Bump sonarsource/sonarqube-scan-action from 2.0.2 to 4.0.0 #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: (all packages) Lints | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
pre-commit: | |
name: Pre-commit checks | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the Repo | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 # needed for pre-commit to work correctly | |
- name: Install Nix | |
uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
- name: Run pre-commit checks | |
run: | | |
nix develop -c sh -c "pre-commit run --hook-stage pre-commit --show-diff-on-failure --color=always" | |
tools: | |
name: Get tool-versions | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Parse tool-versions file | |
uses: goplugin/tool-versions-to-env-action@aabd5efbaf28005284e846c5cf3a02f2cba2f4c2 # v1.0.8 | |
id: tool-versions | |
outputs: | |
golangci-lint-version: ${{ steps.tool-versions.outputs.golangci-lint_version }} | |
golangci: | |
name: Linting-${{ matrix.project.name }} | |
runs-on: ubuntu-latest | |
needs: [tools] | |
strategy: | |
fail-fast: false | |
matrix: | |
project: | |
- name: lib | |
path: ./lib/ | |
- name: gotestloghelper | |
path: ./tools/gotestloghelper/ | |
- name: k8s-test-runner | |
path: ./k8s-test-runner/ | |
- name: testlistgenerator | |
path: ./tools/testlistgenerator/ | |
- name: ecrimagefetcher | |
path: ./tools/ecrimagefetcher/ | |
- name: ghlatestreleasechecker | |
path: ./tools/ghlatestreleasechecker/ | |
- name: asciitable | |
path: ./tools/asciitable/ | |
- name: workflowresultparser | |
path: ./tools/workflowresultparser/ | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Install Go | |
uses: goplugin/plugin-github-actions/plugin-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16 | |
with: | |
test_download_vendor_packages_command: cd ${{ matrix.project.path }} && go mod download | |
go_mod_path: ${{ matrix.project.path }}go.mod | |
cache_key_id: ctf-go-${{ matrix.project.name }} | |
cache_restore_only: 'false' | |
- name: golangci-lint ${{ needs.tools.outputs.golangci-lint-version }} | |
uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0 | |
with: | |
version: v${{ needs.tools.outputs.golangci-lint-version }} | |
args: --out-format checkstyle:golangci-lint-report.xml | |
skip-cache: true | |
working-directory: ${{ matrix.project.path }} | |
- name: Print lint report artifact | |
if: always() | |
run: test -f ${{ matrix.project.path }}golangci-lint-report.xml || true | |
- name: Store lint report artifact | |
if: always() | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: golangci-lint-report-${{ matrix.project.name }} | |
path: ${{ matrix.project.path }}golangci-lint-report.xml | |
vulnerabilities-check: | |
name: Check for Vulnerabilities | |
runs-on: ubuntu-latest | |
needs: [tools] | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Install Go | |
uses: goplugin/plugin-github-actions/plugin-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16 | |
with: | |
test_download_vendor_packages_command: cd lib && go mod download | |
go_mod_path: ./lib/go.mod | |
cache_key_id: ctf-go | |
cache_restore_only: 'false' | |
- name: Write Go List | |
working-directory: lib | |
run: go list -json -deps ./... > ../go.list | |
- name: Nancy | |
uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3 | |
asdf-install: | |
name: Install ASDF Dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Install asdf dependencies | |
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2 | |
helmlint: | |
name: Lint Helm Charts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
# Without this parameter, the merged commit that CI produces will make it so that ct will | |
# not detect a diff even if one exists | |
fetch-depth: 0 | |
- name: Set up chart-testing | |
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 | |
- name: Add helm chart repo | |
run: helm repo add plugin-qa https://raw.githubusercontent.com/goplugin/qa-charts/gh-pages/ | |
- name: Run chart-testing (lint) | |
run: ct lint --config ${{ github.workspace }}/.github/configs/ct.yaml | |
actionlint: | |
name: Validate GitHub Action Workflows | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out Code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Run actionlint | |
uses: reviewdog/action-actionlint@9d8b58041eed1373f173e91b9a3db5a844197236 # v1.44.0 | |
sonarqube: | |
name: SonarQube Analysis | |
needs: [golangci] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repo | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports | |
- name: Download all workflow run artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
- name: SonarQube Scan | |
uses: sonarsource/sonarqube-scan-action@94d4f8ac4aaefccd7fb84bff00b0aeb2d65fcd49 # v4.0.0 | |
with: | |
args: > | |
-Dsonar.go.golangci-lint.reportPaths=golangci-lint-report/golangci-lint-report.xml | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} |