Tidy up code for sonarcloud testing (#166)

cyber-dojo · Apr 19, 2024 · 8b27bda · 8b27bda
1 parent 99e54fc
commit 8b27bda
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 48 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -264,6 +264,27 @@ jobs:
             --name=differ.snyk-code-scan \
             --scan-results="${SARIF_FILENAME}"
 
+  sonarcloud-scan:
+    needs: [build-image, kosli-trail]
+    name: Run SonarCloud Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: SonarCloud Scan
+        env:
+          SONAR_TOKEN: ${{ env.SONARCLOUD_TOKEN }}
+        uses: sonarsource/sonarcloud-github-action@master
+
+      - name: Setup Kosli CLI
+        uses: kosli-dev/setup-cli-action@v2
+        with:
+            version: ${{ vars.KOSLI_CLI_VERSION }}
+
+      - name: Attest SonarCloud as generic attestation in Kosli
+        run: ./sh/sonarcloud-scan-and-attest.sh
 
   sdlc-control-gate:
     needs: [pull-request, lint, unit-tests, snyk-container-scan, snyk-code-scan, kosli-trail, build-image]
@@ -387,31 +408,3 @@ jobs:
           docker pull "${IMAGE_NAME}"
           docker tag "${IMAGE_NAME}" cyberdojo/${{ env.SERVICE_NAME }}:latest
           docker push cyberdojo/${{ env.SERVICE_NAME }}:latest
-
-  sonarcloud-scan:
-    name: Run SonarCloud Scan
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: SonarCloud Scan
-        env:
-          SONAR_TOKEN: ${{ env.SONARCLOUD_TOKEN }}
-        uses: sonarsource/sonarcloud-github-action@master
-
-  sonarcloud-attest:
-    name: Attest SonarCloud Scan
-    needs: [kosli-trail, sonarcloud-scan]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Kosli CLI
-        uses: kosli-dev/setup-cli-action@v2
-        with:
-            version: ${{ vars.KOSLI_CLI_VERSION }}
-
-      - name: Attest SonarCloud as generic attestation in Kosli
-        run: ./sonarcloud-scan-and-attest.sh
diff --git a/.github/workflows/sonarcloud_testing.yml b/.github/workflows/sonarcloud_testing.yml
diff --git a/sonarcloud-scan-and-attest.sh → sh/sonarcloud-scan-and-attest.sh b/sonarcloud-scan-and-attest.sh → sh/sonarcloud-scan-and-attest.sh
@@ -9,7 +9,7 @@ REPO="${SERVICE_NAME}"
 get_checks_json()
 {
     curl --request GET \
-    --url "https://sonarcloud.io/api/measures/component?metricKeys=alert_status%2Cquality_gate_details%2Cbugs%2Csecurity_rating%2Ccode_smells%2Ccomplexity%2Cmaintainability_issues%2Creliability_issues%2Creliability_rating%2Ccoverage&component=${OWNER}_${REPO}"  \
+    --url "https://sonarcloud.io/api/measures/component?metricKeys=alert_status%2Cquality_gate_details%2Cbugs%2Csecurity_issues%2Ccode_smells%2Ccomplexity%2Cmaintainability_issues%2Creliability_issues%2Ccoverage&component=${OWNER}_${REPO}"  \
     --header "Authorization: ${SONARCLOUD_TOKEN}"
 }