-
Notifications
You must be signed in to change notification settings - Fork 4
152 lines (136 loc) · 4.79 KB
/
pull-request-sonar.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Validation Code | SonarCloud
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- "src/**"
workflow_dispatch:
inputs:
gitleaks:
description: "Deseja executar GitLeaks"
required: true
type: boolean
zaproxy:
description: "Deseja executar ZaProxy"
required: true
type: boolean
sonar-qube:
description: "Deseja executar SonarQube"
required: true
type: boolean
# defaults:
# run:
# working-directory: src
env:
imageName: cachorro.api
dotnetVersion: 8.x
csprojFolder: ./src/DEPLOY.Cachorro.Api/DEPLOY.Cachorro.Api.csproj
jobs:
quality-gitleaks:
if: ${{ github.event.inputs.gitleaks == 'true' }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-gitleaks
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
GITLEAKS_ENABLE_SUMMARY: true
GITLEAKS_ENABLE_UPLOAD_ARTIFACT: true
GITLEAKS_NOTIFY_USER_LIST: '@felipementel'
quality-zaproxy:
if: ${{ github.event.inputs.zaproxy == 'true' }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-zaproxy
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'https://www.zaproxy.org/'
# docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
# token: ${{ secrets.GITHUB_TOKEN }}
# cmd_options: "-z -config view.locale=pt_BR -version -daemon"
quality-sonarqube:
if: ${{ github.event.inputs.sonar-qube == 'true' }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-sonarqube
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'zulu'
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.dotnetVersion }}
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache SonarCloud scanner
id: cache-sonar-scanner
uses: actions/cache@v4
with:
path: ./.sonar/scanner
key: ${{ runner.os }}-sonar-scanner
restore-keys: ${{ runner.os }}-sonar-scanner
- name: Install SonarCloud scanner
if: ${{ steps.cache-sonar-scanner.outputs.cache-hit != 'true' }}
run: |
mkdir -p .sonar/scanner
dotnet tool update dotnet-sonarscanner --tool-path .sonar/scanner
- name: Install SonarCloud scanner
run: |
dotnet tool install --global dotnet-sonarscanner
dotnet tool install --global dotnet-coverage
dotnet tool install --global dotnet-reportgenerator-globaltool
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
dotnet-sonarscanner begin /k:"felipementel_DEPLOY.Cachorro.Api" /o:"felipementel" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.exclusions="**/Migrations/**"
dotnet restore ${{ env.csprojFolder }}
dotnet build ${{ env.csprojFolder }} --no-incremental
dotnet-coverage collect 'dotnet test ./src/' -f xml -o 'coverage.xml'
dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
- name: ReportGenerator
uses: danielpalme/[email protected]
with:
reports: 'coverage.xml'
targetdir: 'coveragereport'
reporttypes: 'HtmlInline;Cobertura'
assemblyfilters: '+*'
classfilters: '-*.Migrations.*'
filefilters: '+*'
verbosity: 'Verbose'
title: 'Canal DEPLOY API Cachorro'
tag: '${{ github.run_number }}_${{ github.run_id }}'
toolpath: 'reportgeneratortool'
- name: Upload coverage report artifact
uses: actions/upload-artifact@v4
with:
name: CoverageReport
path: coveragereport