From f82eadf45f72d27df61bae7c8f76b095ca7ef73e Mon Sep 17 00:00:00 2001 From: Aditya-Mane1 Date: Tue, 14 Apr 2026 13:25:34 +0530 Subject: [PATCH 1/3] update go version and sonar config --- .github/workflows/sonar.yml | 57 +++++++++++++++++++++++++++++++++++++ .github/workflows/trivy.yml | 32 +++++++++++++++++++++ Jenkinsfile | 55 ----------------------------------- README.md | 4 +-- go.mod | 4 +-- sonar-project.properties | 5 ++-- 6 files changed, 96 insertions(+), 61 deletions(-) create mode 100644 .github/workflows/sonar.yml create mode 100644 .github/workflows/trivy.yml delete mode 100644 Jenkinsfile diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml new file mode 100644 index 0000000..b0e3712 --- /dev/null +++ b/.github/workflows/sonar.yml @@ -0,0 +1,57 @@ +name: Sonar Scan + +on: + push: + branches: + - main + - develop + - master + - 'release/**' + pull_request: + +permissions: + contents: read + +jobs: + sonar: + name: Sonar Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.26.2' + + - name: Install dependencies + run: go mod download + + - name: Run tests with coverage + run: | + go test -v ./... \ + -coverprofile=coverage.out \ + -covermode=atomic \ + -coverpkg=./... + + - name: Show coverage summary + run: | + go tool cover -func=coverage.out + + - name: Sonar Scan + uses: SonarSource/sonarqube-scan-action@v6 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }} + + # - name: Sonar Quality Gate + # uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + # timeout-minutes: 10 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 0000000..211fdec --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,32 @@ +name: Security - Trivy + +on: + push: + branches: [main, develop] + pull_request: + +permissions: + contents: read + security-events: write + +jobs: + trivy: + name: Trivy Scan + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Trivy Scan + uses: aquasecurity/trivy-action@v0.35.0 + with: + scan-type: fs + format: sarif + output: trivy-results.sarif + severity: CRITICAL,HIGH + + - name: Upload results to GitHub Security + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: trivy-results.sarif diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index bf906c9..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,55 +0,0 @@ -pipeline { - agent any - - stages { - stage('Checkout Code') { - steps { - checkout scm - } - } - - stage('Test & Coverage') { - steps { - sh 'go test ./pkg/... -v -race -coverprofile=coverage.out -covermode=atomic -timeout 120s' - } - } - - stage('SonarQube Analysis') { - when { - anyOf { - branch 'develop' - branch 'main' - branch 'release/*' - branch 'master' - } - } - steps { - script { - // Get path to the installed Sonar Scanner tool - def scannerHome = tool 'SonarScanner' - - withSonarQubeEnv('aptl-sonar') { - // Run the scanner binary - sh "${scannerHome}/bin/sonar-scanner" - } - } - } - } - - stage('Quality Gate') { - when { - anyOf { - branch 'develop' - branch 'main' - branch 'release/*' - branch 'master' - } - } - steps { - timeout(time: 10, unit: 'MINUTES') { - waitForQualityGate abortPipeline: true - } - } - } - } -} diff --git a/README.md b/README.md index 2dc6e6a..d01704d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@

GitHub Release - Go Version + Go Version PostgreSQL MIT License Docker @@ -98,7 +98,7 @@ ## Architecture -- **Go 1.23+, idiomatic design** +- **Go 1.26.2+, idiomatic design** - Modern Go practices and idioms - Clean, readable code - Efficient use of Go features diff --git a/go.mod b/go.mod index ac22127..5905836 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module github.com/aptlogica/go-postgres-rest -go 1.23.0 +go 1.26.2 -toolchain go1.23.10 +toolchain go1.26.2 require ( github.com/DATA-DOG/go-sqlmock v1.5.2 diff --git a/sonar-project.properties b/sonar-project.properties index 884f5fd..d96cbc2 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,7 +1,8 @@ -sonar.projectKey=aptlogica_go-postgres-rest_3356bc40-4059-4939-8cce-5e86bba44a39 - +sonar.projectKey=aptlogica_go-postgres-rest +sonar.organization=aptlogica sonar.language=go sonar.sources=pkg sonar.tests=tests sonar.test.inclusions=**/*_test.go sonar.go.coverage.reportPaths=coverage.out +sonar.exclusions=**/*_test.go,**/*_testdata/** From 4ba30137cebaa6fd572f31a2b002fcee53f4ebe8 Mon Sep 17 00:00:00 2001 From: Aditya-Mane1 Date: Tue, 14 Apr 2026 13:30:40 +0530 Subject: [PATCH 2/3] fixes --- .github/workflows/ci.yml | 2 +- .github/workflows/codeql.yml | 2 +- sonar-project.properties | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1d17abf..68538a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c with: - go-version: '1.24' + go-version: '1.26.2' - run: go mod tidy - run: go vet ./... - name: Wait for PostgreSQL to be ready diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ebcd231..d5048a4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,7 +26,7 @@ jobs: - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5.1.0 with: - go-version: '1.24' + go-version: '1.26.2' cache: true - name: Initialize CodeQL diff --git a/sonar-project.properties b/sonar-project.properties index d96cbc2..11fe45e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -2,7 +2,6 @@ sonar.projectKey=aptlogica_go-postgres-rest sonar.organization=aptlogica sonar.language=go sonar.sources=pkg -sonar.tests=tests sonar.test.inclusions=**/*_test.go sonar.go.coverage.reportPaths=coverage.out sonar.exclusions=**/*_test.go,**/*_testdata/** From 581c04757f8ff493008845dda92aee7a38713a68 Mon Sep 17 00:00:00 2001 From: Aditya-Mane1 Date: Tue, 14 Apr 2026 13:35:05 +0530 Subject: [PATCH 3/3] fix --- .github/workflows/codeql.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d5048a4..b04a191 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,6 +35,9 @@ jobs: languages: go queries: security-extended + - name: Tidy modules + run: go mod tidy + - name: Build run: go build -v ./...