From 2debaf94a214dc62fe9d707e89a5d4f18a8ee876 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Sun, 10 Jul 2022 17:50:02 +0100
Subject: [PATCH] Add Sonar

---
 .github/workflows/ci.yml            | 80 -----------------------------
 .github/workflows/merge-to-main.yml | 34 ++++++++++++
 .github/workflows/pull-request.yml  | 39 ++++++++++++++
 .gitignore                          |  2 +
 codecov.yml                         |  2 -
 renovate.json                       | 28 ++++++++--
 sonar-project.properties            |  8 +++
 7 files changed, 107 insertions(+), 86 deletions(-)
 delete mode 100644 .github/workflows/ci.yml
 create mode 100644 .github/workflows/merge-to-main.yml
 create mode 100644 .github/workflows/pull-request.yml
 delete mode 100644 codecov.yml
 create mode 100644 sonar-project.properties

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
deleted file mode 100644
index a761564..0000000
--- a/.github/workflows/ci.yml
+++ /dev/null
@@ -1,80 +0,0 @@
-name: CI
-on:
-  workflow_dispatch:
-  push:
-    paths-ignore:
-      - 'README.md'
-      - 'LICENSE.md'
-      - '.gitignore'
-  pull_request:
-
-jobs:
-  skip_duplicate:
-    runs-on: ubuntu-latest
-    outputs:
-      should_skip: ${{ steps.skip_check.outputs.should_skip }}
-    steps:
-      - id: skip_check
-        uses: fkirc/skip-duplicate-actions@v4.0.0
-        with:
-          github_token: ${{ github.token }}
-
-  analyze:
-    name: Analyze
-    needs: skip_duplicate
-    if: ${{ needs.skip_duplicate.outputs.should_skip == 'false' }}
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    strategy:
-      fail-fast: false
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: python
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-
-  lint:
-    needs: skip_duplicate
-    if: ${{ needs.skip_duplicate.outputs.should_skip == 'false' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Setup Python
-        uses: actions/setup-python@v3
-        with:
-          python-version: "3.10"
-      - name: Install dependencies
-        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
-      - name: Lint
-        run: pylint --recursive=yes .
-
-  test:
-    needs: skip_duplicate
-    if: ${{ needs.skip_duplicate.outputs.should_skip == 'false' }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [ '3.10' ]
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Setup Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
-      - name: Run test suite
-        run: coverage run -m py.test -v
-      - name: Upload Coverage to Codecov
-        uses: codecov/codecov-action@v3
diff --git a/.github/workflows/merge-to-main.yml b/.github/workflows/merge-to-main.yml
new file mode 100644
index 0000000..c21b5a8
--- /dev/null
+++ b/.github/workflows/merge-to-main.yml
@@ -0,0 +1,34 @@
+name: Merge to main
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
+      - name: Lint
+        run: pylint --recursive=yes --output-format=parseable --output=lintreport.txt .
+      - name: Unit Test
+        run: |
+          coverage run -m py.test -v
+          coverage xml
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
new file mode 100644
index 0000000..d1081ac
--- /dev/null
+++ b/.github/workflows/pull-request.yml
@@ -0,0 +1,39 @@
+name: CI
+on:
+  pull_request:
+    paths-ignore:
+      - 'README.md'
+      - 'LICENSE.md'
+      - '.gitignore'
+      - 'CODEOWNERS'
+      - 'renovate.json'
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
+      - name: Lint
+        run: pylint --recursive=yes --output-format=parseable --output=lintreport.txt .
+      - name: Unit Test
+        run: |
+          coverage run -m py.test -v --junitxml=testresults.xml
+          coverage xml
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index eb31eb4..7f4045e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,6 +38,8 @@ pip-log.txt
 pip-delete-this-directory.txt
 
 # Unit test / coverage reports
+lintreport.txt
+testresults.xml
 htmlcov/
 .tox/
 .nox/
diff --git a/codecov.yml b/codecov.yml
deleted file mode 100644
index 9fa3a4e..0000000
--- a/codecov.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-ignore:
-  - "*/tests/*”
\ No newline at end of file
diff --git a/renovate.json b/renovate.json
index 8b6dd1e..e2cb0cc 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,6 +1,26 @@
 {
-    "extends": [
-      "config:base"
-    ]
+  "extends": ["config:base"],
+  "platformCommit": true,
+  "dependencyDashboardAutoclose": true,
+  "assignAutomerge": true,
+  "assigneesFromCodeOwners": true,
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
+  "labels": ["dependencies"],
+  "packageRules": [
+    {
+      "matchPackagePatterns": ["black", "pylint"],
+      "labels": ["linting"]
+    },
+    {
+      "matchPackagePatterns": ["coverage", "pytest"],
+      "labels": ["unit-tests"]
+    }
+  ],
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security"],
+    "commitMessagePrefix": "[SECURITY] ",
+    "prCreation": "immediate"
   }
-  
\ No newline at end of file
+}
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..e0353f3
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,8 @@
+sonar.projectKey=luketainton_6to4_converter_AYHpASgJSbMjdyWLhHiC
+sonar.python.version=3.10
+sonar.python.coverage.reportPaths=coverage.xml
+sonar.python.pylint.reportPaths=lintreport.txt
+sonar.python.xunit.reportPath=testresults.xml
+sonar.sources=app
+sonar.tests=tests
+sonar.exclusions=,.github/**,.gitignore,CODEOWNERS,CHANGELOG.md,LICENSE.md,README.md,renovate.json,requirements-dev.txt,requirements.txt
\ No newline at end of file