Update Github Actions and Go version in sonarqube.yml

Upgraded the Go version used in Github Actions to '1.21.x' and adjusted the workflow to be triggered on both 'push' and 'pull_request' events. Removed the usage of Gosec Security Scanner and included running SonarQube analysis on both occasions.
wneessen · Dec 14, 2023 · 16b54c6 · 16b54c6
1 parent b60f704
commit 16b54c6
Showing 1 changed file with 7 additions and 10 deletions.
diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml
@@ -7,6 +7,9 @@ on:
   push:
     branches:
       - main # or the name of your main branch
+  pull_request:
+    branches:
+      - main # or the name of your main branch
 jobs:
   build:
     name: Build
@@ -17,25 +20,19 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v2.1.3
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: '1.21.x'
 
       - name: Run unit Tests
         run: |
           go test -v -race --coverprofile=./cov.out ./...
-          
-      - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
-        with:
-          args: '-no-fail -fmt sonarqube -out report.json ./...'
-
+
       - uses: sonarsource/sonarqube-scan-action@master
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-      # If you wish to fail your job when the Quality Gate is red, uncomment the
-      # following lines. This would typically be used to fail a deployment.
+
       - uses: sonarsource/sonarqube-quality-gate-action@master
         timeout-minutes: 5
         env: