Release/0.25.0 #447
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SAST - SonarCloud (BT) Caller | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'dependabot/**' | |
| pull_request_target: | |
| workflow_dispatch: | |
| jobs: | |
| check-secrets: | |
| name: Check secrets presence | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: if [[ -z "$SONAR_TOKEN" ]]; then exit 1; fi | |
| analysis: | |
| name: Analysis | |
| needs: check-secrets | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| DEFECT_DOJO_TOKEN: ${{ secrets.DOJO_TOKEN }} | |
| DEFECT_DOJO_URL: ${{ secrets.DOJO_URL }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "ORGANIZATION=${{ github.repository_owner}}" >> $GITHUB_ENV | |
| - run: echo "PROJECT_KEY=${{ github.repository_owner}}_$(echo ${{ github.repository }} | sed 's/.*\///')" >> $GITHUB_ENV | |
| - run: echo "SCAN_DATE=$(TZ='EET' date '+%Y-%m-%d')" >> $GITHUB_ENV | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-java@v5 | |
| with: | |
| distribution: temurin | |
| java-version: '17' | |
| - uses: gradle/actions/wrapper-validation@v5 | |
| - uses: gradle/actions/setup-gradle@v5 | |
| - run: ./gradlew clean test koverXmlReport | |
| - uses: sonarsource/sonarqube-scan-action@v6.0.0 | |
| if: (github.event_name == 'push'|| github.event_name == 'workflow_dispatch') | |
| with: | |
| projectBaseDir: ${{ github.workspace }} | |
| args: > | |
| -Dsonar.organization=${{ env.ORGANIZATION }} | |
| -Dsonar.projectKey=${{ env.PROJECT_KEY }} | |
| -Dsonar.scanner.skipJreProvisioning=true | |
| -Dsonar.language=kotlin | |
| -Dsonar.coverage.jacoco.xmlReportPaths=wallet-core/build/reports/kover/report.xml | |
| -Dsonar.kotlin.coverage.reportPaths=wallet-core/build/reports/kover/report.xml | |
| -Dsonar.kotlin.multiplatform.reportPaths=wallet-core/build/reports/kover/report.xml | |
| -Dsonar.sources=wallet-core/src/main | |
| -Dsonar.tests=wallet-core/src/test | |
| -Dsonar.java.binaries=wallet-core/build/classes/kotlin/main | |
| -Dsonar.kotlin.binaries=wallet-core/build/classes/kotlin/main | |
| - uses: sonarsource/sonarqube-scan-action@v6.0.0 | |
| if: (github.event_name == 'pull_request_target') | |
| with: | |
| projectBaseDir: ${{ github.workspace }} | |
| args: > | |
| -Dsonar.organization=${{ env.ORGANIZATION }} | |
| -Dsonar.projectKey=${{ env.PROJECT_KEY }} | |
| -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} | |
| -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} | |
| -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} | |
| -Dsonar.scanner.skipJreProvisioning=true | |
| -Dsonar.language=kotlin | |
| -Dsonar.coverage.jacoco.xmlReportPaths=wallet-core/build/reports/kover/report.xml | |
| -Dsonar.kotlin.coverage.reportPaths=wallet-core/build/reports/kover/report.xml | |
| -Dsonar.kotlin.multiplatform.reportPaths=wallet-core/build/reports/kover/report.xml | |
| -Dsonar.sources=wallet-core/src/main | |
| -Dsonar.tests=wallet-core/src/test | |
| -Dsonar.java.binaries=wallet-core/build/classes/kotlin/main | |
| -Dsonar.kotlin.binaries=wallet-core/build/classes/kotlin/main | |
| - uses: actions/setup-node@v6 | |
| if: (github.repository_owner == 'eu-digital-identity-wallet' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')) | |
| with: | |
| node-version: 18 | |
| - name: Publish Sonar Report | |
| if: (github.repository_owner == 'eu-digital-identity-wallet' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')) | |
| run: | | |
| npm cache clean --force | |
| npm install -g sonar-report@3.0.10 | |
| sonar-report \ | |
| --sonarurl="https://sonarcloud.io" \ | |
| --sonarorganization="${{ env.ORGANIZATION }}" \ | |
| --branch="${{ github.ref_name }}" \ | |
| --sonartoken="${{ secrets.SONAR_TOKEN }}" \ | |
| --output sonarreport.html \ | |
| --application="${{ env.PROJECT_KEY }}" \ | |
| --sonarcomponent="${{ env.PROJECT_KEY }}" | |
| curl -X POST "${{ env.DEFECT_DOJO_URL }}/api/v2/reimport-scan/" \ | |
| -H "Authorization: Token $DEFECT_DOJO_TOKEN" \ | |
| -F "active=true" \ | |
| -F "scan_type=SonarQube Scan detailed" \ | |
| -F "minimum_severity=Info" \ | |
| -F "skip_duplicates=true" \ | |
| -F "close_old_findings=true" \ | |
| -F "file=@sonarreport.html" \ | |
| -F "scan_date=${{ env.SCAN_DATE }}" \ | |
| -F "auto_create_context=True" \ | |
| -F "product_name=${{ github.repository }}-${{ github.ref_name }}" \ | |
| -F "engagement_name=Static Application Security Testing - ${{ github.repository }}-${{ github.ref_name }}" |