Skip to content

Validation Code | SonarCloud #119

Validation Code | SonarCloud

Validation Code | SonarCloud #119

name: Validation Code | SonarCloud
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- "src/**"
workflow_dispatch:
inputs:
gitleaks:
description: "Deseja executar GitLeaks"
required: true
default: true
type: choice
options:
- true
- false
zaproxy:
description: "Deseja executar ZaProxy"
required: true
default: true
type: choice
options:
- true
- false
sonar-qube:
description: "Deseja executar SonarQube"
required: true
default: true
type: choice
options:
- true
- false
# defaults:
# run:
# working-directory: src
env:
imageName: cachorro.api
dotnetVersion: 8.x
csprojFolder: ./src/DEPLOY.Cachorro.Api/DEPLOY.Cachorro.Api.csproj
jobs:
quality-gitleaks:
if: ${{ inputs.gitleaks }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-gitleaks
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
GITLEAKS_ENABLE_SUMMARY: true
GITLEAKS_ENABLE_UPLOAD_ARTIFACT: true
GITLEAKS_NOTIFY_USER_LIST: '@felipementel'
quality-zaproxy:
if: ${{ inputs.zaproxy }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-zaproxy
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'https://www.zaproxy.org/'
# docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
# token: ${{ secrets.GITHUB_TOKEN }}
# cmd_options: "-z -config view.locale=pt_BR -version -daemon"
quality-sonarqube:
if: ${{ inputs.sonar-qube }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-sonarqube
cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'zulu'
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.dotnetVersion }}
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache SonarCloud scanner
id: cache-sonar-scanner
uses: actions/cache@v4
with:
path: ./.sonar/scanner
key: ${{ runner.os }}-sonar-scanner
restore-keys: ${{ runner.os }}-sonar-scanner
- name: Install SonarCloud scanner
if: ${{ steps.cache-sonar-scanner.outputs.cache-hit != 'true' }}
run: |
mkdir -p .sonar/scanner
dotnet tool update dotnet-sonarscanner --tool-path .sonar/scanner
- name: Install SonarCloud scanner
run: |
dotnet tool install --global dotnet-sonarscanner
dotnet tool install --global dotnet-coverage
dotnet tool install --global dotnet-reportgenerator-globaltool
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
dotnet-sonarscanner begin /k:"felipementel_DEPLOY.Cachorro.Api" /o:"felipementel" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=coverage.xml /d:sonar.exclusions="**/Migrations/**"
dotnet restore ${{ env.csprojFolder }}
dotnet build ${{ env.csprojFolder }} --no-incremental
dotnet-coverage collect 'dotnet test ./src/' -f xml -o 'coverage.xml'
dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
- name: ReportGenerator
uses: danielpalme/[email protected]
with:
reports: 'coverage.xml'
targetdir: 'coveragereport'
reporttypes: 'HtmlInline;Cobertura'
assemblyfilters: '+*'
classfilters: '-*.Migrations.*'
filefilters: '+*'
verbosity: 'Verbose'
title: 'Canal DEPLOY API Cachorro'
tag: '${{ github.run_number }}_${{ github.run_id }}'
toolpath: 'reportgeneratortool'
- name: Upload coverage report artifact
uses: actions/upload-artifact@v4
with:
name: CoverageReport
path: coveragereport