Add SonarQube integration for code analysis

Introduce a new SonarQube configuration to the project. This includes a GitHub action workflow for continuous integration on the main branch, setting up Go environment, running unit tests, and performing SonarQube analysis. This addition aims to ensure code quality and coverage are continuously monitored.
This commit is contained in:
Winni Neessen 2024-09-11 10:19:00 +02:00
parent 02d6e1f130
commit e557e4caac
Signed by: wneessen
GPG key ID: 385AC9889632126E
2 changed files with 53 additions and 0 deletions

47
.github/workflows/sonarqube.yml vendored Normal file
View file

@ -0,0 +1,47 @@
# SPDX-FileCopyrightText: 2024 Winni Neessen <winni@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0
name: SonarQube
permissions:
contents: read
on:
push:
branches:
- main
jobs:
build:
name: Build and analyze
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.23.x'
- name: Run unit Tests
run: |
go test -v -race --coverprofile=./cov.out ./...
- uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

6
sonar-project.properties Normal file
View file

@ -0,0 +1,6 @@
# SPDX-FileCopyrightText: 2024 Winni Neessen <wn@neessen.dev>
#
# SPDX-License-Identifier: CC0-1.0
sonar.projectKey=niljson
sonar.go.coverage.reportPaths=cov.out