actions/sonarqube-scan-action
2
0
Fork 0
mirror of https://github.com/SonarSource/sonarqube-scan-action.git synced 2025-12-13 01:41:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

SQSCANGHA-42 Update Scanner CLI Docker to 11.1

Browse source
This commit is contained in:
Julien HENRY 2024-09-24 11:59:38 +02:00
parent f885e52a75
commit 884b79409b
3 changed files with 90 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
.github/workflows/qa.yml vendored
View file

@ -8,6 +8,22 @@ on:
types: [opened, synchronize, reopened] types: [opened, synchronize, reopened]
jobs: jobs:
noInputsTest:
name: >
No inputs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action with args
uses: ./
env:
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert
run: |
./test/assertFileContains ./output.properties "sonar.projectBaseDir=."
argsInputTest: argsInputTest:
name: > name: >
'args' input 'args' input
@ -19,9 +35,10 @@ jobs:
- name: Run action with args - name: Run action with args
uses: ./ uses: ./
with: with:
args: -Dsonar.someArg=aValue -Dsonar.scanner.dumpToFile=./output.properties args: -Dsonar.someArg=aValue
env: env:
SONAR_HOST_URL: http://not_actually_used SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert - name: Assert
run: | run: |
./test/assertFileContains ./output.properties "sonar.someArg=aValue" ./test/assertFileContains ./output.properties "sonar.someArg=aValue"
@ -37,10 +54,10 @@ jobs:
- name: Run action with projectBaseDir - name: Run action with projectBaseDir
uses: ./ uses: ./
with: with:
args: -Dsonar.scanner.dumpToFile=./output.properties
projectBaseDir: ./baseDir projectBaseDir: ./baseDir
env: env:
SONAR_HOST_URL: http://not_actually_used SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert - name: Assert
run: | run: |
./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir" ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir"
@ -58,9 +75,9 @@ jobs:
continue-on-error: true continue-on-error: true
env: env:
SONAR_HOST_URL: http://not_actually_used SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
with: with:
projectBaseDir: ./test/gradle-project projectBaseDir: ./test/gradle-project
args: -Dsonar.scanner.dumpToFile=./output.properties
- name: Assert - name: Assert
run: | run: |
./test/assertFileExists ./output.properties ./test/assertFileExists ./output.properties
@ -78,9 +95,9 @@ jobs:
continue-on-error: true continue-on-error: true
env: env:
SONAR_HOST_URL: http://not_actually_used SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
with: with:
projectBaseDir: ./test/gradle-project projectBaseDir: ./test/gradle-project
args: -Dsonar.scanner.dumpToFile=./output.properties
- name: Assert - name: Assert
run: | run: |
./test/assertFileExists ./output.properties ./test/assertFileExists ./output.properties
@ -98,9 +115,9 @@ jobs:
continue-on-error: true continue-on-error: true
env: env:
SONAR_HOST_URL: http://not_actually_used SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
with: with:
projectBaseDir: ./test/maven-project projectBaseDir: ./test/maven-project
args: -Dsonar.scanner.dumpToFile=./output.properties
- name: Assert - name: Assert
run: | run: |
./test/assertFileExists ./output.properties ./test/assertFileExists ./output.properties
@ -145,11 +162,10 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action with debug mode - name: Run action with debug mode
uses: ./ uses: ./
with:
args: -Dsonar.scanner.dumpToFile=./output.properties
env: env:
RUNNER_DEBUG: 1 RUNNER_DEBUG: 1
SONAR_HOST_URL: http://not_actually_used SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert - name: Assert
run: | run: |
./test/assertFileContains ./output.properties "sonar.verbose=true" ./test/assertFileContains ./output.properties "sonar.verbose=true"
@ -190,3 +206,53 @@ jobs:
- name: Assert - name: Assert
run: | run: |
./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt
useSslCertificate:
name: >
'SONAR_ROOT_CERT' is converted to truststore
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run action with SSL certificate
uses: ./
env:
SONAR_ROOT_CERT: |
-----BEGIN CERTIFICATE-----
MIIFtjCCA56gAwIBAgIULroxFuPWyNOiQtAVPS/XFFMXp6owDQYJKoZIhvcNAQEL
BQAwXDELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2Vu
ZXZhMRcwFQYDVQQKDA5Tb25hclNvdXJjZSBTQTESMBAGA1UEAwwJbG9jYWxob3N0
MB4XDTI0MDQxNjA4NDUyMVoXDTM0MDQxNDA4NDUyMVowXDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2VuZXZhMRcwFQYDVQQKDA5Tb25h
clNvdXJjZSBTQTESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEArRRQF25E5NCgXdoEBU2SWyAoyOWMGVT1Ioltnr3sJP6L
MjjfozK5YgaRn504291lwlG+k6tvzTSR9HB8q3ITa8AdnwMiL7jzbveYKWIlLQ7k
dHKXWbiaIjTaZCyfnWUlDFIuR7BHwOXVwyLrBQfhoyDVaaoyowQEsUro3okIR/kB
sqM+KH8bcdl06DMMppZ8Qy1DYvPodhnNRyOSSpfbIoodE1fju+5U0OKzvGIc9WpG
5pKIysaW3whOa/ieb02SXrgoiHnYPpmmGzm4u/Wn8jGwhYQJSQT10yjMacGHwmBE
q7FUr854cVd+eend056P6pwUukdNeVHCFjYRkmWCNzIxV+sS9PPtDs77/bLFIItr
nBMHVsId38tPoru/z1S1p2dzCX3Nq09aJFF/vH2u9Sg5aerHJ7xnRroR1jIrAZtc
jBkJHEiTlG+WaavP4j6oym+lvHvgHHL3Qwhh8emg0JiLYExVV7ma70aRDh8yoQtS
zAUDMVfhVPKd92MS+7DC2pv2KviUNKqbHDFadl01JN3t+17/gstUNSk1jpoUfUhK
BeUQxVEdVUy2p0HeD/TYpRvF2FEsWneq3+ZbnRp17I/uEQOck0LP2tkzAd4tmRgH
+95yyB8MgbAfvyKWkB4+3BhtdfoYDe1asqR6z43mejDHHqgBXn+u3UKjPypKfPEC
AwEAAaNwMG4wHwYDVR0jBBgwFoAUINXfg3fn6/RUenW3EobpMoP8wDQwCQYDVR0T
BAIwADALBgNVHQ8EBAMCBPAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQW
BBRX4bsny+8GQcFpM10jtAfFxzNxzzANBgkqhkiG9w0BAQsFAAOCAgEAa+Myw6li
Fme95cPpINTite/9LXk+TlHHnXiV5Z+Um3NTLSllX3zPuRFiOE71OKFrWQPqH2N/
85l6h19G9xQsaqkkVFyQENkNzykZpJL/jU4+wgRtwcEDkaRGGURZacz3vfLTc1HX
tPDNv/JsZ5HE2d7cF5YhN4UahtxS2lvarrSujaOBpFZTT6PbEYX9EnwCdapORHOh
wKMc3OGGOiGWvRlVaWu/Huq2HvXXcK0pmaYWWKX3u21evthSYOu9U4Rk0z1y7m3/
CIYaIrvSbkzq2KKXMn7lr26bv2cthAQrPAjb2ILPUoyzKa3wEK3lkhanM6PN9CMH
y5KRTpqwV45Qr6BAVY1bP67pEkay2T31chIVKds6dkx9b2/bWpW9PWuymsbWX2vO
Q1MiaPkXKSTgCRwQUR0SNbPHw3X+VhrKKJB+beX8Bh2fcKw3jGGM8oHiA1hpdnbg
Y5fW7EupF5gabf2jNB1XJ4gowlpB3nTooKFgbcgsvi68MRdBno2TWUhsZ3zCVyaH
KFdDV0f78Fg7oL79K3kBL/iqr+jsb8sFHKIS4Dyyz2rDJrE0q0xAPes+Bu75R3/5
M/s2H7KuLqLdDYsCsMeMqOVuIcAyPp2MFWInYPyi0zY4fwKwm8f/Kv8Lzb+moxqI
Fct6d1S08JAosVnZcP2P7Yz+TbmDRtsqCgk=
-----END CERTIFICATE-----
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert
run: |
./test/assertFileContains ./output.properties "sonar.scanner.truststorePassword=changeit"

4
Dockerfile
View file

@ -1,6 +1,6 @@
FROM sonarsource/sonar-scanner-cli:10.0 FROM sonarsource/sonar-scanner-cli:11.1
LABEL version="2.1.0" \ LABEL version="3.0.0" \
repository="https://github.com/sonarsource/sonarqube-scan-action" \ repository="https://github.com/sonarsource/sonarqube-scan-action" \
homepage="https://github.com/sonarsource/sonarqube-scan-action" \ homepage="https://github.com/sonarsource/sonarqube-scan-action" \
maintainer="SonarSource" \ maintainer="SonarSource" \

21
entrypoint.sh
View file

@ -1,6 +1,8 @@
#!/bin/bash #!/bin/bash
set -e set -eo pipefail
declare -a args=()
if [[ -z "${SONAR_TOKEN}" ]]; then if [[ -z "${SONAR_TOKEN}" ]]; then
echo "============================ WARNING ============================" echo "============================ WARNING ============================"
@ -9,10 +11,15 @@ if [[ -z "${SONAR_TOKEN}" ]]; then
fi fi
if [[ -n "${SONAR_ROOT_CERT}" ]]; then if [[ -n "${SONAR_ROOT_CERT}" ]]; then
echo "Adding custom root certificate to java certificate store" echo "Adding custom root certificate to the scanner truststore"
rm -f /tmp/tmpcert.pem rm -f /tmp/tmpcert.pem
echo "${SONAR_ROOT_CERT}" > /tmp/tmpcert.pem echo "${SONAR_ROOT_CERT}" > /tmp/tmpcert.pem
keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem # we can't use the default "sonar" password as keytool requires a password with at least 6 characters
args+=("-Dsonar.scanner.truststorePassword=changeit")
mkdir -p $SONAR_USER_HOME/ssl
keytool -storetype PKCS12 -keystore $SONAR_USER_HOME/ssl/truststore.p12 -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem
# for older SQ versions < 10.6
export SONAR_SCANNER_OPTS="${SONAR_SCANNER_OPTS:-} -Djavax.net.ssl.trustStore=$SONAR_USER_HOME/ssl/truststore.p12 -Djavax.net.ssl.trustStorePassword=changeit"
fi fi
if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
@ -25,12 +32,14 @@ if [[ -f "${INPUT_PROJECTBASEDIR%/}/build.gradle" || -f "${INPUT_PROJECTBASEDIR
to get more accurate results." to get more accurate results."
fi fi
debug_flag=''
if [[ "$RUNNER_DEBUG" == '1' ]]; then if [[ "$RUNNER_DEBUG" == '1' ]]; then
debug_flag='--debug' args+=("--debug")
fi fi
unset JAVA_HOME unset JAVA_HOME
sonar-scanner $debug_flag -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS} args+=("-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}")
sonar-scanner "${args[@]}" ${INPUT_ARGS}