chore: update CI workflows and SonarCloud configuration for enhanced security and coverage reporting

- Updated SonarCloud exclusions to include CLI tools and examples for better security hotspot analysis. - Added new issue exclusions for hardcoded IP addresses and credentials in test files and CLI tools. - Upgraded various GitHub Actions to their latest versions for improved performance and security. - Streamlined CI workflows by ensuring consistent usage of action versions across all jobs.
2025-12-02 23:08:47 -05:00
parent 2c0250d29a
commit 477a6c2927
7 changed files with 68 additions and 55 deletions
@@ -43,12 +43,12 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0

      - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          go-version: '1.24'

@@ -143,7 +143,7 @@ jobs:
          fi

      - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: release-${{ matrix.goos }}-${{ matrix.goarch }}
          path: releases/*
@@ -155,12 +155,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0

      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          path: all-releases
          pattern: release-*
@@ -196,7 +196,7 @@ jobs:
          fi

      - name: Create Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.2
        with:
          files: all-releases/*
          draft: false
@@ -246,16 +246,16 @@ jobs:
    if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) || github.event_name == 'workflow_dispatch'
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.6.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -274,7 +274,7 @@ jobs:
          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT

      - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v5.5.0
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7