diff --git a/.forgejo/workflows/sonarqube.yml b/.forgejo/workflows/sonarqube.yml new file mode 100644 index 0000000..68d65ad --- /dev/null +++ b/.forgejo/workflows/sonarqube.yml @@ -0,0 +1,38 @@ +name: SonarQube + +on: + push: + branches: + - master + +jobs: + sonarqube: + name: SonarQube + runs-on: docker + + container: + image: alpine + + steps: + - name: "Setup env" + run: apk add --no-cache git nodejs bash curl + + - name: "Get repo" + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + - name: "SonarQube Scan" + uses: https://github.com/sonarsource/sonarqube-scan-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + + # If you wish to fail your job when the Quality Gate is red, uncomment the + # following lines. This would typically be used to fail a deployment. + - name: "SonarQube Quality gate" + uses: https://github.com/sonarsource/sonarqube-quality-gate-action@master + timeout-minutes: 5 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index efa0155..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,25 +0,0 @@ -include: - - template: Security/SAST.gitlab-ci.yml - -image: node:latest - -cache: - paths: - - node_modules/ - -build: - stage: build - script: - - apt-get update && apt-get install -y python - - npm install - - npm run build - -sast: - stage: test - artifacts: - name: sast - paths: - - gl-sast-report.json - reports: - sast: gl-sast-report.json - when: always diff --git a/.semgrepignore b/.semgrepignore deleted file mode 100644 index 31d5edc..0000000 --- a/.semgrepignore +++ /dev/null @@ -1,26 +0,0 @@ -# Ignore git items -.gitignore -.git/ -:include .gitignore - -# Common large paths -node_modules/ -build/ -dist/ -vendor/ -.env/ -.venv/ -.tox/ -*.min.js - -# Common test paths -test/ -tests/ -*_test.go - -# Semgrep rules folder -.semgrep - -# Semgrep-action log folder -.semgrep_logs/ - diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..8223622 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1 @@ +sonar.projectKey=administrator \ No newline at end of file