Skip to content

Iroha2::Sonar-Dojo

Iroha2::Sonar-Dojo #3

Workflow file for this run

name: Iroha2::Sonar-Dojo
on:
workflow_run:
workflows: ["Iroha2:PR::Pytests"]
types: [completed]
concurrency:
group: ${{ github.workflow }}-${{ github.actor }}
cancel-in-progress: true
jobs:
sonarqube-defectdojo:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download coverage report
uses: actions/download-artifact@v4
with:
path: coverage-reports
pattern: report-coverage
merge-multiple: true
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Show coverage
run: |
ls -l coverage-reports/
cat coverage-reports/coverage.xml
- name: Run Bandit analysis
continue-on-error: true
run: |
pip install bandit
bandit -r tests/ examples/ docs-recipes/ -f json -o bandit-report.json
- name: Run Pylint analysis
continue-on-error: true
run: |
pip install pylint
python -m pylint tests/ examples/ docs-recipes/ -r n --output-format=parseable > pylint-report.txt
- name: SonarQube
if: always()
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: DefectDojo
if: always()
uses: C4tWithShell/defectdojo-action@1.0.5
with:
token: ${{ secrets.DEFECTOJO_TOKEN }}
defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
product_type: iroha2
engagement: ${{ github.ref_name }}
tools: "SonarQube API Import,Github Vulnerability Scan"
sonar_projectKey: hyperledger-iroha:iroha-python
github_token: ${{ secrets.GITHUB_TOKEN }}
github_repository: ${{ github.repository }}
product: ${{ github.repository }}
environment: Test
reports: '{"Github Vulnerability Scan": "github.json"}'