diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index beffb34..0000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '33 5 * * 2' - push: - branches: [ "main" ] - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - - steps: - - name: "Checkout code" - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.1.0 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 - with: - results_file: results.sarif - results_format: sarif - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 - with: - sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 261493a..6c9ca1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,4 +15,30 @@ jobs: go-version-file: 'go.mod' - name: Test - run: go test ./... + run: go test -covermode=atomic -coverpkg=./... -coverprofile=test.cov -v ./... + + - name: upload coverage data + uses: actions/upload-artifact@v4 + with: + name: test.cov + path: test.cov + retention-days: 1 + + sonar: + name: Run SonarCloud Analysis + runs-on: ubuntu-22.04 + needs: test + steps: + - name: Check out code + uses: actions/checkout@v4 + - name: download coverage data from GitHub storage + uses: actions/download-artifact@v4 + with: + path: cov/ + merge-multiple: true + - name: SonarCloud Scan + uses: sonarsource/sonarcloud-github-action@v5.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} + diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..daa950f --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,15 @@ +sonar.organization=staffbase +sonar.projectKey=com.staffbase:gosaml2 +sonar.projectDescription=Our very own gosaml2 fork +sonar.links.homepage=https://github.com/Staffbase/gosaml2 +sonar.sourceEncoding=UTF-8 + +sonar.scm.provider=git + +sonar.sources=. +sonar.exclusions=**/*_test.go + +sonar.tests=. +sonar.test.inclusions=**/*_test.go + +sonar.go.coverage.reportPaths=cov/*.cov