From 8bac813cfc1c3b0bb4a31ad5775b3cb40d81faf3 Mon Sep 17 00:00:00 2001
From: Aditya-Mane1 <aditya.mane@aptlogica.com>
Date: Mon, 13 Apr 2026 16:23:29 +0530
Subject: [PATCH 1/3] removing jenkins and update sonar

---
 .github/workflows/sonar.yml | 53 +++++++++++++++++++++++++++++++++++++
 .github/workflows/trivy.yml | 32 ++++++++++++++++++++++
 Jenkinsfile                 | 45 -------------------------------
 sonar-project.properties    |  2 +-
 4 files changed, 86 insertions(+), 46 deletions(-)
 create mode 100644 .github/workflows/sonar.yml
 create mode 100644 .github/workflows/trivy.yml
 delete mode 100644 Jenkinsfile

diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
new file mode 100644
index 00000000..dc523b56
--- /dev/null
+++ b/.github/workflows/sonar.yml
@@ -0,0 +1,53 @@
+name: Sonar Scan
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+      - master
+      - 'release/**'
+  pull_request:
+    
+jobs:
+  sonar:
+    name: Sonar Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.26.2'
+
+      - name: Install dependencies
+        run: go mod download
+
+      - name: Run tests with coverage
+        run: |
+          go test -v ./... \
+            -coverprofile=coverage.out \
+            -covermode=atomic \
+            -coverpkg=./...
+      
+      - name: Show coverage summary
+        run: |
+          go tool cover -func=coverage.out
+
+      - name: Sonar Scan
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # - name: Sonar Quality Gate
+      #   uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
+      #   timeout-minutes: 10
+      #   env:
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      #     SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 00000000..211fdec7
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,32 @@
+name: Security - Trivy
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  trivy:
+    name: Trivy Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run Trivy Scan
+        uses: aquasecurity/trivy-action@v0.35.0
+        with:
+          scan-type: fs
+          format: sarif
+          output: trivy-results.sarif
+          severity: CRITICAL,HIGH
+
+      - name: Upload results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: trivy-results.sarif
diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index e79ee693..00000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,45 +0,0 @@
-pipeline {
-  agent any
-
-  stages {
-    stage('Checkout Code') {
-      steps {
-        checkout scm
-      }
-    }
-
-    stage('Install Dependencies') {
-      steps {
-        sh 'npm ci'
-      }
-    }
-
-    stage('Run Tests with Coverage') {
-      steps {
-        sh 'npm run test:coverage'
-      }
-    }
-
-    stage('SonarQube Analysis') {
-      steps {
-        script {
-          // Get path to the installed Sonar Scanner tool
-          def scannerHome = tool 'SonarScanner'
-
-          withSonarQubeEnv('aptl-sonar') {
-            // Run the scanner binary
-            sh "${scannerHome}/bin/sonar-scanner"
-          }
-        }
-      }
-    }
-
-    stage('Quality Gate') {
-      steps {
-        timeout(time: 10, unit: 'MINUTES') {
-          waitForQualityGate abortPipeline: true
-        }
-      }
-    }
-  }
-}
diff --git a/sonar-project.properties b/sonar-project.properties
index 70086a3f..a6fb4e32 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,4 +1,4 @@
-sonar.projectKey=aptlogica_base-ui_6f26c5b2-1866-41a0-b97a-867b45ceecdb
+sonar.projectKey=aptlogica_base-ui
 
 # Exclude test/support files, SDK, configs, and non-app sources from analysis
 sonar.exclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx,**/__tests__/**,**/__test__/**,src/test/**,sdk/**,webpack.config.js,Dockerfile,**/*.stories.*,playwright.config.*,examples/**,src/types/**,src/**/types/**

From 70bdd83ffee5c8ee36ee4524b1f39a2d988c6586 Mon Sep 17 00:00:00 2001
From: Aditya-Mane1 <aditya.mane@aptlogica.com>
Date: Mon, 13 Apr 2026 18:14:51 +0530
Subject: [PATCH 2/3] update sonar properties

---
 .github/workflows/sonar.yml | 1 +
 sonar-project.properties    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index dc523b56..b468c05f 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -44,6 +44,7 @@ jobs:
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+          SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }}
 
       # - name: Sonar Quality Gate
       #   uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
diff --git a/sonar-project.properties b/sonar-project.properties
index a6fb4e32..edca896b 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,5 +1,5 @@
 sonar.projectKey=aptlogica_base-ui
-
+sonar.organization=aptlogica
 # Exclude test/support files, SDK, configs, and non-app sources from analysis
 sonar.exclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx,**/__tests__/**,**/__test__/**,src/test/**,sdk/**,webpack.config.js,Dockerfile,**/*.stories.*,playwright.config.*,examples/**,src/types/**,src/**/types/**
 

From bf1a28e7679190549e3eb6c565ebdf366b771573 Mon Sep 17 00:00:00 2001
From: Aditya-Mane1 <aditya.mane@aptlogica.com>
Date: Mon, 13 Apr 2026 18:32:53 +0530
Subject: [PATCH 3/3] update sonar.yml

---
 .github/workflows/sonar.yml | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
index b468c05f..dfc8d6d5 100644
--- a/.github/workflows/sonar.yml
+++ b/.github/workflows/sonar.yml
@@ -8,6 +8,9 @@ on:
       - master
       - 'release/**'
   pull_request:
+
+permissions:
+  contents: read
     
 jobs:
   sonar:
@@ -20,24 +23,16 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Go
-        uses: actions/setup-go@v5
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
         with:
-          go-version: '1.26.2'
+          node-version: '20'
 
       - name: Install dependencies
-        run: go mod download
+        run: npm ci
 
       - name: Run tests with coverage
-        run: |
-          go test -v ./... \
-            -coverprofile=coverage.out \
-            -covermode=atomic \
-            -coverpkg=./...
-      
-      - name: Show coverage summary
-        run: |
-          go tool cover -func=coverage.out
+        run: npm run test:coverage
 
       - name: Sonar Scan
         uses: SonarSource/sonarqube-scan-action@v6