Onboard to SonarQube

.github/workflows/golang.yaml

@@ -1,4 +1,7 @@
-on: [push]
+on:
+  push:
+  pull_request: #sonar refuses to display branch analysis results on Free plan even for OSS
+    types: [opened, synchronize, reopened]
 
 jobs:
   golang:
@@ -7,21 +10,25 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of Sonar scan
       - name: FS Permissions
         # workaround for permissions with contaner attempting to create directories
         run: chmod 777 -R "$(pwd)"
       - name: Dep
         run: make dep
       - name: Lint
         run: make lint
+      - name: Coverage Setup 
+        # workaround for permissions with container attempting to create directory
+        run: mkdir .coverage && chmod 777 .coverage
       - name: Unit Tests
         run: make test
       - name: Integration Tests
         run: make integration
-      - name: Test Coverage
-        run: make coverage
-      - name: Upload Coverage
-        uses: codecov/codecov-action@v4
-        with:
-          files: .coverage/combined.cover.out
-          token: ${{ secrets.CODECOV_TOKEN }} 
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        # run on PRs and once we merge to main, as we need baseline runs for main in Sonar
+        if: ${{ ( github.event_name == 'pull_request' ) || ( github.ref == 'refs/heads/master' ) }}

README.md

@@ -1,8 +1,19 @@
 <a id="markdown-messageprocessor---an-abstraction-for-consuming-messages-from-Kinesis" name="messageprocessor---an-abstraction-for-consuming-messages-from-Kinesis"></a>
 # messageprocessor - An abstraction for consuming aws Kinesis messages
 [![GoDoc](https://godoc.org/github.com/asecurityteam/messageprocessor?status.svg)](https://godoc.org/github.com/asecurityteam/messageprocessor)
-[![Build Status](https://travis-ci.com/asecurityteam/logevent.png?branch=master)](https://travis-ci.com/asecurityteam/messageprocessor)
-[![codecov.io](https://codecov.io/github/asecurityteam/messageprocessor/coverage.svg?branch=master)](https://codecov.io/github/asecurityteam/logevent?branch=master)
+
+[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=bugs)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=code_smells)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=coverage)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=duplicated_lines_density)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=ncloc)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=alert_status)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=security_rating)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=sqale_index)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=asecurityteam_messageprocessor&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=asecurityteam_messageprocessor)
+
 <!-- TOC -->
 
 - [messageprocessor - An abstraction for consuming aws Kinesis messages](#messageprocessor---an-abstraction-for-consuming-messages-from-Kinesis)

sonar-project.properties

@@ -0,0 +1,11 @@
+sonar.organization=asecurityteam
+sonar.projectKey=asecurityteam_messageprocessor
+
+sonar.sources=.
+sonar.exclusions=main.go, **/*_test.go
+
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+
+sonar.go.coverage.reportPaths=.coverage/*.cover.out
+sonar.coverage.exclusions=**/test/**/*.*