SQSCANGHA-112 Fix redirect test to deal with TLS

2025-12-12 17:31:15 +00:00 · 2025-09-10 13:24:57 +02:00 · 2025-09-10 13:24:57 +02:00 · d499f5eeb2
commit d499f5eeb2
parent b107c55b9a
4 changed files with 27 additions and 6 deletions
--- a/.github/qa-nginx-redirecting/compose.yml
+++ b/.github/qa-nginx-redirecting/compose.yml
@ -5,8 +5,10 @@ services:
      - 8080:8080
    volumes:
      - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.conf:/etc/nginx/nginx.conf:ro
+      - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.crt:/etc/nginx/nginx.crt:ro
+      - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.key:/etc/nginx/nginx.key:ro
    healthcheck:
-      test: ["CMD", "curl", "--fail", "localhost:8080/health"]
+      test: ["CMD", "curl", "--fail", "--insecure", "https://localhost:8080/health"]
      interval: 10s
      timeout: 5s
      retries: 20
--- a/.github/qa-nginx-redirecting/generate-ssl.sh
+++ b/.github/qa-nginx-redirecting/generate-ssl.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Generate self-signed SSL certificate for localhost with 1-day expiry
+openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
+  -keyout nginx.key \
+  -out nginx.crt \
+  -subj "/C=US/ST=CA/L=Local/O=Test/CN=localhost" \
+  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
+
+echo "SSL certificates generated with 1-day expiry: nginx.crt and nginx.key"
--- a/.github/qa-nginx-redirecting/nginx.conf
+++ b/.github/qa-nginx-redirecting/nginx.conf
@ -18,7 +18,9 @@ http {
    include /etc/nginx/conf.d/*.conf;

    server {
-        listen 8080;
+        listen 8080 ssl;
+        ssl_certificate /etc/nginx/nginx.crt;
+        ssl_certificate_key /etc/nginx/nginx.key;

        location /health {
            add_header 'Content-Type' 'text/plain';
--- a/.github/workflows/qa-main.yml
+++ b/.github/workflows/qa-main.yml
@ -207,8 +207,7 @@ jobs:
          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
      - name: Assert
        run: |
-          # The new JavaScript implementation uses @actions/tool-cache which caches tools differently
-          # Instead of checking for the zip file, verify the tool was installed by checking it's in PATH
+          # Verify the tool was installed by checking it's in PATH
          if ! command -v sonar-scanner &> /dev/null; then
            echo "Error: sonar-scanner not found in PATH"
            exit 1
@ -482,6 +481,9 @@ jobs:
          then
            exit 1
          fi
+      - name: Generate SSL certificates for nginx
+        run: ./generate-ssl.sh
+        working-directory: .github/qa-nginx-redirecting
      - name: Start nginx via Docker Compose
        run: docker compose up -d --wait
        working-directory: .github/qa-nginx-redirecting
@ -490,14 +492,19 @@ jobs:
        uses: ./
        with:
          scannerVersion: 6.2.1.4610
-          scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries
+          scannerBinariesUrl: https://localhost:8080/clientRedirectToSonarBinaries
        env:
          NO_CACHE: true
+          NODE_TLS_REJECT_UNAUTHORIZED: 0
          SONAR_HOST_URL: http://not_actually_used
          SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output1.properties"}'
      - name: Assert Sonar Scanner CLI was downloaded
        run: |
-          ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
+          # Verify the tool was installed by checking it's in PATH
+          if ! command -v sonar-scanner &> /dev/null; then
+            echo "Error: sonar-scanner not found in PATH"
+            exit 1
+          fi
  useSslCertificate:
    name: >
      'SONAR_ROOT_CERT' is converted to truststore