SQSCANGHA-40 Restore permission fix for files in the project basedir

2025-12-12 17:31:15 +00:00 · 2024-07-02 09:56:02 +02:00 · 2024-07-02 09:56:02 +02:00 · aecaf43ae5
commit aecaf43ae5
parent 540792c588
2 changed files with 42 additions and 5 deletions
--- a/.github/workflows/qa.yml
+++ b/.github/workflows/qa.yml
@ -153,3 +153,40 @@ jobs:
      - name: Assert
        run: |
          ./test/assertFileContains ./output.properties "sonar.verbose=true"
+  runAnalysisWithCacheTest:
+    runs-on: ubuntu-latest
+    services:
+      sonarqube:
+        image: sonarqube:lts-community
+        ports:
+          - 9000:9000
+        volumes:
+          - sonarqube_data:/opt/sonarqube/data
+          - sonarqube_logs:/opt/sonarqube/logs
+          - sonarqube_extensions:/opt/sonarqube/extensions
+        options: >-
+          --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: SonarQube Cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/.sonar/cache
+          key: ${{ runner.os }}-sonar
+      - name: Run action on sample project
+        id: runTest
+        uses: ./
+        env:
+          SONAR_HOST_URL: http://sonarqube:9000
+          SONAR_USER_HOME: ${{ github.workspace }}/.sonar
+        with:
+          args: -Dsonar.login=admin -Dsonar.password=admin
+          projectBaseDir: ./test/example-project
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt
--- a/cleanup.sh
+++ b/cleanup.sh
@ -2,12 +2,12 @@

 set -e

-if [ ! -d "${INPUT_PROJECTBASEDIR%/}/.scannerwork" ]; then
-    echo ".scannerwork directory not found; nothing to clean up."
-    exit
-fi
+# Reset all files permissions to the default Runner user and group to allow the follow up steps (mainly cache) to access all files.

+# Assume that the first (non-hidden) file in the project directory is one from the project, and not one written by the scanner
 _tmp_file=$(ls "${INPUT_PROJECTBASEDIR%/}/" | head -1)
+echo "Reading permissions from $_tmp_file"
 PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR%/}/$_tmp_file")

-chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/.scannerwork/"
+echo "Applying permissions $PERM to all files in the project base directory"
+chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/"