From d740a3e26e3c6a661e26e3d7a3de7e8491802cef Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Tue, 11 Nov 2025 08:36:36 +0000
Subject: [PATCH] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7d3eafa3..7354507e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,7 @@ cache:
     - .cache
 
 # ============================================================
-# 🧠 Step 1: Security Scan dengan gosec (pakai Go 1.24)
+# 🧠 Step 1: Security Scan dengan gosec (tidak hentikan pipeline)
 # ============================================================
 gosec_scan:
   stage: scan
@@ -15,7 +15,8 @@ gosec_scan:
   script:
     - go install github.com/securego/gosec/v2/cmd/gosec@latest
     - echo "🔍 Menjalankan scan keamanan Go..."
-    - gosec -fmt=json -out=gosec-report.json ./...
+    # Jalankan gosec, tapi jangan hentikan pipeline walau ada temuan
+    - gosec -fmt=json -out=gosec-report.json ./... || true
     - echo "📄 Jumlah issue terdeteksi:" && cat gosec-report.json | jq '.Issues | length'
   artifacts:
     when: always
@@ -27,7 +28,7 @@ gosec_scan:
     - devops-ec2
 
 # ============================================================
-# 🧱 Step 2: Analisis SonarQube
+# 🧱 Step 2: Analisis SonarQube (gabung hasil gosec)
 # ============================================================
 sonarqube_analysis:
   stage: scan
@@ -35,23 +36,38 @@ sonarqube_analysis:
   script:
     - echo "🚀 Menjalankan analisis SonarQube..."
     - if [ -f "go.mod" ]; then go test ./... -coverprofile=coverage.out || true; fi
+
+    # (Opsional) ubah report JSON gosec jadi format kompatibel SonarQube Generic Issue
+    - echo "🧩 Mengonversi hasil gosec untuk SonarQube..."
+    - |
+      cat > gosec-generic-report.json <<'EOF'
+      {
+        "issues": []
+      }
+      EOF
+    - |
+      jq -r '.Issues[] | {engineId: "gosec", ruleId: .rule_id, primaryLocation: {message: .details, filePath: .file, textRange: {startLine: .line}}, type: "VULNERABILITY", severity: .severity}' gosec-report.json |
+      jq -s '{issues: .}' > gosec-generic-report.json
+
+    # Jalankan analisis SonarQube dan sertakan laporan gosec
     - sonar-scanner \
         -Dsonar.projectKey="mbu-lti-backend" \
         -Dsonar.projectName="MBU LTI Backend" \
         -Dsonar.sources="." \
         -Dsonar.host.url="https://status.mbugroup.id/sonar" \
         -Dsonar.login="sqp_97b3cb2f80ce932fb07b5641aeecc8704b76d1a7" \
+        -Dsonar.externalIssuesReportPaths="gosec-generic-report.json" \
         -Dsonar.go.coverage.reportPaths="coverage.out" \
         -Dsonar.sourceEncoding="UTF-8" \
         -Dsonar.verbose=true
-  only:
-    - devops-ec2
-  allow_failure: false
   dependencies:
     - gosec_scan
   artifacts:
     when: always
     paths:
       - .scannerwork
+      - gosec-generic-report.json
       - coverage.out
-    expire_in: 1 week
\ No newline at end of file
+    expire_in: 1 week
+  only:
+    - devops-ec2
\ No newline at end of file