Merge pull request #20 from asecurityteam/onboard-to-sonar

Onboard to SonarQube

.github/workflows/golang.yaml

@@ -1,4 +1,7 @@
-on: [push]
+on:
+  push:
+  pull_request: #sonar refuses to display branch analysis results on Free plan even for OSS
+    types: [opened, synchronize, reopened]
 
 jobs:
   golang:
@@ -7,16 +10,25 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of Sonar scan
       - name: FS Permissions
         # workaround for permissions with contaner attempting to create directories
         run: chmod 777 -R "$(pwd)"
       - name: Dep
         run: make dep
       - name: Lint
         run: make lint
+      - name: Coverage Setup 
+        # workaround for permissions with container attempting to create directory
+        run: mkdir .coverage && chmod 777 .coverage
       - name: Unit Tests
         run: make test
       - name: Integration Tests
         run: make integration
-      - name: Test Coverage
-        run: make coverage
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        # run on PRs and once we merge to main, as we need baseline runs for main in Sonar
+        if: ${{ ( github.event_name == 'pull_request' ) || ( github.ref == 'refs/heads/master' ) }}

README.md

@@ -1,5 +1,20 @@
 # component-httpstats - Settings component for generating an HTTP stat client
 [![GoDoc](https://godoc.org/github.com/asecurityteam/component-httpstats?status.svg)](https://godoc.org/github.com/asecurityteam/component-httpstats)
+
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=bugs)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=code_smells)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=coverage)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=duplicated_lines_density)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=ncloc)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=alert_status)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=security_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=sqale_index)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_component-httpstats&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=asecurityteam_component-httpstats)
+
+
+
 <!-- TOC -->autoauto- [component-httpstats - Settings component for generating an HTTP stat client](#component-httpstats---settings-component-for-generating-an-http-stat-client)auto    - [Overview](#overview)auto    - [Quick Start](#quick-start)auto    - [Status](#status)auto    - [Contributing](#contributing)auto        - [Building And Testing](#building-and-testing)auto        - [License](#license)auto        - [Contributing Agreement](#contributing-agreement)autoauto<!-- /TOC -->
 
 ## Overview

sonar-project.properties

@@ -0,0 +1,11 @@
+sonar.organization=asecurityteam
+sonar.projectKey=asecurityteam_component-httpstats
+
+sonar.sources=.
+sonar.exclusions=main.go, **/*_test.go
+
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+
+sonar.go.coverage.reportPaths=.coverage/*.cover.out
+sonar.coverage.exclusions=**/test/**/*.*