Skip to content

Add sonarqube integration #122

Add sonarqube integration

Add sonarqube integration #122

Workflow file for this run

name: "Test and Coverage"
on:
push:
branches:
- '*'
tags-ignore:
- '**'
pull_request:
branches:
- '*'
workflow_call:
jobs:
SonarQube:
name: Sonar Scan
runs-on: ubuntu-latest
permissions: read-all
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
security_scan_analysis:
name: Security Scan Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Install semgrep
run: python3 -m pip install semgrep
- name: Run semgrep
run: semgrep --config=auto
python_test_and_coverage:
name: Python Test and Coverage
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Install dependencies
working-directory: ./api
run: pip install -r requirements.txt && pip install -r test-requirements.txt
- name: Run tests with pytest
working-directory: ./api
env:
DATABASE_URI: "sqlite:///:memory:"
JWT_SECRET : "secret"
PRIVATE_KEY_PATH: "./tests/ressources/test_private.pem"
PUBLIC_KEY_PATH: "./tests/ressources/test_public.pem"
run: python -m pytest --cov=. --cov-report=lcov --cov-report=term
- name: Upload coverage report
uses: coverallsapp/github-action@v2