SQSCANGHA-44 Fix import custom certificates

2025-12-14 18:31:14 +00:00 · 2024-08-15 16:53:09 +02:00 · 2024-08-15 16:53:09 +02:00 · eb87f55c65
commit eb87f55c65
parent 2af7c4bea3
3 changed files with 18 additions and 10 deletions
--- a/.github/workflows/qa.yml
+++ b/.github/workflows/qa.yml
@ -19,7 +19,7 @@ jobs:
      - name: Run action with args
        uses: ./
        with:
-          args: -Dsonar.someArg=aValue -Dsonar.scanner.dumpToFile=./output.properties
+          args: -Dsonar.someArg=aValue -Dsonar.scanner.internal.dumpToFile=./output.properties
        env:
          SONAR_HOST_URL: http://not_actually_used
      - name: Assert
@ -37,7 +37,7 @@ jobs:
      - name: Run action with projectBaseDir
        uses: ./
        with:
-          args: -Dsonar.scanner.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
          projectBaseDir: ./baseDir
        env:
          SONAR_HOST_URL: http://not_actually_used
@ -60,7 +60,7 @@ jobs:
          SONAR_HOST_URL: http://not_actually_used
        with:
          projectBaseDir: ./test/gradle-project
-          args: -Dsonar.scanner.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
      - name: Assert
        run: |
          ./test/assertFileExists ./output.properties
@ -80,7 +80,7 @@ jobs:
          SONAR_HOST_URL: http://not_actually_used
        with:
          projectBaseDir: ./test/gradle-project
-          args: -Dsonar.scanner.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
      - name: Assert
        run: |
          ./test/assertFileExists ./output.properties
@ -100,7 +100,7 @@ jobs:
          SONAR_HOST_URL: http://not_actually_used
        with:
          projectBaseDir: ./test/maven-project
-          args: -Dsonar.scanner.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
      - name: Assert
        run: |
          ./test/assertFileExists ./output.properties
@ -146,7 +146,7 @@ jobs:
      - name: Run action with debug mode
        uses: ./
        with:
-          args: -Dsonar.scanner.dumpToFile=./output.properties
+          args: -Dsonar.scanner.internal.dumpToFile=./output.properties
        env:
          RUNNER_DEBUG: 1
          SONAR_HOST_URL: http://not_actually_used
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM sonarsource/sonar-scanner-cli:10.0
+FROM sonarsource/sonar-scanner-cli:11.0

 LABEL version="2.1.0" \
      repository="https://github.com/sonarsource/sonarqube-scan-action" \
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -8,11 +8,19 @@ if [[ -z "${SONAR_TOKEN}" ]]; then
  echo "============================ WARNING ============================"
 fi

+trust_store_pass_param=''
 if [[ -n "${SONAR_ROOT_CERT}" ]]; then
-  echo "Adding custom root certificate to java certificate store"
+  echo "Adding custom certificate"
+
+  trust_store_pass="changeit"
+  trust_store_pass_param="-Dsonar.scanner.truststorePassword=${trust_store_pass}"
+
  rm -f /tmp/tmpcert.pem
  echo "${SONAR_ROOT_CERT}" > /tmp/tmpcert.pem
-  keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem
+
+  rm -f /opt/sonar-scanner/.sonar/ssl/truststore.p12
+  mkdir -p /opt/sonar-scanner/.sonar/ssl
+  openssl pkcs12 -export -nokeys -in /tmp/tmpcert.pem -out /opt/sonar-scanner/.sonar/ssl/truststore.p12 --passout pass:${trust_store_pass}
 fi

 if [[ -f "${INPUT_PROJECTBASEDIR%/}/pom.xml" ]]; then
@ -32,5 +40,5 @@ fi

 unset JAVA_HOME

-sonar-scanner $debug_flag -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}
+sonar-scanner $debug_flag $trust_store_pass_param -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}