Added Sonar workflow (#1591)

* Added SonarCloud workflow * added extension exclusion
2022-02-09 20:29:31 +05:30 · 2022-02-09 20:29:31 +05:30 · ab1da1aa8e
parent 0732406a68
commit ab1da1aa8e
3 changed files with 59 additions and 1 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,8 +1,9 @@
 name: 🚨 CodeQL Analysis

 on:
-  workflow_dispatch:
+  push:
  pull_request:
+  workflow_dispatch:
    branches:
      - dev

--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@ -0,0 +1,40 @@
+name: 👮🏼‍♂️ Sonarcloud
+on:
+  push:
+    branches:
+      - master
+      - dev
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+     
+      - name: "Set up Go"
+        uses: actions/setup-go@v2
+        with: 
+          go-version: 1.17
+      
+      - name: Run unit Tests
+        working-directory: v2/
+        run: |
+          go test -coverprofile=cov.out ./...
+
+      - name: Run Gosec Security Scanner
+        working-directory: v2/
+        run: |
+          go install github.com/securego/gosec/cmd/gosec@latest
+          gosec -no-fail -fmt=sonarqube -out report.json ./...
+     
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/sonar-project.properties
+++ b/sonar-project.properties
@ -0,0 +1,17 @@
+sonar.projectKey=projectdiscovery_nuclei
+sonar.organization=projectdiscovery
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=dnsx
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+sonar.sources=v2/
+sonar.tests=v2/
+sonar.test.inclusions=**/*_test.go
+sonar.exclusions=v2/pkg/protocols/common/helpers/deserialization/testdata/*.java
+sonar.go.coverage.reportPaths=v2/cov.out
+sonar.externalIssuesReportPaths=v2/report.json
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8