From aa9bab7ffea6033188aa8f2f424cca496f6775bc Mon Sep 17 00:00:00 2001
From: Grygoriy Ensary <gensary@atlassian.com>
Date: Fri, 7 Feb 2025 10:52:59 -0800
Subject: [PATCH] Onboard to SonarQube

* Gather and send coverage data
* Add badges
* Remove codecov and any codecov related files
---
 .github/workflows/golang.yaml | 23 +++++++++++++++--------
 README.md                     | 15 ++++++++++++++-
 codecov.yml                   | 16 ----------------
 sonar-project.properties      | 11 +++++++++++
 4 files changed, 40 insertions(+), 25 deletions(-)
 delete mode 100644 codecov.yml
 create mode 100644 sonar-project.properties

diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml
index 1b67afc..e60d8f9 100644
--- a/.github/workflows/golang.yaml
+++ b/.github/workflows/golang.yaml
@@ -1,4 +1,7 @@
-on: [push]
+on:
+  push:
+  pull_request: #sonar refuses to display branch analysis results on Free plan even for OSS
+    types: [opened, synchronize, reopened]
 
 jobs:
   golang:
@@ -7,6 +10,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of Sonar scan
       - name: FS Permissions
         # workaround for permissions with contaner attempting to create directories
         run: chmod 777 -R "$(pwd)"
@@ -14,14 +19,16 @@ jobs:
         run: make dep
       - name: Lint
         run: make lint
+      - name: Coverage Setup 
+        # workaround for permissions with container attempting to create directory
+        run: mkdir .coverage && chmod 777 .coverage
       - name: Unit Tests
         run: make test
       - name: Integration Tests
         run: make integration
-      - name: Test Coverage
-        run: make coverage
-      - name: Upload Coverage
-        uses: codecov/codecov-action@v4
-        with:
-          files: .coverage/combined.cover.out
-          token: ${{ secrets.CODECOV_TOKEN }} 
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        # run on PRs and once we merge to main, as we need baseline runs for main in Sonar
+        if: ${{ ( github.event_name == 'pull_request' ) || ( github.ref == 'refs/heads/main' ) }}
diff --git a/README.md b/README.md
index 129672f..21175a8 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,22 @@
 # CISCO ISE Log Parser - Golang
 
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=bugs)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=code_smells)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=coverage)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=duplicated_lines_density)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=ncloc)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=alert_status)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=security_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=sqale_index)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_cisco-ise-log-parser-go&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=asecurityteam_cisco-ise-log-parser-go)
+
+
 ## Adding new fields to the message parser
 
 For certain types, this can be a one or two line change. If the field you want to parse is in the retrieveParseFn switch, simply add it to the LogMessage struct. The parser will parse with the existing generic parse function. If the field has a name that won't be auto-formatted to the Upper-camel-case style by the formatKey function, map the JSON field name from the message CSV to the correctly formatted struct field name.
 
 If your field requires more complicated parsing, you will need to write a parse function that meets the valueParseFn definition, and then map the JSON field name to your custom parse function in the keyValueParseFuncMap. You can see examples of how to this by looking at the parseCiscoAVPair function.
 
-If you don't plan on forking this repo, you can find any field not included in the existing LogMessage struct in the UnexpectedFields map in the MessageDetails field. The key will be the JSON field name found in the message CSV.
\ No newline at end of file
+If you don't plan on forking this repo, you can find any field not included in the existing LogMessage struct in the UnexpectedFields map in the MessageDetails field. The key will be the JSON field name found in the message CSV.
diff --git a/codecov.yml b/codecov.yml
deleted file mode 100644
index d6e3312..0000000
--- a/codecov.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-coverage:
-    precision: 2
-    round: down
-    range: "85...100"
-    status:
-      project:
-        default:
-          target: 85%
-          threshold: 0%
-          base: auto
-          if_not_found: failure
-          if_ci_failed: error
-          informational: false
-          only_pulls: false
-      patch: off
-
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..ff3c216
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,11 @@
+sonar.organization=asecurityteam
+sonar.projectKey=asecurityteam_cisco-ise-log-parser-go
+
+sonar.sources=.
+sonar.exclusions=main.go, **/*_test.go
+
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+
+sonar.go.coverage.reportPaths=.coverage/*.cover.out
+sonar.coverage.exclusions=**/test/**/*.*