[Kan-25] (ci) user service ci cd #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SonarQube AND Snyk | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| sonarqube: | |
| name: SonarQube | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24' | |
| - name: Run Tests with Coverage | |
| run: | | |
| cd server | |
| go test -coverprofile=coverage.out -coverpkg=./service ./... | |
| - name: SonarQube Scan | |
| uses: SonarSource/sonarqube-scan-action@1a6d90ebcb0e6a6b1d87e37ba693fe453195ae25 | |
| env: | |
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.projectKey=NUS-ISS-Agile-Team_ceramicraft-user-mservice | |
| -Dsonar.sources=server/service | |
| -Dsonar.go.coverage.reportPaths=server/coverage.out | |
| snyk: | |
| name: Snyk Vulnerability Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24' | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| - name: Install Snyk CLI | |
| run: npm install -g snyk | |
| - name: Snyk test | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| run: | | |
| mkdir -p sarif-reports | |
| find . -name "go.mod" -execdir sh -c 'snyk test --file=go.mod --severity-threshold=high --sarif-file-output=../sarif-reports/snyk-$(basename $(pwd)).sarif' \; | |
| - name: Upload Snyk SARIF file | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: sarif-reports/snyk-server.sarif | |
| - name: Snyk monitor | |
| run: find . -name "go.mod" -execdir snyk monitor --file=go.mod \; | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |