-
Notifications
You must be signed in to change notification settings - Fork 0
65 lines (55 loc) · 2.78 KB
/
sonar.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: SonarCloud analysis
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
jobs:
Analysis:
name: Static analysis
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/[email protected]
with:
go-version: 1.21.4
- name: Run unit Tests
run: |
go test -coverprofile=./cov.out ./...
# - name: Run Gosec Security Scanner
# run: |
# go get github.com/securego/gosec/cmd/gosec
# gosec -no-fail -fmt=sonarqube -out report.json ./...
- name: Analyze with SonarCloud
# You can pin the exact commit or the version.
# uses: SonarSource/[email protected]
uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the SonarScanner CLI
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=Food-fusion-Fiap_payment-service
-Dsonar.organization=food-fusion-fiap
-Dsonar.tests=.
-Dsonar.test.inclusions=**/*_test.go
-Dsonar.sources=src/
-Dsonar.exclusions=src/adapters/gateways/mocks/**,src/infra/web/routes/**,**/*_mock.go,src/infra/db/repositories/**,src/infra/external/order_service_mock/mock_order_interface.go
-Dsonar.go.coverage.reportPaths=cov.out
#-Dsonar.externalIssuesReportPaths=report.json
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
# When you need the analysis to take place in a directory other than the one from which it was launched, default is .
projectBaseDir: .