TRK-106 - [FIX] Implement CI + SonarQube and Deploy

[williamantoniazzi]

PR DESCRIPTION:

This Pull Request significantly upgrades the Continuous Integration/Continuous Deployment (CI/CD) pipeline for the Track5SEM2023SERVER Go backend project. The changes introduce a more robust, modular, and secure workflow, ensuring higher code quality and controlled deployments. Key enhancements include a pre-validation step for Jira issue linking, clear separation of linting, building, unit testing, and integration testing phases, optimized Go module caching, and a refined deployment strategy.

JIRA LINK:

• Jira: TRK-106 - Implementar SonarQube

WHAT WAS DONE OR CHANGED:

• Introduced jira-branch-validation Job:
  • A new initial job to validate if the current branch name corresponds to an existing Jira issue.
  • Exceptions: Configured to skip validation for main, sprint-* branches, and internal GitHub PR merge/head refs (pull/<PR_NUMBER>/merge, pull/<PR_NUMBER>/head).
  • Failure Condition: The job fails if a Jira issue key cannot be extracted or if the extracted issue does not exist in Jira (for non-exempt branches).
• Refactored CI Workflow Jobs:
  • The previous monolithic test/build job was split into distinct, sequential stages for better modularity and clearer feedback.
  • lint-and-build Job:
    • Dedicated to Go code linting (using GolangCI-Lint), formatting (go fmt), dependency management (go mod tidy, go mod download), and application building (go build).
    • All subsequent jobs now depend on this job.
  • unit-tests Job:
    • Specifically runs unit tests with coverage generation (go test -coverprofile).
    • Separation of Concerns: The -tags=integration flag was removed from this job to ensure it only runs unit tests, allowing integration tests to be handled separately.
    • Handles .env file creation for test environment configuration.
    • Uploads the coverage.out report as an artifact.
  • integration-tests Job:
    • A new job dedicated to running integration tests.
    • Executes go test -tags=integration ./... to specifically target integration tests.
    • Depends on unit-tests, ensuring integration tests run only after unit tests pass.
    • Also sets up .env files for its environment.
• Optimized Go Module Caching:
  • Removed redundant actions/cache@v4 steps.
  • Configured actions/setup-go@v5 with cache: true and cache-dependency-path: src/go.sum in all relevant jobs (lint-and-build, unit-tests, integration-tests) for efficient and correct caching of Go modules.
• Sonar Analysis Jobs (sonarcloud-analysis, sonarqube-selfhosted):
  • Now explicitly depend on unit-tests to ensure coverage reports are available for analysis.
  • Parameters for sonar.go.coverage.reportPaths are correctly set to src/coverage.out.
• deploy Job Enhancements:
  • Strict Dependencies: The deployment now explicitly depends on the successful completion of sonarcloud-analysis, sonarqube-selfhosted, and integration-tests, acting as a final quality gate.
  • Deployment Path: Updated the remote deployment directory to /app/Track-5Sem2025SERVER.
  • Branch Conditions: Deployment is triggered only on push or pull_request events targeting main or any sprint-* branch.

HOW TO TEST:

To validate the CI/CD pipeline changes:

1. Trigger Workflow:

   • Valid Jira Branch: Create a new branch with a valid Jira issue key in its name (e.g., TRK-XXX-my-feature-branch). Push to this branch.
   • Exempt Branch Push: Push a new commit to the main branch or any sprint-X branch (e.g., sprint-101).
   • Pull Request (Exempt Target): Open a Pull Request targeting the main branch or any sprint-X branch.
   • Invalid Jira Branch (Expected Failure): Create a branch with an invalid or non-existent Jira issue key (e.g., INVALID-999-my-feature). Push to this branch.
   • Verify: Ensure the workflow triggers correctly for the specified conditions and that the jira-branch-validation job behaves as expected (passes for valid/exempt, fails for invalid).

2. Monitor GitHub Actions:

   • Navigate to the "Actions" tab of your GitHub repository.
   • Observe the triggered workflow runs, paying close attention to the order and status of the jobs.

3. Verify Job Execution and Dependencies:

   • Confirm that jira-branch-validation is the first job and its status aligns with the branch name.
   • Ensure lint-and-build runs only after jira-branch-validation passes.
   • Confirm unit-tests runs only after lint-and-build completes successfully.
   • Confirm integration-tests runs only after unit-tests completes successfully.
   • Confirm sonarcloud-analysis and sonarqube-selfhosted run after unit-tests.
   • Confirm that the deploy job runs only if all preceding quality gates (sonarcloud-analysis, sonarqube-selfhosted, and integration-tests) pass.
   • Review logs for each job to ensure commands execute as expected (e.g., linting output, build success, test results, cache hits/misses).

4. Verify Remote Deployment (for main and sprint-* pushes/PRs):

   • SSH into your remote Ubuntu VM (e.g., ssh YOUR_USER@YOUR_SERVER_IP).
   • Navigate to the project directory: cd /app/Track-5Sem2025SERVER.
   • Verify that the files in this directory are the latest from the branch that triggered the deploy.
   • Run git branch and git log --oneline to confirm the correct branch is checked out and the latest commits are present.

5. Verify Sonar Reports:

   • Check your SonarCloud and SonarQube instances to confirm that new analysis reports have been generated and updated for the respective branches/PRs.
   • Verify that code coverage data is correctly imported and displayed.

CHECKLIST:

• The code compiles without errors
• Tests (if any) pass
• Linter/GitHub Actions passed
• Reviewed locally
• Test coverage maintained or increased

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud