From fd8151470cb91deec07a2108fd823075265dd63c Mon Sep 17 00:00:00 2001 From: Benjamin Svobodny Date: Tue, 5 Jul 2022 09:15:01 -0400 Subject: [PATCH 1/2] SQSCANGHA-3 Permission cleanup doesn't run if the scanner exits with a non-0 code (#33) --- .github/workflows/qa.yml | 2 +- Dockerfile | 2 ++ action.yml | 2 ++ cleanup.sh | 8 ++++++++ entrypoint.sh | 4 ---- test/run-qa.sh | 1 + 6 files changed, 14 insertions(+), 5 deletions(-) create mode 100755 cleanup.sh diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 2b903ba..f606eb6 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -1,6 +1,6 @@ name: QA -on: push +on: [push, pull_request] jobs: run_qa: diff --git a/Dockerfile b/Dockerfile index 65a7e68..8f3541f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,4 +12,6 @@ LABEL version="1.1.0" \ COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh +COPY cleanup.sh /cleanup.sh +RUN chmod +x /cleanup.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/action.yml b/action.yml index 1d0e4ed..b2baff6 100644 --- a/action.yml +++ b/action.yml @@ -7,6 +7,8 @@ branding: runs: using: docker image: Dockerfile + entrypoint: "/entrypoint.sh" + post-entrypoint: "/cleanup.sh" inputs: args: description: Additional arguments to the sonar-scanner diff --git a/cleanup.sh b/cleanup.sh new file mode 100755 index 0000000..e499d4a --- /dev/null +++ b/cleanup.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1) +PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file") + +chown -R $PERM "${INPUT_PROJECTBASEDIR}/" \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index f4c1fed..ab61c98 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -27,7 +27,3 @@ unset JAVA_HOME sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS} -_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1) -PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file") - -chown -R $PERM "${INPUT_PROJECTBASEDIR}/" diff --git a/test/run-qa.sh b/test/run-qa.sh index e822da5..397d3ba 100755 --- a/test/run-qa.sh +++ b/test/run-qa.sh @@ -91,6 +91,7 @@ success "Correctly failed fast." info "Analyze project..." cd test/example-project/ docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action +docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --entrypoint /cleanup.sh sonarsource/sonarqube-scan-action if [[ ! $? -eq 0 ]]; then error "Couldn't run the analysis." exit 1 From 26fe7d6b0e98ba2cb47335347aa5d23311ac5733 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Dvo=C5=99=C3=A1k?= <484607+mdvorak@users.noreply.github.com> Date: Tue, 5 Jul 2022 16:29:32 +0200 Subject: [PATCH 2/2] SQSCANGHA-4 Publish MAJOR and MAJOR.MINOR tags in addition to MAJOR.MINOR.PATCH (#35) --- .github/workflows/update-tags.yml | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/update-tags.yml diff --git a/.github/workflows/update-tags.yml b/.github/workflows/update-tags.yml new file mode 100644 index 0000000..39f1b55 --- /dev/null +++ b/.github/workflows/update-tags.yml @@ -0,0 +1,32 @@ +name: Update Tags + +on: + push: + tags: + - v*.*.* + +jobs: + generate: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Parse semver + uses: madhead/semver-utils@v2 + id: version + with: + version: ${{ github.ref_name }} + + - name: Update tags + run: | + TAGS='v${{ steps.version.outputs.major }} v${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}' + + for t in $TAGS; do + git tag -f "$t" + git push origin ":$t" 2>/dev/null || true + git push origin "$t" + done