diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000..0a54f50 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,67 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarCloud analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# Free for open source project. + +# 1. Login to SonarCloud.io using your GitHub account + +# 2. Import your project on SonarCloud +# * Add your GitHub organization first, then add your repository as a new project. +# * Please note that many languages are eligible for automatic analysis, +# which means that the analysis will start automatically without the need to set up GitHub Actions. +# * This behavior can be changed in Administration > Analysis Method. +# +# 3. Follow the SonarCloud in-product tutorial +# * a. Copy/paste the Project Key and the Organization Key into the args parameter below +# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) +# +# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN +# (On SonarCloud, click on your avatar on top-right > My account > Security +# or go directly to https://sonarcloud.io/account/security/) + +# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) + +name: SonarCloud analysis + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for better analysis + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + + - name: Run tests with coverage (optional) + run: | + go test -v -coverprofile=coverage.out ./... + continue-on-error: true + + - name: Analyze with SonarCloud + uses: SonarSource/sonarcloud-github-action@v3.1.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + with: + projectBaseDir: . diff --git a/README.md b/README.md index 2db13dc..33f9813 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Adel - Active Directory Engagement Layer +[![SonarQube Cloud](https://sonarcloud.io/images/project_badges/sonarcloud-light.svg)](https://sonarcloud.io/summary/new_code?id=dmakeienko_adel) + Active Directory Engagement Layer - A Go-based HTTPS server that provides REST API access to Active Directory using LDAP/LDAPS. ## Features diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..1870548 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,22 @@ +# SonarCloud configuration for Go project +sonar.projectKey=dmakeienko_adel +sonar.organization=dmakeienko + +# Project information +sonar.projectName=adel +sonar.projectVersion=1.0 + +# Source code location +sonar.sources=. +sonar.exclusions=**/*_test.go,**/vendor/**,**/.github/** + +# Test configuration +sonar.tests=. +sonar.test.inclusions=**/*_test.go + +# Coverage configuration +sonar.go.coverage.reportPaths=coverage.out + +# Go language settings +sonar.language=go +sonar.sourceEncoding=UTF-8