guibranco / PIX-BACEN-SDK-dotnet

๐Ÿ‡ง๐Ÿ‡ท :bank: :gear: PIX/SPI contracts from @bacen/pix-api/
https://guibranco.github.io/PIX-BACEN-SDK-dotnet/
MIT License
21 stars 7 forks source link

Add SonarCloud integration workflow for Pixeebot #121

Closed guibranco closed 2 months ago

guibranco commented 2 months ago

Description


Changes walkthrough ๐Ÿ“

Relevant files
Enhancement
sonarcloud-pixeebot.yml
New GitHub Actions Workflow for SonarCloud Integration     

.github/workflows/sonarcloud-pixeebot.yml
  • Created a new GitHub Actions workflow for SonarCloud integration.
  • Configured the workflow to trigger on completed check runs.
  • Added job to upload Sonar results to Pixeebot using a specific action.

  • +18/-0   
    penify-dev[bot] commented 2 months ago

    PR Review ๐Ÿ”

    โฑ๏ธ Estimated effort to review [1-5] 2, because the workflow file is straightforward and primarily involves configuration without complex logic.
    ๐Ÿงช Relevant tests No
    โšก Possible issues No
    ๐Ÿ”’ Security concerns Sensitive information exposure: The use of `${{ secrets.SONAR_TOKEN }}` is appropriate, but ensure that the secret is properly managed and not exposed in logs or outputs.
    penify-dev[bot] commented 2 months ago

    PR Code Suggestions โœจ

    CategorySuggestion                                                                                                                                    Score
    Security
    Validate the sonar token to enhance security ___ **Ensure that the sonar-token is properly validated before being used to avoid potential
    security issues.** [.github/workflows/sonarcloud-pixeebot.yml [18]](https://github.com/guibranco/PIX-BACEN-SDK-dotnet/pull/121/files#diff-b08fed5db0f7030efcdd0de8beda47daf63d73b46f5166b067f427851c0c0e4bR18-R18) ```diff -18 + sonar-token: ${{ secrets.SONAR_TOKEN }} +18 + sonar-token: ${{ secrets.SONAR_TOKEN }} # Ensure this token is valid and has the necessary permissions ```
    Suggestion importance[1-10]: 8 Why: Validating the sonar token is important for security, as it helps prevent unauthorized access, making this a significant suggestion.
    8
    Best practice
    Add a timeout to the job to ensure it does not run indefinitely ___ **Consider adding a timeout-minutes parameter to the job to prevent it from running
    indefinitely.** [.github/workflows/sonarcloud-pixeebot.yml [12]](https://github.com/guibranco/PIX-BACEN-SDK-dotnet/pull/121/files#diff-b08fed5db0f7030efcdd0de8beda47daf63d73b46f5166b067f427851c0c0e4bR12-R12) ```diff 12 + runs-on: ubuntu-latest +12 + timeout-minutes: 10 ```
    Suggestion importance[1-10]: 7 Why: Adding a timeout is a good practice to prevent jobs from running indefinitely, but it is not critical for the current functionality.
    7
    Maintainability
    Add a name to the step for better clarity in workflow logs ___ **Consider adding a name for the steps to improve readability and tracking in the workflow
    logs.** [.github/workflows/sonarcloud-pixeebot.yml [15]](https://github.com/guibranco/PIX-BACEN-SDK-dotnet/pull/121/files#diff-b08fed5db0f7030efcdd0de8beda47daf63d73b46f5166b067f427851c0c0e4bR15-R15) ```diff -15 + - uses: pixee/upload-tool-results-action@v2 +15 + - name: Upload Sonar Results +15 + uses: pixee/upload-tool-results-action@v2 ```
    Suggestion importance[1-10]: 6 Why: Adding a name to the step enhances readability and tracking, but it is a minor improvement compared to other suggestions.
    6
    Enhancement
    Introduce a strategy section to facilitate potential parallel job execution ___ **It might be beneficial to add a strategy section to allow for future parallel execution of
    jobs if needed.** [.github/workflows/sonarcloud-pixeebot.yml [10]](https://github.com/guibranco/PIX-BACEN-SDK-dotnet/pull/121/files#diff-b08fed5db0f7030efcdd0de8beda47daf63d73b46f5166b067f427851c0c0e4bR10-R10) ```diff 10 + share: +10 + strategy: +10 + fail-fast: false ```
    Suggestion importance[1-10]: 5 Why: While adding a strategy section could be useful for future enhancements, it is not immediately necessary for the current implementation.
    5
    codacy-production[bot] commented 2 months ago

    Coverage summary from Codacy

    See diff coverage on Codacy

    Coverage variation Diff coverage
    :white_check_mark: +0.00% (target: -1.00%) :white_check_mark: โˆ…
    Coverage variation details | | Coverable lines | Covered lines | Coverage | | ------------- | ------------- | ------------- | ------------- | | Common ancestor commit (7cfe66113a69eb77897a9495c22fb6b3bc0afa67) | 75 | 1 | 1.33% | | | Head commit (15ddec2cb1d11e15fa1c9dcb2175d94d0d1373c3) | 75 (+0) | 1 (+0) | 1.33% (**+0.00%**) | **Coverage variation** is the difference between the coverage for the head and common ancestor commits of the pull request branch: ` - `
    Diff coverage details | | Coverable lines | Covered lines | Diff coverage | | ------------- | ------------- | ------------- | ------------- | | Pull request (#121) | 0 | 0 | **โˆ… (not applicable)** | **Diff coverage** is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: `/ * 100%`

    See your quality gate settings    Change summary preferences

    Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

    AppVeyorBot commented 2 months ago

    :white_check_mark: Build PIX-BACEN-SDK-dotnet 1.1.336 completed (commit https://github.com/guibranco/PIX-BACEN-SDK-dotnet/commit/a102468108 by @guibranco)

    codecov[bot] commented 2 months ago

    Codecov Report

    All modified and coverable lines are covered by tests :white_check_mark:

    Project coverage is 1.33%. Comparing base (0f016ee) to head (5c4c1d5). Report is 1 commits behind head on main.

    Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #121 +/- ## ===================================== Coverage 1.33% 1.33% ===================================== Files 17 17 Lines 75 75 ===================================== Hits 1 1 Misses 74 74 ```

    :umbrella: View full report in Codecov by Sentry.
    :loudspeaker: Have feedback on the report? Share it here.

    guibranco commented 2 months ago

    @gstraccini csharpier

    gstraccini[bot] commented 2 months ago

    Running CSharpier on this branch! :wrench:

    gstraccini[bot] commented 2 months ago

    :white_check_mark: CSharpier result:

    Error ./Src/PIXBacen/Parametros.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/IPixClient.cs - Was not formatted.
      ----------------------------- Expected: Around Line 9 -----------------------------
          {
              ValueTask<string> GetChargePayloadAsync(
                  string accessToken,
      ----------------------------- Actual: Around Line 9 -----------------------------
          {
              ValueTask<string> GetChargePayloadAsync(string accessToken, CancellationToken cancellationToken);
    
    Error ./Tests/PixBacen.Tests/UnitTest1.cs - Was not formatted.
      ----------------------------- Expected: Around Line 3 -----------------------------
      {
          using System;
          using System.Threading;
      ----------------------------- Actual: Around Line 3 -----------------------------
      {
          using Xunit;
          using System;
    
    Error ./Src/PIXBacen/PixClient.cs - Was not formatted.
      ----------------------------- Expected: Around Line 11 -----------------------------
    
              public ValueTask<string> GetChargePayloadAsync(
                  string accessToken,
      ----------------------------- Actual: Around Line 11 -----------------------------
    
              public ValueTask<string> GetChargePayloadAsync(string accessToken, CancellationToken cancellationToken)
              {
    
    Error ./Src/PIXBacen/Paginacao.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Devolucao.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/ChargeFilter.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/InfoAdicional.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Calendario.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Horario.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Valor.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/CobrancaPayloadList.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Pix.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Pessoa.cs - Was not formatted.
      The file did not end with a single newline.
    Error ./Src/PIXBacen/Models_/Loc.cs - Was not formatted.
      The file did not end with a single newline.
    
    github-actions[bot] commented 2 months ago

    Infisical secrets check: :white_check_mark: No secrets leaked!

    Scan results:

    1:07PM INF scanning for exposed secrets...
    1:07PM INF 146 commits scanned.
    1:07PM INF scan completed in 107ms
    1:07PM INF no leaks found
    
    codacy-production[bot] commented 2 months ago

    Coverage summary from Codacy

    See diff coverage on Codacy

    Coverage variation Diff coverage
    :white_check_mark: +0.00% (target: -1.00%) :white_check_mark: โˆ…
    Coverage variation details | | Coverable lines | Covered lines | Coverage | | ------------- | ------------- | ------------- | ------------- | | Common ancestor commit (0f016eeee66e69fe8aaf7007f12948b9fbe19c14) | 75 | 1 | 1.33% | | | Head commit (5c4c1d5a20d5ae469902cde1228827fb74a6f906) | 75 (+0) | 1 (+0) | 1.33% (**+0.00%**) | **Coverage variation** is the difference between the coverage for the head and common ancestor commits of the pull request branch: ` - `
    Diff coverage details | | Coverable lines | Covered lines | Diff coverage | | ------------- | ------------- | ------------- | ------------- | | Pull request (#121) | 0 | 0 | **โˆ… (not applicable)** | **Diff coverage** is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: `/ * 100%`

    See your quality gate settings    Change summary preferences

    Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

    sonarcloud[bot] commented 2 months ago

    Quality Gate Passed Quality Gate passed

    Issues
    0 New issues
    0 Accepted issues

    Measures
    0 Security Hotspots
    0.0% Coverage on New Code
    0.0% Duplication on New Code

    See analysis details on SonarCloud

    AppVeyorBot commented 2 months ago

    :white_check_mark: Build PIX-BACEN-SDK-dotnet 1.1.351 completed (commit https://github.com/guibranco/PIX-BACEN-SDK-dotnet/commit/1523c4e462 by @gstraccini[bot])