CI: Support sonarqube coverage reports

Additionally disable Sonatype Lifecycle until it is ready

Issue-ID: CIMAN-33
Change-Id: Ie7b5f290421ce471232c58633980078222ceb6c6
Signed-off-by: Kevin Sandi <ksandi@contractor.linuxfoundation.org>

diff --git a/.github/scripts/prescan-go-coverage-ubuntu.sh b/.github/scripts/prescan-go-coverage-ubuntu.sh
new file mode 100644 (file)
index 0000000..f7e9d55
--- /dev/null
+++ b/.github/scripts/prescan-go-coverage-ubuntu.sh
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2025 The Linux Foundation
+
+#!/bin/bash
+echo "--> prescan-go-coverage-ubuntu.sh"
+
+set -ex
+
+# Test and coverage
+go test -p 1 ./... -coverprofile=coverage.out
+
+echo "--> prescan-go-coverage-ubuntu.sh ends"

diff --git a/.github/workflows/security-audits.yaml b/.github/workflows/security-audits.yaml
index 77c7534..0160ed8 100644 (file)
--- a/.github/workflows/security-audits.yaml
+++ b/.github/workflows/security-audits.yaml
@@ -26,18 +26,18 @@ on:
 permissions: {}
 
 jobs:
-  sonatype-lifecycle:
-    name: "Sonatype Lifecycle"
-    # yamllint disable-line rule:line-length
-    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml@83e3ea0dcbfb1e8c707b0284ae7e7c376b0e27d4 # v0.2.7
-    secrets:
-      NEXUS_IQ_PASSWORD: ${{ secrets.NEXUS_IQ_PASSWORD }}
+  #sonatype-lifecycle:
+  #  name: "Sonatype Lifecycle"
+  #  # yamllint disable-line rule:line-length
+  #  uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml@83e3ea0dcbfb1e8c707b0284ae7e7c376b0e27d4 # v0.2.7
+  #  secrets:
+  #    NEXUS_IQ_PASSWORD: ${{ secrets.NEXUS_IQ_PASSWORD }}
 
   # Scan results are found at: https://sonarcloud.io/login
   sonarqube-cloud:
     name: "SonarQube Cloud"
     # yamllint disable-line rule:line-length
-    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonarqube-cloud.yaml@83e3ea0dcbfb1e8c707b0284ae7e7c376b0e27d4 # v0.2.7
+    uses: lfit/releng-reusable-workflows/.github/workflows/reuse-sonarqube-cloud.yaml@ac846b1cfeaf3a7cac6f28413a5206afc9951464 # v0.2.11
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
@@ -48,3 +48,6 @@ jobs:
       # actions: read
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    with:
+      BUILD_WRAPPER_URL: https://raw.githubusercontent.com/onap/policy-opa-pdp/refs/heads/master/.github/scripts/prescan-go-coverage-ubuntu.sh
+      BUILD_WRAPPER_OUT_DIR: .