ci(BUILD-5443): SQ, pre-commit, Renovate

SonarSource · Dec 4, 2024 · d79c458 · d79c458
1 parent 5526f72
commit d79c458
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 2 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+* @sonarsource/platform-devinfra-squad
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["github>SonarSource/renovate-config:dev-infra-squad"]
+}
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,13 @@
+---
+on:
+  pull_request:
+  merge_group:
+
+jobs:
+  pre-commit:
+    name: "pre-commit"
+    runs-on: sonar-runner
+    steps:
+      - uses: SonarSource/gh-action_pre-commit@469b062f5c72f80612f6ba51e8191524eba7d3b8 # 1.0.5
+        with:
+          extra-args: --from-ref=origin/${{ github.event.pull_request.base.ref }} --to-ref=${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml
@@ -0,0 +1,31 @@
+name: SonarQube Scan
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  next:
+    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+      pull-requests: read
+      contents: read
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@3996073b47b49ac5c58c750d27ab4edf469401c8 # 3.0.1
+        with:
+          secrets: |
+            development/kv/data/next token | sq_next_token;
+            development/kv/data/next url | sq_next_url;
+      - name: SonarQube Next Scan
+        uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # v2.3.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).sq_next_token }}
+          SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).sq_next_url }}
diff --git a/.markdownlint.yaml b/.markdownlint.yaml
@@ -0,0 +1,10 @@
+# https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md
+default: true
+
+MD013:
+  line_length: 140
+  tables: false
+
+MD031: # Fenced code blocks should be surrounded by blank lines
+  # Disable for list_items to create a tight list containing a code fence
+  list_items: false
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,39 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b  # frozen: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-executables-have-shebangs
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: a2d20160412a9bd26a11ff45987c0e178d7e10c3  # frozen: v0.1.24
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 7cffbc42427ddac146a602f03e50edf36579a94e  # frozen: 39.49.0
+    hooks:
+      - id: renovate-config-validator
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b  # frozen: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: cb3c2be894b151dff143b1baf6acbd55f2b7faed  # frozen: 0.30.0
+    hooks:
+      - id: check-github-actions
+      - id: check-github-workflows
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: a2d20160412a9bd26a11ff45987c0e178d7e10c3  # frozen: v0.1.24
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/igorshubovych/markdownlint-cli
+    rev: 0d9fcb51a54f3b750b911c054b4bd1a590f1b592  # frozen: v0.43.0
+    hooks:
+      - id: markdownlint
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 7cffbc42427ddac146a602f03e50edf36579a94e  # frozen: 39.49.0
+    hooks:
+      - id: renovate-config-validator
diff --git a/README.md b/README.md
@@ -159,12 +159,11 @@ If you would like to create a PR in a monorepo subfolder instead, you can fill o
 
 ```yml
   monorepoUrl: <your-monorepo-url>
-  scaffoldDirectory: <directory to scaffold in i.e apps/> 
+  scaffoldDirectory: <directory to scaffold in i.e apps/>
 ```
 
 ## Connecting Port's GitHub exporter
 
 To make sure all of the properties (like url, readme etc..) come directly from GitHub in a seamless way, you can connect our GitHub exporter
 next [here](https://docs.getport.io/build-your-software-catalog/sync-data-to-catalog/git/github/examples#mapping-repositories-and-issues)
 you can find more information about it.
-
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1 @@
+sonar.projectKey=SonarSource_gh-action_cookiecutter_132b474b-7bf8-4672-bd75-53e55f5c758a
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
		* @sonarsource/platform-devinfra-squad
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		sonar.projectKey=SonarSource_gh-action_cookiecutter_132b474b-7bf8-4672-bd75-53e55f5c758a