Compare commits
14 Commits
fix/re-bot
...
v2.0.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
4b0bfc149f | ||
|
|
9cc4f58b79 | ||
|
|
5829c57497 | ||
|
|
d57dba2a10 | ||
|
|
427bad7016 | ||
|
|
a6ba0aafc2 | ||
|
|
1db0a52e3c | ||
|
|
50d5d98163 | ||
|
|
26fe7d6b0e | ||
|
|
fd8151470c | ||
|
|
bdba66714e | ||
|
|
72def085d4 | ||
|
|
7295e71c95 | ||
|
|
b755ad2c7e |
2
.github/CODEOWNERS
vendored
2
.github/CODEOWNERS
vendored
@@ -1 +1 @@
|
||||
* @sonarsource/sonarqube-team
|
||||
.github/CODEOWNERS @sonarsource/sonarqube-team
|
||||
|
||||
16
.github/dependabot.yml
vendored
Normal file
16
.github/dependabot.yml
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
# To get started with Dependabot version updates, you'll need to specify which
|
||||
# package ecosystems to update and where the package manifests are located.
|
||||
# Please see the documentation for all configuration options:
|
||||
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||
|
||||
version: 2
|
||||
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
timezone: "CET"
|
||||
open-pull-requests-limit: 100
|
||||
commit-message:
|
||||
prefix: "NO-JIRA "
|
||||
4
.github/workflows/qa.yml
vendored
4
.github/workflows/qa.yml
vendored
@@ -1,12 +1,12 @@
|
||||
name: QA
|
||||
|
||||
on: push
|
||||
on: [push, pull_request]
|
||||
|
||||
jobs:
|
||||
run_qa:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: ./test/run-qa.sh
|
||||
|
||||
32
.github/workflows/update-tags.yml
vendored
Normal file
32
.github/workflows/update-tags.yml
vendored
Normal file
@@ -0,0 +1,32 @@
|
||||
name: Update Tags
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- v*.*.*
|
||||
|
||||
jobs:
|
||||
generate:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Parse semver
|
||||
uses: madhead/semver-utils@latest
|
||||
id: version
|
||||
with:
|
||||
version: ${{ github.ref_name }}
|
||||
|
||||
- name: Update tags
|
||||
run: |
|
||||
TAGS='v${{ steps.version.outputs.major }} v${{ steps.version.outputs.major }}.${{ steps.version.outputs.minor }}'
|
||||
|
||||
for t in $TAGS; do
|
||||
git tag -f "$t"
|
||||
git push origin ":$t" 2>/dev/null || true
|
||||
git push origin "$t"
|
||||
done
|
||||
@@ -1,6 +1,6 @@
|
||||
FROM sonarsource/sonar-scanner-cli:4.6
|
||||
FROM sonarsource/sonar-scanner-cli:5.0
|
||||
|
||||
LABEL version="1.0.0" \
|
||||
LABEL version="2.0.0" \
|
||||
repository="https://github.com/sonarsource/sonarqube-scan-action" \
|
||||
homepage="https://github.com/sonarsource/sonarqube-scan-action" \
|
||||
maintainer="SonarSource" \
|
||||
@@ -9,9 +9,9 @@ LABEL version="1.0.0" \
|
||||
com.github.actions.icon="check" \
|
||||
com.github.actions.color="green"
|
||||
|
||||
# https://help.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user
|
||||
USER root
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
COPY cleanup.sh /cleanup.sh
|
||||
RUN chmod +x /cleanup.sh
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
20
README.md
20
README.md
@@ -28,11 +28,13 @@ The workflow YAML file will usually look something like this:
|
||||
|
||||
```yaml
|
||||
on:
|
||||
# Trigger analysis when pushing in master or pull requests, and when creating
|
||||
# a pull request.
|
||||
# Trigger analysis when pushing to your main branches, and when creating a pull request.
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- master
|
||||
- develop
|
||||
- 'releases/**'
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
@@ -41,7 +43,7 @@ jobs:
|
||||
sonarqube:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
# Disabling shallow clone is recommended for improving relevancy of reporting
|
||||
fetch-depth: 0
|
||||
@@ -63,6 +65,17 @@ If your source code file names contain special characters that are not covered b
|
||||
LC_ALL: "ru_RU.UTF-8"
|
||||
```
|
||||
|
||||
If your SonarQube server uses a self-signed certificate, you can pass a root certificate (in PEM format) to the java certificate store:
|
||||
|
||||
```yaml
|
||||
- name: SonarQube Scan
|
||||
uses: sonarsource/sonarqube-scan-action@master
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
||||
SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
|
||||
```
|
||||
|
||||
You can change the analysis base directory by using the optional input `projectBaseDir` like this:
|
||||
|
||||
```yaml
|
||||
@@ -91,6 +104,7 @@ More information about possible analysis parameters can be found in [the documen
|
||||
|
||||
- `SONAR_TOKEN` – **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
|
||||
- `SONAR_HOST_URL` – **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
|
||||
- `SONAR_ROOT_CERT` – Holds an additional root certificate (in PEM format) that is used to validate the SonarQube server certificate. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
|
||||
|
||||
## Alternatives for Java, .NET, and C/C++ projects
|
||||
|
||||
|
||||
@@ -7,6 +7,8 @@ branding:
|
||||
runs:
|
||||
using: docker
|
||||
image: Dockerfile
|
||||
entrypoint: "/entrypoint.sh"
|
||||
post-entrypoint: "/cleanup.sh"
|
||||
inputs:
|
||||
args:
|
||||
description: Additional arguments to the sonar-scanner
|
||||
|
||||
8
cleanup.sh
Executable file
8
cleanup.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1)
|
||||
PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file")
|
||||
|
||||
chown -R $PERM "${INPUT_PROJECTBASEDIR}/"
|
||||
@@ -3,8 +3,9 @@
|
||||
set -e
|
||||
|
||||
if [[ -z "${SONAR_TOKEN}" ]]; then
|
||||
echo "This GitHub Action requires the SONAR_TOKEN env variable."
|
||||
exit 1
|
||||
echo "============================ WARNING ============================"
|
||||
echo "Running this GitHub Action without SONAR_TOKEN is not recommended"
|
||||
echo "============================ WARNING ============================"
|
||||
fi
|
||||
|
||||
if [[ -z "${SONAR_HOST_URL}" ]]; then
|
||||
@@ -12,6 +13,13 @@ if [[ -z "${SONAR_HOST_URL}" ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -n "${SONAR_ROOT_CERT}" ]]; then
|
||||
echo "Adding custom root certificate to java certificate store"
|
||||
rm -f /tmp/tmpcert.pem
|
||||
echo "${SONAR_ROOT_CERT}" > /tmp/tmpcert.pem
|
||||
keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem
|
||||
fi
|
||||
|
||||
if [[ -f "${INPUT_PROJECTBASEDIR%/}pom.xml" ]]; then
|
||||
echo "Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
|
||||
exit 1
|
||||
@@ -25,3 +33,4 @@ fi
|
||||
unset JAVA_HOME
|
||||
|
||||
sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS}
|
||||
|
||||
|
||||
@@ -16,6 +16,8 @@ check_sq_is_up() {
|
||||
echo $status;
|
||||
}
|
||||
|
||||
_current_perm=$(stat -c "%u:%g" $(pwd))
|
||||
|
||||
info "Build scanner action..."
|
||||
docker build --no-cache -t sonarsource/sonarqube-scan-action .
|
||||
if [[ ! $? -eq 0 ]]; then
|
||||
@@ -88,13 +90,19 @@ success "Correctly failed fast."
|
||||
|
||||
info "Analyze project..."
|
||||
cd test/example-project/
|
||||
docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action
|
||||
docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action
|
||||
docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --entrypoint /cleanup.sh sonarsource/sonarqube-scan-action
|
||||
if [[ ! $? -eq 0 ]]; then
|
||||
error "Couldn't run the analysis."
|
||||
exit 1
|
||||
elif [[ ! -f ".scannerwork/report-task.txt" ]]; then
|
||||
error "Couldn't find the report task file. Analysis failed."
|
||||
exit 1
|
||||
elif [ ! "$(stat -c "%u:%g" ".scannerwork/report-task.txt")" == "$_current_perm" ]; then
|
||||
error "File permissions differ from desired once"
|
||||
error "desired: $_current_perm"
|
||||
error "actual: $(stat -c "%u:%g" ".scannerwork/report-task.txt")"
|
||||
exit 1
|
||||
fi
|
||||
success "Analysis successful."
|
||||
|
||||
|
||||
Reference in New Issue
Block a user