update bk pipeline (#40)

* update buildkite pipeline

Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>

* pre-commit config

Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>

---------

Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>

Author: golanglemonade

.buildkite/pipeline.yml

@@ -21,32 +21,20 @@ steps:
         cancel_on_build_failing: true
         plugins:
           - docker#v5.12.0:
-              image: golang:1.23.0
+              image: golang:1.23.3
               always-pull: true
               command: ["go", "test", "-coverprofile=coverage.out", "./..."]
               environment:
                 - "GOTOOLCHAIN=auto"
         artifact_paths: ["coverage.out"]
-  - group: ":closed_lock_with_key: Security Checks"
-    depends_on: "go_test"
-    key: "security"
-    steps:
-      - label: ":closed_lock_with_key: gosec"
-        key: "gosec"
-        plugins:
-          - docker#v5.12.0:
-              image: "registry.hub.docker.com/securego/gosec:2.20.0"
-              command: ["-no-fail", "-exclude-generated", "-fmt sonarqube", "-out", "results.txt", "./..."]
-              environment:
-                - "GOTOOLCHAIN=auto"
-        artifact_paths: ["results.txt"]
       - label: ":github: upload PR reports"
         key: "scan-upload-pr"
         if: build.pull_request.id != null
-        depends_on: ["gosec", "go_test"]
+        depends_on: ["go_test"]
         plugins:
-          - artifacts#v1.9.4:
-              download: "results.txt"
+          - cluster-secrets#v1.0.0:
+              variables:
+                SONAR_TOKEN: SONAR_TOKEN
           - artifacts#v1.9.4:
               download: "coverage.out"
               step: "go_test"
@@ -59,10 +47,11 @@ steps:
       - label: ":github: upload reports"
         key: "scan-upload"
         if: build.branch == "main"
-        depends_on: ["gosec", "go_test"]
+        depends_on: ["go_test"]
         plugins:
-          - artifacts#v1.9.4:
-              download: results.txt
+          - cluster-secrets#v1.0.0:
+              variables:
+                SONAR_TOKEN: SONAR_TOKEN
           - artifacts#v1.9.4:
               download: coverage.out
               step: "go_test"

.pre-commit-config.yaml

@@ -2,16 +2,16 @@ default_stages: [pre-commit]
 fail_fast: true
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       - id: detect-private-key
         exclude: providers/gmail/gmail_test.go
   - repo: https://github.com/google/yamlfmt
-    rev: v0.13.0
+    rev: v0.14.0
     hooks:
       - id: yamlfmt
   - repo: https://github.com/crate-ci/typos
-    rev: v1.24.6
+    rev: v1.27.3
     hooks:
       - id: typos

go.mod

@@ -1,6 +1,6 @@
 module github.com/theopenlane/newman
 
-go 1.23.1
+go 1.23.3
 
 require (
 	github.com/mailgun/mailgun-go/v4 v4.17.3

sonar-project.properties

@@ -12,5 +12,4 @@ sonar.test.inclusions=**/*_test.go
 sonar.test.exclusions=**/vendor/**
 
 sonar.sourceEncoding=UTF-8
-sonar.go.coverage.reportPaths=coverage.out
-sonar.externalIssuesReportPaths=results.txt
+sonar.go.coverage.reportPaths=coverage.out