diff options
| author | Syndamia <kamen@syndamia.com> | 2024-08-14 16:30:30 +0300 |
|---|---|---|
| committer | Syndamia <kamen@syndamia.com> | 2024-08-14 16:30:30 +0300 |
| commit | a1426f2ba326b81288d7cfaf56c24868fe9c717c (patch) | |
| tree | 325525c43d13582adee9a93512bfaa5fe3069118 | |
| parent | 96c50eae37b2925c7139590e486f40d889a3b9bf (diff) | |
| download | pico-web-a1426f2ba326b81288d7cfaf56c24868fe9c717c.tar pico-web-a1426f2ba326b81288d7cfaf56c24868fe9c717c.tar.gz pico-web-a1426f2ba326b81288d7cfaf56c24868fe9c717c.zip | |
feat(ci)!: Removed workflow SonarCloud configuration
Will use automatic
| -rw-r--r-- | .github/workflows/ci.yml | 14 | ||||
| -rw-r--r-- | README.md | 9 | ||||
| -rw-r--r-- | sonar-project.properties | 2 |
3 files changed, 7 insertions, 18 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bbad4ba..5cf4541 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,21 +46,9 @@ jobs: - run: sudo apt-get install -y flawfinder - run: make security-analysis - SAST-SonarCloud: - runs-on: ubuntu-latest - needs: Clone-repo - steps: - - uses: actions/download-artifact@v3 - with: - name: source-code - path: . - - uses: SonarSource/sonarcloud-github-action@master - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - Build: runs-on: ubuntu-latest - needs: [ Unit-tests, clang-analysis, SAST-flawfinder, SAST-SonarCloud ] + needs: [ Unit-tests, clang-analysis, SAST-flawfinder ] steps: - uses: actions/download-artifact@v3 with: @@ -29,16 +29,19 @@ These constraints are checked with workflows. On each push to feature branches and `dev` we execute the "cd" pipeline, during which we do: -- SAST, with multiple different tools: +- Code testing: - unit tests - [clang](TODO)'s `--analyze` static analysis +- SAST, with multiple different tools: - [flawfinder](TODO)'s security analysis - <!-- and SonarCloud, Trivy --> + - [SonarCloud](TODO) source code analysis *(automatic, not from workflow)* <!-- - SCA: https://github.com/multilang-depends/depends --> - Application build - *(on `dev` branch)* Build and push to development [dockerhub](https://hub.docker.com/r/syndamia/pico-web-dev) +- *(on `dev` branch)* Container security testing: + - [Trivy](TODO) docker container (binary) analysis ### 4. Continuous Deployment: Release, Deploy @@ -48,7 +51,7 @@ On each successful merge request to `dev`, On each successful merge request to `main`, -- the production docker image is released to [dockerhub](https://hub.docker.com/r/syndamia/pico-web), +- the production docker image is released to [dockerhub](https://hub.docker.com/r/syndamia/pico-web), and it is scanned with [Trivy](TODO) - a [GitHub release](https://github.com/Syndamia/pico-web/releases) is created, according to the pull request label, and - the kubernetes cluster is deployed with [minkube](TODO) in the pipeline diff --git a/sonar-project.properties b/sonar-project.properties deleted file mode 100644 index f08af7a..0000000 --- a/sonar-project.properties +++ /dev/null @@ -1,2 +0,0 @@ -sonar.organization=syndamia -sonar.projectKey=Syndamia_pico-web |