

Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored.
---
 .github/workflows/sonarqube.yml | 47 +++++++++++++++++++++++++++++++++
 sonar-project.properties        |  6 +++++
 2 files changed, 53 insertions(+)
 create mode 100644 .github/workflows/sonarqube.yml
 create mode 100644 sonar-project.properties

diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
new file mode 100644
index 0000000..92d3f81
--- /dev/null
+++ b/.github/workflows/sonarqube.yml
@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: 2024 Winni Neessen <winni@neessen.dev>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+name: SonarQube
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+        go-version: '1.23.x'
+
+      - name: Run unit Tests
+        run: |
+          go test -v -race --coverprofile=./cov.out ./...
+
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..cc1c902
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2024 Winni Neessen <wn@neessen.dev>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+sonar.projectKey=niljson
+sonar.go.coverage.reportPaths=cov.out