Skip to content

Bump sonarsource/sonarqube-scan-action from 2.0.2 to 4.0.0 #2

Bump sonarsource/sonarqube-scan-action from 2.0.2 to 4.0.0

Bump sonarsource/sonarqube-scan-action from 2.0.2 to 4.0.0 #2

Workflow file for this run

name: (all packages) Lints
on:
push:
branches:
- main
pull_request:
jobs:
pre-commit:
name: Pre-commit checks
runs-on: ubuntu-latest
steps:
- name: Checkout the Repo
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0 # needed for pre-commit to work correctly
- name: Install Nix
uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Run pre-commit checks
run: |
nix develop -c sh -c "pre-commit run --hook-stage pre-commit --show-diff-on-failure --color=always"
tools:
name: Get tool-versions
runs-on: ubuntu-latest
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Parse tool-versions file
uses: goplugin/tool-versions-to-env-action@aabd5efbaf28005284e846c5cf3a02f2cba2f4c2 # v1.0.8
id: tool-versions
outputs:
golangci-lint-version: ${{ steps.tool-versions.outputs.golangci-lint_version }}
golangci:
name: Linting-${{ matrix.project.name }}
runs-on: ubuntu-latest
needs: [tools]
strategy:
fail-fast: false
matrix:
project:
- name: lib
path: ./lib/
- name: gotestloghelper
path: ./tools/gotestloghelper/
- name: k8s-test-runner
path: ./k8s-test-runner/
- name: testlistgenerator
path: ./tools/testlistgenerator/
- name: ecrimagefetcher
path: ./tools/ecrimagefetcher/
- name: ghlatestreleasechecker
path: ./tools/ghlatestreleasechecker/
- name: asciitable
path: ./tools/asciitable/
- name: workflowresultparser
path: ./tools/workflowresultparser/
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Go
uses: goplugin/plugin-github-actions/plugin-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
with:
test_download_vendor_packages_command: cd ${{ matrix.project.path }} && go mod download
go_mod_path: ${{ matrix.project.path }}go.mod
cache_key_id: ctf-go-${{ matrix.project.name }}
cache_restore_only: 'false'
- name: golangci-lint ${{ needs.tools.outputs.golangci-lint-version }}
uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0
with:
version: v${{ needs.tools.outputs.golangci-lint-version }}
args: --out-format checkstyle:golangci-lint-report.xml
skip-cache: true
working-directory: ${{ matrix.project.path }}
- name: Print lint report artifact
if: always()
run: test -f ${{ matrix.project.path }}golangci-lint-report.xml || true
- name: Store lint report artifact
if: always()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: golangci-lint-report-${{ matrix.project.name }}
path: ${{ matrix.project.path }}golangci-lint-report.xml
vulnerabilities-check:
name: Check for Vulnerabilities
runs-on: ubuntu-latest
needs: [tools]
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Go
uses: goplugin/plugin-github-actions/plugin-testing-framework/setup-go@e29366cdecfe6befff9ab8c3cfe4825218505d58 # v2.3.16
with:
test_download_vendor_packages_command: cd lib && go mod download
go_mod_path: ./lib/go.mod
cache_key_id: ctf-go
cache_restore_only: 'false'
- name: Write Go List
working-directory: lib
run: go list -json -deps ./... > ../go.list
- name: Nancy
uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
asdf-install:
name: Install ASDF Dependencies
runs-on: ubuntu-latest
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install asdf dependencies
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
helmlint:
name: Lint Helm Charts
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
# Without this parameter, the merged commit that CI produces will make it so that ct will
# not detect a diff even if one exists
fetch-depth: 0
- name: Set up chart-testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Add helm chart repo
run: helm repo add plugin-qa https://raw.githubusercontent.com/goplugin/qa-charts/gh-pages/
- name: Run chart-testing (lint)
run: ct lint --config ${{ github.workspace }}/.github/configs/ct.yaml
actionlint:
name: Validate GitHub Action Workflows
runs-on: ubuntu-latest
steps:
- name: Check out Code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Run actionlint
uses: reviewdog/action-actionlint@9d8b58041eed1373f173e91b9a3db5a844197236 # v1.44.0
sonarqube:
name: SonarQube Analysis
needs: [golangci]
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports
- name: Download all workflow run artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@94d4f8ac4aaefccd7fb84bff00b0aeb2d65fcd49 # v4.0.0
with:
args: >
-Dsonar.go.golangci-lint.reportPaths=golangci-lint-report/golangci-lint-report.xml
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}