diff --git a/scripts/run-sonar-scanner-cli.sh b/scripts/run-sonar-scanner-cli.sh deleted file mode 100755 index d8615e8..0000000 --- a/scripts/run-sonar-scanner-cli.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/env bash - -set -eo pipefail - -if [[ "$RUNNER_OS" == "Windows" ]]; then - SCANNER_BIN="sonar-scanner.bat" -else - SCANNER_BIN="sonar-scanner" -fi - -scanner_args=() -if [[ ${SONARCLOUD_URL} ]]; then - scanner_args+=("-Dsonar.scanner.sonarcloudUrl=${SONARCLOUD_URL}") -fi - -if [[ "$RUNNER_DEBUG" == '1' ]]; then - scanner_args+=('--debug') -fi - -if [[ -n "${INPUT_PROJECTBASEDIR}" ]]; then - scanner_args+=("-Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR}") -fi - -# The SSL folder may exist on an uncleaned self-hosted runner -SONAR_SSL_FOLDER=~/.sonar/ssl -# Use keytool for now, as SonarQube 10.6 and below doesn't support openssl generated keystores -# keytool requires a password > 6 characters, so we won't use the default password 'sonar' -KEYTOOL_MAIN_CLASS=sun.security.tools.keytool.Main -SONAR_SSL_TRUSTSTORE_FILE="$SONAR_SSL_FOLDER/truststore.p12" -SONAR_SSL_TRUSTSTORE_PASSWORD=changeit - -if [ -f "$SONAR_SSL_TRUSTSTORE_FILE" ]; then - ALIAS_SONAR_IS_PRESENT=true - - "$SONAR_SCANNER_JRE/bin/java" "$KEYTOOL_MAIN_CLASS" \ - -storetype PKCS12 \ - -keystore "$SONAR_SSL_TRUSTSTORE_FILE" \ - -storepass "$SONAR_SSL_TRUSTSTORE_PASSWORD" \ - -noprompt \ - -trustcacerts \ - -list -v -alias sonar > /dev/null 2>&1 || { - ALIAS_SONAR_IS_PRESENT=false - echo "Existing Scanner truststore $SONAR_SSL_TRUSTSTORE_FILE does not contain 'sonar' alias" - } - - if [[ $ALIAS_SONAR_IS_PRESENT == "true" ]]; then - echo "Removing 'sonar' alias from already existing Scanner truststore: $SONAR_SSL_TRUSTSTORE_FILE" - "$SONAR_SCANNER_JRE/bin/java" "$KEYTOOL_MAIN_CLASS" \ - -storetype PKCS12 \ - -keystore "$SONAR_SSL_TRUSTSTORE_FILE" \ - -storepass "$SONAR_SSL_TRUSTSTORE_PASSWORD" \ - -noprompt \ - -trustcacerts \ - -delete \ - -alias sonar - fi -fi - -if [[ -n "${SONAR_ROOT_CERT}" ]]; then - echo "Adding SSL certificate to the Scanner truststore" - rm -f $RUNNER_TEMP/tmpcert.pem - echo "${SONAR_ROOT_CERT}" > $RUNNER_TEMP/tmpcert.pem - mkdir -p "$SONAR_SSL_FOLDER" - "$SONAR_SCANNER_JRE/bin/java" "$KEYTOOL_MAIN_CLASS" \ - -storetype PKCS12 \ - -keystore "$SONAR_SSL_TRUSTSTORE_FILE" \ - -storepass "$SONAR_SSL_TRUSTSTORE_PASSWORD" \ - -noprompt \ - -trustcacerts \ - -importcert \ - -alias sonar \ - -file "$RUNNER_TEMP/tmpcert.pem" - scanner_args+=("-Dsonar.scanner.truststorePassword=$SONAR_SSL_TRUSTSTORE_PASSWORD") -fi - -# split input args correctly (passed through INPUT_ARGS env var to avoid execution of injected command) -args=() -if [[ -n "${INPUT_ARGS}" ]]; then -# the regex recognizes args with values in single or double quotes (without character escaping), and args without quotes as well -# more specifically, the following patterns: -Darg="value", -Darg='value', -Darg=value, "-Darg=value" and '-Darg=value' - IFS=$'\n'; args=($(echo ${INPUT_ARGS} | egrep -o '[^" '\'']+="[^"]*"|[^" '\'']+='\''[^'\'']*'\''|[^" '\'']+|"[^"]+"|'\''[^'\'']+'\''')) -fi - -for arg in "${args[@]}"; do - scanner_args+=("$arg") -done - -set -ux - -$SCANNER_BIN ${scanner_args[@]+"${scanner_args[@]}"} - diff --git a/scripts/run-sonar-scanner.sh b/scripts/run-sonar-scanner.sh deleted file mode 100755 index 87d0c6a..0000000 --- a/scripts/run-sonar-scanner.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -# run the sonar scanner cli -cmd=(${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh "${INPUT_ARGS}") -"${cmd[@]}"