Merge pull request #2 from petersnick/sast-start

Update integration.yml
petersnick · Mar 27, 2024 · 92e3794 · 92e3794
2 parents 1ac05f6 + 48da76f
commit 92e3794
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 43 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,20 @@
+name: Build
+on:
+  push:
+    branches:
+      - development
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -27,46 +27,16 @@ jobs:
     - run: npm i
     - run: npm run build
 
-sonarcloud:
-   runs-on: ubuntu-latest
-   steps:
-   - uses: actions/checkout@v2
-     with:
-       # Disabling shallow clone is recommended for improving relevancy of reporting
-       fetch-depth: 0
-   - name: SonarCloud Scan
-     uses: sonarsource/sonarcloud-github-action@master
-     env:
-       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-       SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_DEMO }}
-
-#  security:
- #   runs-on: ubuntu-latest
- #   steps:
- #     - uses: actions/checkout@master
-   #   - name: Run Snyk to check for vulnerabilities
-  #      uses: snyk/actions/node@master
-   #     continue-on-error: false
-   #     env:
-   #       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-    #    with:
-   #       command: monitor
-
- unit-tests:
 
+  sonarcloud:
     runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [14.x, 16.x, 18.x]
-        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
-
     steps:
-    - uses: actions/checkout@v3
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
+    - uses: actions/checkout@v2
       with:
-        node-version: ${{ matrix.node-version }}
-        cache: 'npm'
-    - run: npm i
-    - run: npm run test
+        # Disabling shallow clone is recommended for improving relevancy of reporting
+        fetch-depth: 0
+    - name: SonarCloud Scan
+      uses: sonarsource/sonarcloud-github-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_CLOUD_DEMO }}
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -1,12 +1,13 @@
-sonar.projectKey=nodejsdemonodeapp_nodejsdemo
-sonar.organization=nodejsdemonodeapp
+sonar.projectKey=petersnick_Node-Demo-App
+sonar.organization=petersnick
 
 # This is the name and version displayed in the SonarCloud UI.
-#sonar.projectName=NodeJsDemo
+#sonar.projectName=Node-Demo-App
 #sonar.projectVersion=1.0
 
+
 # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
 #sonar.sources=.
 
 # Encoding of the source code. Default is default system encoding
-#sonar.sourceEncoding=UTF-8
+#sonar.sourceEncoding=UTF-8