.github/workflows/report.yml

---
name: Reporting

on:
  push:
    branches:
      - release-0.16
      - release-*

permissions: {}

jobs:
  unit-coverage:
    name: Go Unit Test Coverage
    if: github.repository_owner == 'submariner-io'
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
        with:
          fetch-depth: 0

      - name: Run Go unit tests
        run: make unit

      - name: Run SonarScan, upload Go test results and coverage
        uses: sonarsource/sonarcloud-github-action@db501078e936e4b4c8773d1bb949ba9ddb7b6b6a
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  vulnerability-scan:
    name: Vulnerability Scanning
    if: github.repository_owner == 'submariner-io'
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - name: Check out the repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      - name: Run Anchore vulnerability scanner
        uses: anchore/scan-action@896d5f410043987c8fe18f60d91bf199e436840c
        id: scan
        with:
          path: "."
          fail-build: false
      - name: Show Anchore scan SARIF report
        run: cat ${{ steps.scan.outputs.sarif }}
      - name: Upload Anchore scan SARIF report
        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}