83 lines
2.5 KiB
YAML
83 lines
2.5 KiB
YAML
name: SonarQube Code Quality Scan
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: windowsx64
|
|
|
|
steps:
|
|
# ============================
|
|
# STEP 1: Checkout from Gitea
|
|
# ============================
|
|
- name: Checkout Code (Gitea Direct)
|
|
run: |
|
|
git clone https://git.we965.cn/learning/VectorDBDemo.git .
|
|
git fetch --depth=0
|
|
git checkout ${{ github.ref_name }}
|
|
|
|
# ============================
|
|
# STEP 2: Setup Sonar Scanner
|
|
# ============================
|
|
- name: Add Sonar Scanner to PATH
|
|
run: |
|
|
echo "D:\Paths\sonar-scanner-cli\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
|
|
|
|
# ============================
|
|
# STEP 3: Check .NET SDK
|
|
# ============================
|
|
- name: Verify .NET SDK (Local)
|
|
run: |
|
|
dotnet --list-sdks
|
|
dotnet --version
|
|
|
|
# ============================
|
|
# STEP 4: Dependency Check (CVE)
|
|
# ============================
|
|
- name: Run OWASP Dependency Check
|
|
run: |
|
|
dependency-check.bat --project "VectorDBDemo" --scan "." --format "XML" --out "./depcheck"
|
|
|
|
# ============================
|
|
# STEP 5: Build .NET
|
|
# ============================
|
|
- name: Build .NET Project
|
|
run: |
|
|
dotnet restore
|
|
dotnet build --configuration Release
|
|
|
|
# ============================
|
|
# STEP 6: SonarQube Scan
|
|
# ============================
|
|
- name: SonarQube Full Scan
|
|
run: |
|
|
dotnet tool install --global dotnet-sonarscanner
|
|
|
|
dotnet sonarscanner begin `
|
|
/k:"vectordbdemo" `
|
|
/d:sonar.host.url="http://127.0.0.1:9000" `
|
|
/d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
|
|
/d:sonar.sources="./" `
|
|
/d:sonar.exclusions="**/obj/**,**/bin/**" `
|
|
/d:sonar.dependencyCheck.xmlReportPath="depcheck/dependency-check-report.xml"
|
|
|
|
dotnet build --configuration Release
|
|
|
|
dotnet sonarscanner end `
|
|
/d:sonar.login="${{ secrets.SONAR_TOKEN }}"
|
|
|
|
# ============================
|
|
# STEP 7: Fetch Blocker Issues
|
|
# ============================
|
|
- name: Fetch SonarQube Blocker Issues
|
|
id: fetch_issues
|
|
run: |
|
|
$projectKey = "vectordbdemo"
|
|
$sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?projectKeys=$projectKey&severities=BLOCKER&statuses=OPEN"
|
|
|
|
$response = Invoke-R
|