Skip to content

I2::Dev::Sonar-Dojo #1077

I2::Dev::Sonar-Dojo

I2::Dev::Sonar-Dojo #1077

name: I2::Dev::Sonar-Dojo
on:
workflow_run:
workflows: ["I2::Dev::Tests"]
types: [completed]
concurrency:
group: ${{ github.workflow }}-${{ github.actor }}
cancel-in-progress: true
jobs:
sonarqube-defectdojo:
runs-on: ubuntu-latest
container:
image: hyperledger/iroha2-ci:nightly-2024-09-09
steps:
- uses: actions/checkout@v4
with:
repository: ${{ github.event.workflow_run.head_repository.full_name }}
ref: ${{ github.event.workflow_run.pull_requests[0].head.ref }}
fetch-depth: 0
- name: Download clippy and lcov artifact reports
uses: actions/download-artifact@v4
with:
path: lints
pattern: report-*
merge-multiple: true
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: SonarQube
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
args: >
-Dcommunity.rust.clippy.reportPaths=lints/clippy.json
-Dsonar.cfamily.llvm-cov.reportPath=lints/coverage.txt
-Dsonar.pullrequest.key=${{ github.event.workflow_run.pull_requests[0].number }}
-Dsonar.pullrequest.base=${{ github.event.workflow_run.pull_requests[0].base.ref }}
-Dsonar.pullrequest.branch=${{ github.event.workflow_run.pull_requests[0].head.ref }}
- name: DefectDojo
id: defectdojo
uses: C4tWithShell/defectdojo-action@1.0.5
with:
token: ${{ secrets.DEFECTOJO_TOKEN }}
defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
product_type: iroha2
engagement: ${{ github.ref_name }}
tools: "SonarQube API Import,Github Vulnerability Scan"
sonar_projectKey: hyperledger:iroha
github_token: ${{ secrets.GITHUB_TOKEN }}
github_repository: ${{ github.repository }}
product: ${{ github.repository }}
environment: Test
reports: '{"Github Vulnerability Scan": "github.json"}'