diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1d17abf..68538a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c with: - go-version: '1.24' + go-version: '1.26.2' - run: go mod tidy - run: go vet ./... - name: Wait for PostgreSQL to be ready diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ebcd231..b04a191 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,7 +26,7 @@ jobs: - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5.1.0 with: - go-version: '1.24' + go-version: '1.26.2' cache: true - name: Initialize CodeQL @@ -35,6 +35,9 @@ jobs: languages: go queries: security-extended + - name: Tidy modules + run: go mod tidy + - name: Build run: go build -v ./... diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 0000000..b0e3712 --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,57 @@ +name: Sonar Scan + +on: + push: + branches: + - main + - develop + - master + - 'release/**' + pull_request: + +permissions: + contents: read + +jobs: + sonar: + name: Sonar Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.26.2' + + - name: Install dependencies + run: go mod download + + - name: Run tests with coverage + run: | + go test -v ./... \ + -coverprofile=coverage.out \ + -covermode=atomic \ + -coverpkg=./... + + - name: Show coverage summary + run: | + go tool cover -func=coverage.out + + - name: Sonar Scan + uses: SonarSource/sonarqube-scan-action@v6 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} + + # - name: Sonar Quality Gate + # uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + # timeout-minutes: 10 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 0000000..211fdec --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,32 @@ +name: Security - Trivy + +on: + push: + branches: [main, develop] + pull_request: + +permissions: + contents: read + security-events: write + +jobs: + trivy: + name: Trivy Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Trivy Scan + uses: aquasecurity/trivy-action@v0.35.0 + with: + scan-type: fs + format: sarif + output: trivy-results.sarif + severity: CRITICAL,HIGH + + - name: Upload results to GitHub Security + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: trivy-results.sarif diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index bf906c9..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,55 +0,0 @@ -pipeline { - agent any - - stages { - stage('Checkout Code') { - steps { - checkout scm - } - } - - stage('Test & Coverage') { - steps { - sh 'go test ./pkg/... -v -race -coverprofile=coverage.out -covermode=atomic -timeout 120s' - } - } - - stage('SonarQube Analysis') { - when { - anyOf { - branch 'develop' - branch 'main' - branch 'release/*' - branch 'master' - } - } - steps { - script { - // Get path to the installed Sonar Scanner tool - def scannerHome = tool 'SonarScanner' - - withSonarQubeEnv('aptl-sonar') { - // Run the scanner binary - sh "${scannerHome}/bin/sonar-scanner" - } - } - } - } - - stage('Quality Gate') { - when { - anyOf { - branch 'develop' - branch 'main' - branch 'release/*' - branch 'master' - } - } - steps { - timeout(time: 10, unit: 'MINUTES') { - waitForQualityGate abortPipeline: true - } - } - } - } -} diff --git a/README.md b/README.md index 2dc6e6a..d01704d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@

GitHub Release - Go Version + Go Version PostgreSQL MIT License Docker @@ -98,7 +98,7 @@ ## Architecture -- **Go 1.23+, idiomatic design** +- **Go 1.26.2+, idiomatic design** - Modern Go practices and idioms - Clean, readable code - Efficient use of Go features diff --git a/go.mod b/go.mod index ac22127..5905836 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module github.com/aptlogica/go-postgres-rest -go 1.23.0 +go 1.26.2 -toolchain go1.23.10 +toolchain go1.26.2 require ( github.com/DATA-DOG/go-sqlmock v1.5.2 diff --git a/sonar-project.properties b/sonar-project.properties index 884f5fd..11fe45e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,7 +1,7 @@ -sonar.projectKey=aptlogica_go-postgres-rest_3356bc40-4059-4939-8cce-5e86bba44a39 - +sonar.projectKey=aptlogica_go-postgres-rest +sonar.organization=aptlogica sonar.language=go sonar.sources=pkg -sonar.tests=tests sonar.test.inclusions=**/*_test.go sonar.go.coverage.reportPaths=coverage.out +sonar.exclusions=**/*_test.go,**/*_testdata/**