update go version and sonar config

.github/workflows/ci.yml

@@ -26,7 +26,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
         with:
-          go-version: '1.24'
+          go-version: '1.26.2'
       - run: go mod tidy
       - run: go vet ./...
       - name: Wait for PostgreSQL to be ready

.github/workflows/codeql.yml

@@ -26,7 +26,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5.1.0
         with:
-          go-version: '1.24'
+          go-version: '1.26.2'
           cache: true
 
       - name: Initialize CodeQL
@@ -35,6 +35,9 @@ jobs:
           languages: go
           queries: security-extended
 
+      - name: Tidy modules
+        run: go mod tidy
+
       - name: Build
         run: go build -v ./...
 

.github/workflows/sonar.yml

@@ -0,0 +1,57 @@
+name: Sonar Scan
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - master
+      - 'release/**'
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  sonar:
+    name: Sonar Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.26.2'
+
+      - name: Install dependencies
+        run: go mod download
+
+      - name: Run tests with coverage
+        run: |
+          go test -v ./... \
+            -coverprofile=coverage.out \
+            -covermode=atomic \
+            -coverpkg=./...
+
+      - name: Show coverage summary
+        run: |
+          go tool cover -func=coverage.out
+
+      - name: Sonar Scan
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+          SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }}
+
+      # - name: Sonar Quality Gate
+      #   uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
+      #   timeout-minutes: 10
+      #   env:
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      #     SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

.github/workflows/trivy.yml

@@ -0,0 +1,32 @@
+name: Security - Trivy
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  trivy:
+    name: Trivy Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run Trivy Scan
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          scan-type: fs
+          format: sarif
+          output: trivy-results.sarif
+          severity: CRITICAL,HIGH
+
+      - name: Upload results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: trivy-results.sarif

README.md

@@ -2,7 +2,7 @@
 
 <p align="center">
   <img src="https://img.shields.io/github/v/release/aptlogica/go-postgres-rest?style=for-the-badge&logo=github" alt="GitHub Release">
-  <img src="https://img.shields.io/badge/Go-1.21+-00ADD8?style=for-the-badge&logo=go&logoColor=white" alt="Go Version">
+  <img src="https://img.shields.io/badge/Go-1.26.2+-00ADD8?style=for-the-badge&logo=go&logoColor=white" alt="Go Version">
   <img src="https://img.shields.io/badge/PostgreSQL-12+-4169E1?style=for-the-badge&logo=postgresql&logoColor=white" alt="PostgreSQL">
   <img src="https://img.shields.io/badge/License-MIT-green?style=for-the-badge" alt="MIT License">
   <img src="https://img.shields.io/badge/Docker-Ready-2496ED?style=for-the-badge&logo=docker&logoColor=white" alt="Docker">
@@ -98,7 +98,7 @@
 
 ## Architecture
 
-- **Go 1.23+, idiomatic design**
+- **Go 1.26.2+, idiomatic design**
   - Modern Go practices and idioms
   - Clean, readable code
   - Efficient use of Go features

go.mod

@@ -1,8 +1,8 @@
 module github.com/aptlogica/go-postgres-rest
 
-go 1.23.0
+go 1.26.2
 
-toolchain go1.23.10
+toolchain go1.26.2
 
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2

sonar-project.properties

@@ -1,7 +1,7 @@
-sonar.projectKey=aptlogica_go-postgres-rest_3356bc40-4059-4939-8cce-5e86bba44a39
-
+sonar.projectKey=aptlogica_go-postgres-rest
+sonar.organization=aptlogica
 sonar.language=go
 sonar.sources=pkg
-sonar.tests=tests
 sonar.test.inclusions=**/*_test.go
 sonar.go.coverage.reportPaths=coverage.out
+sonar.exclusions=**/*_test.go,**/*_testdata/**