diff --git a/.github/qa-nginx-redirecting/compose.yml b/.github/qa-nginx-redirecting/compose.yml index 3c405d1..e16c41d 100644 --- a/.github/qa-nginx-redirecting/compose.yml +++ b/.github/qa-nginx-redirecting/compose.yml @@ -5,8 +5,10 @@ services: - 8080:8080 volumes: - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.conf:/etc/nginx/nginx.conf:ro + - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.crt:/etc/nginx/nginx.crt:ro + - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.key:/etc/nginx/nginx.key:ro healthcheck: - test: ["CMD", "curl", "--fail", "localhost:8080/health"] + test: ["CMD", "curl", "--fail", "--insecure", "https://localhost:8080/health"] interval: 10s timeout: 5s retries: 20 diff --git a/.github/qa-nginx-redirecting/generate-ssl.sh b/.github/qa-nginx-redirecting/generate-ssl.sh new file mode 100755 index 0000000..bf0b89e --- /dev/null +++ b/.github/qa-nginx-redirecting/generate-ssl.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Generate self-signed SSL certificate for localhost with 1-day expiry +openssl req -x509 -nodes -days 1 -newkey rsa:2048 \ + -keyout nginx.key \ + -out nginx.crt \ + -subj "/C=US/ST=CA/L=Local/O=Test/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + +echo "SSL certificates generated with 1-day expiry: nginx.crt and nginx.key" \ No newline at end of file diff --git a/.github/qa-nginx-redirecting/nginx.conf b/.github/qa-nginx-redirecting/nginx.conf index d1df2e6..bccd0d8 100644 --- a/.github/qa-nginx-redirecting/nginx.conf +++ b/.github/qa-nginx-redirecting/nginx.conf @@ -18,7 +18,9 @@ http { include /etc/nginx/conf.d/*.conf; server { - listen 8080; + listen 8080 ssl; + ssl_certificate /etc/nginx/nginx.crt; + ssl_certificate_key /etc/nginx/nginx.key; location /health { add_header 'Content-Type' 'text/plain'; diff --git a/.github/workflows/qa-main.yml b/.github/workflows/qa-main.yml index f2fb805..cc0abf2 100644 --- a/.github/workflows/qa-main.yml +++ b/.github/workflows/qa-main.yml @@ -207,8 +207,7 @@ jobs: SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' - name: Assert run: | - # The new JavaScript implementation uses @actions/tool-cache which caches tools differently - # Instead of checking for the zip file, verify the tool was installed by checking it's in PATH + # Verify the tool was installed by checking it's in PATH if ! command -v sonar-scanner &> /dev/null; then echo "Error: sonar-scanner not found in PATH" exit 1 @@ -482,6 +481,9 @@ jobs: then exit 1 fi + - name: Generate SSL certificates for nginx + run: ./generate-ssl.sh + working-directory: .github/qa-nginx-redirecting - name: Start nginx via Docker Compose run: docker compose up -d --wait working-directory: .github/qa-nginx-redirecting @@ -490,14 +492,19 @@ jobs: uses: ./ with: scannerVersion: 6.2.1.4610 - scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries + scannerBinariesUrl: https://localhost:8080/clientRedirectToSonarBinaries env: NO_CACHE: true + NODE_TLS_REJECT_UNAUTHORIZED: 0 SONAR_HOST_URL: http://not_actually_used SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output1.properties"}' - name: Assert Sonar Scanner CLI was downloaded run: | - ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip" + # Verify the tool was installed by checking it's in PATH + if ! command -v sonar-scanner &> /dev/null; then + echo "Error: sonar-scanner not found in PATH" + exit 1 + fi useSslCertificate: name: > 'SONAR_ROOT_CERT' is converted to truststore