From 7c39d2a6a563702f105af8301b617cd614299dbb Mon Sep 17 00:00:00 2001
From: Grygoriy Ensary <gensary@atlassian.com>
Date: Thu, 13 Feb 2025 16:19:35 -0600
Subject: [PATCH] Onboard to SonarQube

* Gather and send coverage data
* Add badges
* Remove codecov and any codecov related files
---
 .github/workflows/golang.yaml | 18 +++++++++++++++---
 README.md                     | 13 +++++++++++++
 sonar-project.properties      | 11 +++++++++++
 3 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 sonar-project.properties

diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml
index 836ad50..5583212 100644
--- a/.github/workflows/golang.yaml
+++ b/.github/workflows/golang.yaml
@@ -1,4 +1,7 @@
-on: [push]
+on:
+  push:
+  pull_request: #sonar refuses to display branch analysis results on Free plan even for OSS
+    types: [opened, synchronize, reopened]
 
 jobs:
   golang:
@@ -7,6 +10,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of Sonar scan
       - name: FS Permissions
         # workaround for permissions with contaner attempting to create directories
         run: chmod 777 -R "$(pwd)"
@@ -14,9 +19,16 @@ jobs:
         run: make dep
       - name: Lint
         run: make lint
+      - name: Coverage Setup 
+        # workaround for permissions with container attempting to create directory
+        run: mkdir .coverage && chmod 777 .coverage
       - name: Unit Tests
         run: make test
       - name: Integration Tests
         run: make integration
-      - name: Test Coverage
-        run: make coverage
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        # run on PRs and once we merge to main, as we need baseline runs for main in Sonar
+        if: ${{ ( github.event_name == 'pull_request' ) || ( github.ref == 'refs/heads/master' ) }}
diff --git a/README.md b/README.md
index 33eab73..79349f8 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,19 @@
 
 **An extendable toolkit for improving the standard library HTTP client.**
 
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=bugs)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=code_smells)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=coverage)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=duplicated_lines_density)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=ncloc)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=alert_status)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=security_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=sqale_index)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_transport&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=asecurityteam_transport)
+
+
 <!-- TOC -->
 
 -- [transport](#transport)
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..b4a9600
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,11 @@
+sonar.organization=asecurityteam
+sonar.projectKey=asecurityteam_transport
+
+sonar.sources=.
+sonar.exclusions=main.go, **/*_test.go
+
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+
+sonar.go.coverage.reportPaths=.coverage/*.cover.out
+sonar.coverage.exclusions=**/test/**/*.*