Skip to content

Commit

Permalink
ci: Changes to solve vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@ivgonzalezc
ivgonzalezc committed Apr 9, 2024
1 parent 5a9315b commit 463fb1d
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 11 deletions.
12 changes: 1 addition & 11 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

on:
pull_request_target:
types: [opened, synchronize]
push:
branches:
- main
Expand All @@ -20,15 +18,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code on PR
if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }}
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0
ref: ${{ github.head_ref }}

- name: Checkout code on Branch
if: ${{ github.event_name != 'pull_request' && github.event_name != 'pull_request_target' }}
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0
Expand Down
90 changes: 90 additions & 0 deletions .github/workflows/sonarqube.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: Release

env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

on:
pull_request_target:
types: [opened, synchronize]
push:
branches:
- main
workflow_dispatch:

permissions:
contents: write

jobs:
unit-testing:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0

- name: Build library
run: |
go build
- name: Run unit tests
run: |
cd api
go test -race -coverprofile=coverage.out -v ./...
go tool cover -func="coverage.out"
- name: Save unit tests coverage
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: coverage
path: api/coverage.out

sonarqube:
needs: unit-testing
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
fetch-depth: 0

- name: Download coverage
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: coverage

- name: SonarQube Scan on PR
if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name == 'pull_request' || github.event_name == 'pull_request_target' ) }}
uses: sonarsource/sonarqube-scan-action@69c1a75940dec6249b86dace6b630d3a2ae9d2a7 # v2.0.1
with:
projectBaseDir: .
args: >
-Dsonar.projectKey=${{ github.event.repository.name }}
-Dsonar.pullrequest.key=${{ github.event.number }}
-Dsonar.pullrequest.branch=${{ github.head_ref }}
-Dsonar.pullrequest.base=${{ github.base_ref }}
-Dsonar.go.coverage.reportPaths=coverage.out
-Dsonar.exclusions=api/**/**_test.go,api/entities/**,api/logging/**,api/utils/**,TestClient.go,performancetest/PerformanceTest.go
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
SONAR_HOST_URL: https://sonar.dev.beyondtrust.com

- name: SonarQube Scan on branch
if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) }}
uses: sonarsource/sonarqube-scan-action@69c1a75940dec6249b86dace6b630d3a2ae9d2a7 # v2.0.1
with:
projectBaseDir: .
args: >
-Dsonar.projectKey=${{ github.event.repository.name }}
-Dsonar.go.coverage.reportPaths=coverage.out
-Dsonar.exclusions=api/**/**_test.go,api/entities/**,api/logging/**,api/utils/**,TestClient.go,performancetest/PerformanceTest.go
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
SONAR_HOST_URL: https://sonar.dev.beyondtrust.com

- name: SonarQube Quality Gate check
if: ${{ github.actor != 'dependabot[bot]' }}
uses: sonarsource/sonarqube-quality-gate-action@d304d050d930b02a896b0f85935344f023928496 # v1.1.0
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}

0 comments on commit 463fb1d

Please sign in to comment.