gilles/onvif-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update CI workflows and SonarCloud configuration for enhanced security and coverage reporting

Browse Source 
- Updated SonarCloud exclusions to include CLI tools and examples for better security hotspot analysis.
- Added new issue exclusions for hardcoded IP addresses and credentials in test files and CLI tools.
- Upgraded various GitHub Actions to their latest versions for improved performance and security.
- Streamlined CI workflows by ensuring consistent usage of action versions across all jobs.
This commit is contained in:
0x524a
2025-12-02 23:08:47 -05:00
parent 2c0250d29a
commit 477a6c2927
7 changed files with 68 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yml
+17 -17
View File
@@ -26,10 +26,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ env.GO_VERSION }}
@@ -52,15 +52,15 @@ jobs:
needs: fmt
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
~/.cache/go-build
@@ -76,7 +76,7 @@ jobs:
run: go vet ./...
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v6.5.0
with:
version: latest
args: --timeout=5m --out-format=github-actions
@@ -88,17 +88,17 @@ jobs:
needs: lint
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Full history for SonarCloud
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
~/.cache/go-build
@@ -124,7 +124,7 @@ jobs:
go tool cover -func=coverage.out | tail -20
- name: Upload coverage artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: coverage-reports
path: |
@@ -133,7 +133,7 @@ jobs:
retention-days: 7
- name: Upload to Codecov
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v4.6.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.out
@@ -153,12 +153,12 @@ jobs:
if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') && github.repository == '0x524a/onvif-go'
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Full history for accurate blame information
- name: Download coverage reports
uses: actions/download-artifact@v4
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: coverage-reports
@@ -175,7 +175,7 @@ jobs:
fi
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216 # v3.1.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -187,15 +187,15 @@ jobs:
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: |
~/.cache/go-build