SQSCANGHA-56 Support GitHub self-hosted runners without keytool #324
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: QA | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [opened, synchronize, reopened] | |
jobs: | |
noInputsTest: | |
name: > | |
No inputs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action with args | |
uses: ./ | |
env: | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
- name: Assert | |
run: | | |
./test/assertFileContains ./output.properties "sonar.projectBaseDir=." | |
argsInputTest: | |
name: > | |
'args' input | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest, macos-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action with args | |
uses: ./ | |
with: | |
args: -Dsonar.someArg=aValue -Dsonar.scanner.internal.dumpToFile=./output.properties | |
env: | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
- name: Assert | |
run: | | |
./test/assertFileContains ./output.properties "sonar.someArg=aValue" | |
projectBaseDirInputTest: | |
name: > | |
'projectBaseDir' input | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest, macos-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- run: mkdir -p ./baseDir | |
- name: Run action with projectBaseDir | |
uses: ./ | |
with: | |
args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
projectBaseDir: ./baseDir | |
env: | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
- name: Assert | |
run: | | |
./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir" | |
dontFailGradleTest: | |
name: > | |
Don't fail on Gradle project | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action on Gradle project | |
id: runTest | |
uses: ./ | |
continue-on-error: true | |
env: | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
with: | |
projectBaseDir: ./test/gradle-project | |
args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
- name: Assert | |
run: | | |
./test/assertFileExists ./output.properties | |
dontFailGradleKotlinTest: | |
name: > | |
Don't fail on Kotlin Gradle project | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action on Kotlin Gradle project | |
id: runTest | |
uses: ./ | |
continue-on-error: true | |
env: | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
with: | |
projectBaseDir: ./test/gradle-project | |
args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
- name: Assert | |
run: | | |
./test/assertFileExists ./output.properties | |
dontFailMavenTest: | |
name: > | |
Don't fail on Maven project | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action on Maven project | |
id: runTest | |
uses: ./ | |
continue-on-error: true | |
env: | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
with: | |
projectBaseDir: ./test/maven-project | |
args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
- name: Assert | |
run: | | |
./test/assertFileExists ./output.properties | |
runAnalysisTest: | |
runs-on: ubuntu-latest | |
services: | |
sonarqube: | |
image: sonarqube:lts-community | |
ports: | |
- 9000:9000 | |
volumes: | |
- sonarqube_data:/opt/sonarqube/data | |
- sonarqube_logs:/opt/sonarqube/logs | |
- sonarqube_extensions:/opt/sonarqube/extensions | |
options: >- | |
--health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 10 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action on sample project | |
id: runTest | |
uses: ./ | |
env: | |
SONAR_HOST_URL: http://localhost:9000 | |
with: | |
args: -Dsonar.login=admin -Dsonar.password=admin | |
projectBaseDir: ./test/example-project | |
- name: Assert | |
run: | | |
./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt | |
runnerDebugUsedTest: | |
name: > | |
'RUNNER_DEBUG' is used | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest, macos-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action with debug mode | |
uses: ./ | |
with: | |
args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
env: | |
RUNNER_DEBUG: 1 | |
SONAR_HOST_URL: http://not_actually_used | |
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
- name: Assert | |
run: | | |
./test/assertFileContains ./output.properties "sonar.verbose=true" | |
runAnalysisWithCacheTest: | |
runs-on: ubuntu-latest | |
services: | |
sonarqube: | |
image: sonarqube:lts-community | |
ports: | |
- 9000:9000 | |
volumes: | |
- sonarqube_data:/opt/sonarqube/data | |
- sonarqube_logs:/opt/sonarqube/logs | |
- sonarqube_extensions:/opt/sonarqube/extensions | |
options: >- | |
--health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 10 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: SonarQube Cache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ github.workspace }}/.sonar/cache | |
key: ${{ runner.os }}-${{ runner.arch }}-sonar | |
- name: Run action on sample project | |
id: runTest | |
uses: ./ | |
env: | |
SONAR_HOST_URL: http://localhost:9000 | |
SONAR_USER_HOME: ${{ github.workspace }}/.sonar | |
with: | |
args: -Dsonar.login=admin -Dsonar.password=admin | |
projectBaseDir: ./test/example-project | |
- name: Assert | |
run: | | |
./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt | |
useSslCertificate: | |
name: > | |
'SONAR_ROOT_CERT' is converted to truststore | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest, macos-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run action with SSL certificate | |
uses: ./ | |
with: | |
args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
env: | |
SONAR_ROOT_CERT: | | |
-----BEGIN CERTIFICATE----- | |
MIIFtjCCA56gAwIBAgIULroxFuPWyNOiQtAVPS/XFFMXp6owDQYJKoZIhvcNAQEL | |
BQAwXDELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2Vu | |
ZXZhMRcwFQYDVQQKDA5Tb25hclNvdXJjZSBTQTESMBAGA1UEAwwJbG9jYWxob3N0 | |
MB4XDTI0MDQxNjA4NDUyMVoXDTM0MDQxNDA4NDUyMVowXDELMAkGA1UEBhMCQ0gx | |
DzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2VuZXZhMRcwFQYDVQQKDA5Tb25h | |
clNvdXJjZSBTQTESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF | |
AAOCAg8AMIICCgKCAgEArRRQF25E5NCgXdoEBU2SWyAoyOWMGVT1Ioltnr3sJP6L | |
MjjfozK5YgaRn504291lwlG+k6tvzTSR9HB8q3ITa8AdnwMiL7jzbveYKWIlLQ7k | |
dHKXWbiaIjTaZCyfnWUlDFIuR7BHwOXVwyLrBQfhoyDVaaoyowQEsUro3okIR/kB | |
sqM+KH8bcdl06DMMppZ8Qy1DYvPodhnNRyOSSpfbIoodE1fju+5U0OKzvGIc9WpG | |
5pKIysaW3whOa/ieb02SXrgoiHnYPpmmGzm4u/Wn8jGwhYQJSQT10yjMacGHwmBE | |
q7FUr854cVd+eend056P6pwUukdNeVHCFjYRkmWCNzIxV+sS9PPtDs77/bLFIItr | |
nBMHVsId38tPoru/z1S1p2dzCX3Nq09aJFF/vH2u9Sg5aerHJ7xnRroR1jIrAZtc | |
jBkJHEiTlG+WaavP4j6oym+lvHvgHHL3Qwhh8emg0JiLYExVV7ma70aRDh8yoQtS | |
zAUDMVfhVPKd92MS+7DC2pv2KviUNKqbHDFadl01JN3t+17/gstUNSk1jpoUfUhK | |
BeUQxVEdVUy2p0HeD/TYpRvF2FEsWneq3+ZbnRp17I/uEQOck0LP2tkzAd4tmRgH | |
+95yyB8MgbAfvyKWkB4+3BhtdfoYDe1asqR6z43mejDHHqgBXn+u3UKjPypKfPEC | |
AwEAAaNwMG4wHwYDVR0jBBgwFoAUINXfg3fn6/RUenW3EobpMoP8wDQwCQYDVR0T | |
BAIwADALBgNVHQ8EBAMCBPAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQW | |
BBRX4bsny+8GQcFpM10jtAfFxzNxzzANBgkqhkiG9w0BAQsFAAOCAgEAa+Myw6li | |
Fme95cPpINTite/9LXk+TlHHnXiV5Z+Um3NTLSllX3zPuRFiOE71OKFrWQPqH2N/ | |
85l6h19G9xQsaqkkVFyQENkNzykZpJL/jU4+wgRtwcEDkaRGGURZacz3vfLTc1HX | |
tPDNv/JsZ5HE2d7cF5YhN4UahtxS2lvarrSujaOBpFZTT6PbEYX9EnwCdapORHOh | |
wKMc3OGGOiGWvRlVaWu/Huq2HvXXcK0pmaYWWKX3u21evthSYOu9U4Rk0z1y7m3/ | |
CIYaIrvSbkzq2KKXMn7lr26bv2cthAQrPAjb2ILPUoyzKa3wEK3lkhanM6PN9CMH | |
y5KRTpqwV45Qr6BAVY1bP67pEkay2T31chIVKds6dkx9b2/bWpW9PWuymsbWX2vO | |
Q1MiaPkXKSTgCRwQUR0SNbPHw3X+VhrKKJB+beX8Bh2fcKw3jGGM8oHiA1hpdnbg | |
Y5fW7EupF5gabf2jNB1XJ4gowlpB3nTooKFgbcgsvi68MRdBno2TWUhsZ3zCVyaH | |
KFdDV0f78Fg7oL79K3kBL/iqr+jsb8sFHKIS4Dyyz2rDJrE0q0xAPes+Bu75R3/5 | |
M/s2H7KuLqLdDYsCsMeMqOVuIcAyPp2MFWInYPyi0zY4fwKwm8f/Kv8Lzb+moxqI | |
Fct6d1S08JAosVnZcP2P7Yz+TbmDRtsqCgk= | |
-----END CERTIFICATE----- | |
SONAR_HOST_URL: http://not_actually_used | |
- name: Assert | |
run: | | |
./test/assertFileExists ~/.sonar/ssl/truststore.p12 | |
analysisWithSslCertificate: | |
name: > | |
Analysis takes into account 'SONAR_ROOT_CERT' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate certificates | |
run: ./generate-certificates.sh | |
working-directory: .github/qa-sq-behind-ngix | |
- name: Start nginx and SonarQube via Docker Compose | |
run: docker compose up -d --wait | |
working-directory: .github/qa-sq-behind-ngix | |
- name: Read correct client certificate from | |
run: | | |
# read server.crt from .github/qa-sq-behind-ngix/ and store into the SONAR_ROOT_CERT_VALID | |
# environment variable, to be able to read it in the next step | |
{ | |
echo 'SONAR_ROOT_CERT_VALID<<==========' | |
cat .github/qa-sq-behind-ngix/server.crt | |
echo ========== | |
} >> $GITHUB_ENV | |
- name: Run action with the correct SSL certificate | |
uses: ./ | |
env: | |
SONAR_ROOT_CERT: ${{ env.SONAR_ROOT_CERT_VALID }} | |
SONAR_HOST_URL: https://localhost:4443 | |
with: | |
args: -Dsonar.login=admin -Dsonar.password=admin | |
projectBaseDir: ./test/example-project | |
- name: Clear imported certificates | |
run: | | |
rm -f ~/.sonar/ssl/truststore.p12 | |
- name: Run action with an invalid SSL certificate | |
id: invalid_ssl_certificate | |
continue-on-error: true | |
uses: ./ | |
env: | |
SONAR_ROOT_CERT: | | |
-----BEGIN CERTIFICATE----- | |
INVALID | |
-----END CERTIFICATE----- | |
SONAR_HOST_URL: https://localhost:4443 | |
with: | |
args: -Dsonar.login=admin -Dsonar.password=admin | |
projectBaseDir: ./test/example-project | |
- name: Assert failure of previous step | |
if: steps.invalid_ssl_certificate.outcome == 'success' | |
run: exit 1 | |
- name: Clear imported certificates | |
run: | | |
rm -f ~/.sonar/ssl/truststore.p12 | |
- name: Run action with the wrong SSL certificate | |
id: wrong_ssl_certificate | |
continue-on-error: true | |
uses: ./ | |
env: | |
SONAR_ROOT_CERT: | | |
-----BEGIN CERTIFICATE----- | |
MIIFlTCCA32gAwIBAgIUXK4LyGUFe4ZVL93StPXCoJzmnLMwDQYJKoZIhvcNAQEL | |
BQAwTzELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2Vu | |
ZXZhMQ8wDQYDVQQKDAZTZXJ2ZXIxDTALBgNVBAsMBERlcHQwHhcNMjQxMTAxMDgx | |
MzM3WhcNMzQxMDMwMDgxMzM3WjBPMQswCQYDVQQGEwJDSDEPMA0GA1UECAwGR2Vu | |
ZXZhMQ8wDQYDVQQHDAZHZW5ldmExDzANBgNVBAoMBlNlcnZlcjENMAsGA1UECwwE | |
RGVwdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK5m0V6IFFykib77 | |
nmlN7weS9q3D6YGEj+8hRNQViL9KduUoLjoKpONIihU5kfIg+5SkGygjHRkBvIp3 | |
b0HQqhkwtGln3/FxxaSfGEguLHgzXR8JDQSyJ8UKIGOPCH93n1rUip5Ok1iExVup | |
HtkiVDRoCC9cRjZXbGOKrO6VBT4RvakpkaqCdXYikV244B5ElM7kdFdz8fso78Aq | |
xekb9dM0f21uUaDBKCIhRcxWeafp0CJIoejTq0+PF7qA2qIY5UHqWElWO5NsvQ8+ | |
MqKkIdsOa1pYNuH/5eQ59k9KSE92ps1xTKweW000GfPqxx8IQ/e4aAd2SaMTKvN6 | |
aac6piWBeJ7AssgWwkg/3rnZB5seQIrWjIUePmxJ4c0g0eL9cnVpYF0K/Dldle/G | |
wg0zi1g709rBI1TYj9xwrivxSwEQupz8OdKqOmgqrKHJJ/CCLl+JdFYjgwl3NWLH | |
wsU639H1bMXIJoQujg9U47e9fXbwiqdkMQzt7rPGkOBBaAkSctAReiXnWy+CbVEM | |
QFHDrnD5YUJRd5t/DUuWuqhR2QhfUvRClPUKoVqB/iOu2IumlgDEDA8jb1dxEW+W | |
iaYokQCS94OpxOJ8aeReSt9bghT0vc9ifCLWvuE1iBjujdK32ekKSY9DCZyBHXsG | |
J9N1nt1qd/k7QqWOkuPjr1JrTIMbAgMBAAGjaTBnMB0GA1UdDgQWBBQw4ESReEk+ | |
AIxwjHRqPkESzMv1bTAfBgNVHSMEGDAWgBQw4ESReEk+AIxwjHRqPkESzMv1bTAP | |
BgNVHRMBAf8EBTADAQH/MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0B | |
AQsFAAOCAgEAE8WefoZN23aOSe79ZN7zRBWP8DdPgFAqg5XUhfc9bCIVfJ4XMpEe | |
3lzRhgjwDm4naEs35QWOhPZH2vx8XrEKnZNI6vKO8JzaCsivgngk8bsWnvhwSXy5 | |
eFdc99K+FOmOHevDmeiimoQnikffnSULRhQYzE2Qwyo9iky8703/+D3IKEC/8exC | |
rlyGMUV/Nqj+4M+57DiZ6OXeFuunfoFB7vmcDZygqDhKoHhVRyu8qN6PeK2fvUFK | |
EjeRtvA0GkdlOtLIF2g5yBTK2ykkt/oLUoAolfYUTKcoV2/FS0gVR5ovmEpKyBcP | |
H9hzr16a8dtrEqOf/oKHQSLwxn8afmS354HJ75sq9SujOtIWpHfyH5IgqtUpiBN/ | |
bzvKs/QZjtGlqvquOTkdh9L4oxTXqG7zEStZyo/v9g5jf1Tq195b2DNFwVUZIcbb | |
u2d4CvAZ1yNr+8ax/kTwBSY8WU+mCtmvowFstdvsJXVXJKnUO6EZOdbg0GxTBVyE | |
zMsnPcnkOwV5TJIKKhonrgrwmPmQ9IOV9BrThVxujjjEbAdA6jM9PMiXzuDukldm | |
QBRwNbczGbdsHkMKHmQnrTqOyQyI4KCXF08kcOm4C1P+Whrvi0DXkqHnyKvBE0td | |
dciInBoeHwUs2eclz7gP7pMBJUlFUkKfQxwxGLIqZSXnlAFBfW6hHLI= | |
-----END CERTIFICATE----- | |
SONAR_HOST_URL: https://localhost:4443 | |
with: | |
args: -Dsonar.login=admin -Dsonar.password=admin | |
projectBaseDir: ./test/example-project | |
- name: Assert failure of previous step | |
if: steps.wrong_ssl_certificate.outcome == 'success' | |
run: exit 1 |