mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
f00c12e954
* Integrate Sonarcloud and Nancy github action Integrate Sonarcloud for static code analysis and Nancy for analysing dependencies Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> * fix: pin actions to commit sha Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix auth for pr Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
21 lines
604 B
YAML
21 lines
604 B
YAML
name: Sonarcloud workflow
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- 'main'
|
|
- 'release*'
|
|
|
|
jobs:
|
|
sonarcloud:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
|
|
with:
|
|
# Disabling shallow clone is recommended for improving relevancy of reporting
|
|
fetch-depth: 0
|
|
- name: SonarCloud Scan
|
|
uses: sonarsource/sonarcloud-github-action@156db6fef3e168e4972abb76de0b32bbce8ec77a # pin@master
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|