SQSCANGHA-56 Support GitHub self-hosted runners without keytool #334
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: QA | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| noInputsTest: | |
| name: > | |
| No inputs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action with args | |
| uses: ./ | |
| env: | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| - name: Assert | |
| run: | | |
| ./test/assertFileContains ./output.properties "sonar.projectBaseDir=." | |
| argsInputTest: | |
| name: > | |
| 'args' input | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest, windows-latest, macos-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action with args | |
| uses: ./ | |
| with: | |
| args: -Dsonar.someArg=aValue -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| env: | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| - name: Assert | |
| run: | | |
| ./test/assertFileContains ./output.properties "sonar.someArg=aValue" | |
| projectBaseDirInputTest: | |
| name: > | |
| 'projectBaseDir' input | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest, windows-latest, macos-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: mkdir -p ./baseDir | |
| - name: Run action with projectBaseDir | |
| uses: ./ | |
| with: | |
| args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| projectBaseDir: ./baseDir | |
| env: | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| - name: Assert | |
| run: | | |
| ./test/assertFileContains ./output.properties "sonar.projectBaseDir=.*/baseDir" | |
| dontFailGradleTest: | |
| name: > | |
| Don't fail on Gradle project | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action on Gradle project | |
| id: runTest | |
| uses: ./ | |
| continue-on-error: true | |
| env: | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| with: | |
| projectBaseDir: ./test/gradle-project | |
| args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| - name: Assert | |
| run: | | |
| ./test/assertFileExists ./output.properties | |
| dontFailGradleKotlinTest: | |
| name: > | |
| Don't fail on Kotlin Gradle project | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action on Kotlin Gradle project | |
| id: runTest | |
| uses: ./ | |
| continue-on-error: true | |
| env: | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| with: | |
| projectBaseDir: ./test/gradle-project | |
| args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| - name: Assert | |
| run: | | |
| ./test/assertFileExists ./output.properties | |
| dontFailMavenTest: | |
| name: > | |
| Don't fail on Maven project | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action on Maven project | |
| id: runTest | |
| uses: ./ | |
| continue-on-error: true | |
| env: | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| with: | |
| projectBaseDir: ./test/maven-project | |
| args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| - name: Assert | |
| run: | | |
| ./test/assertFileExists ./output.properties | |
| runAnalysisTest: | |
| runs-on: ubuntu-latest | |
| services: | |
| sonarqube: | |
| image: sonarqube:lts-community | |
| ports: | |
| - 9000:9000 | |
| volumes: | |
| - sonarqube_data:/opt/sonarqube/data | |
| - sonarqube_logs:/opt/sonarqube/logs | |
| - sonarqube_extensions:/opt/sonarqube/extensions | |
| options: >- | |
| --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action on sample project | |
| id: runTest | |
| uses: ./ | |
| env: | |
| SONAR_HOST_URL: http://localhost:9000 | |
| with: | |
| args: -Dsonar.login=admin -Dsonar.password=admin | |
| projectBaseDir: ./test/example-project | |
| - name: Assert | |
| run: | | |
| ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt | |
| runnerDebugUsedTest: | |
| name: > | |
| 'RUNNER_DEBUG' is used | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest, windows-latest, macos-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action with debug mode | |
| uses: ./ | |
| with: | |
| args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| env: | |
| RUNNER_DEBUG: 1 | |
| SONAR_HOST_URL: http://not_actually_used | |
| SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}' | |
| - name: Assert | |
| run: | | |
| ./test/assertFileContains ./output.properties "sonar.verbose=true" | |
| runAnalysisWithCacheTest: | |
| runs-on: ubuntu-latest | |
| services: | |
| sonarqube: | |
| image: sonarqube:lts-community | |
| ports: | |
| - 9000:9000 | |
| volumes: | |
| - sonarqube_data:/opt/sonarqube/data | |
| - sonarqube_logs:/opt/sonarqube/logs | |
| - sonarqube_extensions:/opt/sonarqube/extensions | |
| options: >- | |
| --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: SonarQube Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ github.workspace }}/.sonar/cache | |
| key: ${{ runner.os }}-${{ runner.arch }}-sonar | |
| - name: Run action on sample project | |
| id: runTest | |
| uses: ./ | |
| env: | |
| SONAR_HOST_URL: http://localhost:9000 | |
| SONAR_USER_HOME: ${{ github.workspace }}/.sonar | |
| with: | |
| args: -Dsonar.login=admin -Dsonar.password=admin | |
| projectBaseDir: ./test/example-project | |
| - name: Assert | |
| run: | | |
| ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt | |
| useSslCertificate: | |
| name: > | |
| 'SONAR_ROOT_CERT' is converted to truststore | |
| strategy: | |
| matrix: | |
| os: [ ubuntu-latest, windows-latest, macos-latest ] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run action with SSL certificate | |
| uses: ./ | |
| with: | |
| args: -Dsonar.scanner.internal.dumpToFile=./output.properties | |
| env: | |
| SONAR_ROOT_CERT: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIFtjCCA56gAwIBAgIULroxFuPWyNOiQtAVPS/XFFMXp6owDQYJKoZIhvcNAQEL | |
| BQAwXDELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2Vu | |
| ZXZhMRcwFQYDVQQKDA5Tb25hclNvdXJjZSBTQTESMBAGA1UEAwwJbG9jYWxob3N0 | |
| MB4XDTI0MDQxNjA4NDUyMVoXDTM0MDQxNDA4NDUyMVowXDELMAkGA1UEBhMCQ0gx | |
| DzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2VuZXZhMRcwFQYDVQQKDA5Tb25h | |
| clNvdXJjZSBTQTESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF | |
| AAOCAg8AMIICCgKCAgEArRRQF25E5NCgXdoEBU2SWyAoyOWMGVT1Ioltnr3sJP6L | |
| MjjfozK5YgaRn504291lwlG+k6tvzTSR9HB8q3ITa8AdnwMiL7jzbveYKWIlLQ7k | |
| dHKXWbiaIjTaZCyfnWUlDFIuR7BHwOXVwyLrBQfhoyDVaaoyowQEsUro3okIR/kB | |
| sqM+KH8bcdl06DMMppZ8Qy1DYvPodhnNRyOSSpfbIoodE1fju+5U0OKzvGIc9WpG | |
| 5pKIysaW3whOa/ieb02SXrgoiHnYPpmmGzm4u/Wn8jGwhYQJSQT10yjMacGHwmBE | |
| q7FUr854cVd+eend056P6pwUukdNeVHCFjYRkmWCNzIxV+sS9PPtDs77/bLFIItr | |
| nBMHVsId38tPoru/z1S1p2dzCX3Nq09aJFF/vH2u9Sg5aerHJ7xnRroR1jIrAZtc | |
| jBkJHEiTlG+WaavP4j6oym+lvHvgHHL3Qwhh8emg0JiLYExVV7ma70aRDh8yoQtS | |
| zAUDMVfhVPKd92MS+7DC2pv2KviUNKqbHDFadl01JN3t+17/gstUNSk1jpoUfUhK | |
| BeUQxVEdVUy2p0HeD/TYpRvF2FEsWneq3+ZbnRp17I/uEQOck0LP2tkzAd4tmRgH | |
| +95yyB8MgbAfvyKWkB4+3BhtdfoYDe1asqR6z43mejDHHqgBXn+u3UKjPypKfPEC | |
| AwEAAaNwMG4wHwYDVR0jBBgwFoAUINXfg3fn6/RUenW3EobpMoP8wDQwCQYDVR0T | |
| BAIwADALBgNVHQ8EBAMCBPAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQW | |
| BBRX4bsny+8GQcFpM10jtAfFxzNxzzANBgkqhkiG9w0BAQsFAAOCAgEAa+Myw6li | |
| Fme95cPpINTite/9LXk+TlHHnXiV5Z+Um3NTLSllX3zPuRFiOE71OKFrWQPqH2N/ | |
| 85l6h19G9xQsaqkkVFyQENkNzykZpJL/jU4+wgRtwcEDkaRGGURZacz3vfLTc1HX | |
| tPDNv/JsZ5HE2d7cF5YhN4UahtxS2lvarrSujaOBpFZTT6PbEYX9EnwCdapORHOh | |
| wKMc3OGGOiGWvRlVaWu/Huq2HvXXcK0pmaYWWKX3u21evthSYOu9U4Rk0z1y7m3/ | |
| CIYaIrvSbkzq2KKXMn7lr26bv2cthAQrPAjb2ILPUoyzKa3wEK3lkhanM6PN9CMH | |
| y5KRTpqwV45Qr6BAVY1bP67pEkay2T31chIVKds6dkx9b2/bWpW9PWuymsbWX2vO | |
| Q1MiaPkXKSTgCRwQUR0SNbPHw3X+VhrKKJB+beX8Bh2fcKw3jGGM8oHiA1hpdnbg | |
| Y5fW7EupF5gabf2jNB1XJ4gowlpB3nTooKFgbcgsvi68MRdBno2TWUhsZ3zCVyaH | |
| KFdDV0f78Fg7oL79K3kBL/iqr+jsb8sFHKIS4Dyyz2rDJrE0q0xAPes+Bu75R3/5 | |
| M/s2H7KuLqLdDYsCsMeMqOVuIcAyPp2MFWInYPyi0zY4fwKwm8f/Kv8Lzb+moxqI | |
| Fct6d1S08JAosVnZcP2P7Yz+TbmDRtsqCgk= | |
| -----END CERTIFICATE----- | |
| SONAR_HOST_URL: http://not_actually_used | |
| - name: Assert | |
| run: | | |
| ./test/assertFileExists ~/.sonar/ssl/truststore.p12 | |
| analysisWithSslCertificate: | |
| name: > | |
| Analysis takes into account 'SONAR_ROOT_CERT' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate server certificate | |
| run: | | |
| openssl req \ | |
| -newkey rsa:4096 \ | |
| -x509 \ | |
| -sha256 \ | |
| -addext "subjectAltName = DNS:localhost" \ | |
| -days 3650 \ | |
| -nodes \ | |
| -out server.crt \ | |
| -subj "/C=CH/ST=Geneva/L=Geneva/O=Server/OU=Dept" \ | |
| -keyout server.key | |
| working-directory: .github/qa-sq-behind-ngix | |
| - name: Start nginx and SonarQube via Docker Compose | |
| run: docker compose up -d --wait | |
| working-directory: .github/qa-sq-behind-ngix | |
| - name: Read correct server certificate | |
| run: | | |
| # read server.crt from .github/qa-sq-behind-ngix/ and store into the SONAR_ROOT_CERT_VALID | |
| # environment variable, to be able to read it in the next step | |
| { | |
| echo 'SONAR_ROOT_CERT_VALID<<==========' | |
| cat .github/qa-sq-behind-ngix/server.crt | |
| echo ========== | |
| } >> $GITHUB_ENV | |
| - name: Run action with the correct SSL certificate | |
| uses: ./ | |
| env: | |
| SONAR_ROOT_CERT: ${{ env.SONAR_ROOT_CERT_VALID }} | |
| SONAR_HOST_URL: https://localhost:4443 | |
| with: | |
| args: -Dsonar.login=admin -Dsonar.password=admin | |
| projectBaseDir: ./test/example-project | |
| - name: Clear imported SSL certificates | |
| run: | | |
| rm -f ~/.sonar/ssl/truststore.p12 | |
| - name: Run action with an invalid SSL certificate | |
| id: invalid_ssl_certificate | |
| continue-on-error: true | |
| uses: ./ | |
| env: | |
| SONAR_ROOT_CERT: | | |
| -----BEGIN CERTIFICATE----- | |
| INVALID | |
| -----END CERTIFICATE----- | |
| SONAR_HOST_URL: https://localhost:4443 | |
| with: | |
| args: -Dsonar.login=admin -Dsonar.password=admin | |
| projectBaseDir: ./test/example-project | |
| - name: Assert failure of previous step | |
| if: steps.invalid_ssl_certificate.outcome == 'success' | |
| run: exit 1 | |
| - name: Clear imported SSL certificates | |
| run: | | |
| rm -f ~/.sonar/ssl/truststore.p12 | |
| - name: Run action with the wrong SSL certificate | |
| id: wrong_ssl_certificate | |
| continue-on-error: true | |
| uses: ./ | |
| env: | |
| SONAR_ROOT_CERT: | | |
| -----BEGIN CERTIFICATE----- | |
| MIIFlTCCA32gAwIBAgIUXK4LyGUFe4ZVL93StPXCoJzmnLMwDQYJKoZIhvcNAQEL | |
| BQAwTzELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2Vu | |
| ZXZhMQ8wDQYDVQQKDAZTZXJ2ZXIxDTALBgNVBAsMBERlcHQwHhcNMjQxMTAxMDgx | |
| MzM3WhcNMzQxMDMwMDgxMzM3WjBPMQswCQYDVQQGEwJDSDEPMA0GA1UECAwGR2Vu | |
| ZXZhMQ8wDQYDVQQHDAZHZW5ldmExDzANBgNVBAoMBlNlcnZlcjENMAsGA1UECwwE | |
| RGVwdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK5m0V6IFFykib77 | |
| nmlN7weS9q3D6YGEj+8hRNQViL9KduUoLjoKpONIihU5kfIg+5SkGygjHRkBvIp3 | |
| b0HQqhkwtGln3/FxxaSfGEguLHgzXR8JDQSyJ8UKIGOPCH93n1rUip5Ok1iExVup | |
| HtkiVDRoCC9cRjZXbGOKrO6VBT4RvakpkaqCdXYikV244B5ElM7kdFdz8fso78Aq | |
| xekb9dM0f21uUaDBKCIhRcxWeafp0CJIoejTq0+PF7qA2qIY5UHqWElWO5NsvQ8+ | |
| MqKkIdsOa1pYNuH/5eQ59k9KSE92ps1xTKweW000GfPqxx8IQ/e4aAd2SaMTKvN6 | |
| aac6piWBeJ7AssgWwkg/3rnZB5seQIrWjIUePmxJ4c0g0eL9cnVpYF0K/Dldle/G | |
| wg0zi1g709rBI1TYj9xwrivxSwEQupz8OdKqOmgqrKHJJ/CCLl+JdFYjgwl3NWLH | |
| wsU639H1bMXIJoQujg9U47e9fXbwiqdkMQzt7rPGkOBBaAkSctAReiXnWy+CbVEM | |
| QFHDrnD5YUJRd5t/DUuWuqhR2QhfUvRClPUKoVqB/iOu2IumlgDEDA8jb1dxEW+W | |
| iaYokQCS94OpxOJ8aeReSt9bghT0vc9ifCLWvuE1iBjujdK32ekKSY9DCZyBHXsG | |
| J9N1nt1qd/k7QqWOkuPjr1JrTIMbAgMBAAGjaTBnMB0GA1UdDgQWBBQw4ESReEk+ | |
| AIxwjHRqPkESzMv1bTAfBgNVHSMEGDAWgBQw4ESReEk+AIxwjHRqPkESzMv1bTAP | |
| BgNVHRMBAf8EBTADAQH/MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0B | |
| AQsFAAOCAgEAE8WefoZN23aOSe79ZN7zRBWP8DdPgFAqg5XUhfc9bCIVfJ4XMpEe | |
| 3lzRhgjwDm4naEs35QWOhPZH2vx8XrEKnZNI6vKO8JzaCsivgngk8bsWnvhwSXy5 | |
| eFdc99K+FOmOHevDmeiimoQnikffnSULRhQYzE2Qwyo9iky8703/+D3IKEC/8exC | |
| rlyGMUV/Nqj+4M+57DiZ6OXeFuunfoFB7vmcDZygqDhKoHhVRyu8qN6PeK2fvUFK | |
| EjeRtvA0GkdlOtLIF2g5yBTK2ykkt/oLUoAolfYUTKcoV2/FS0gVR5ovmEpKyBcP | |
| H9hzr16a8dtrEqOf/oKHQSLwxn8afmS354HJ75sq9SujOtIWpHfyH5IgqtUpiBN/ | |
| bzvKs/QZjtGlqvquOTkdh9L4oxTXqG7zEStZyo/v9g5jf1Tq195b2DNFwVUZIcbb | |
| u2d4CvAZ1yNr+8ax/kTwBSY8WU+mCtmvowFstdvsJXVXJKnUO6EZOdbg0GxTBVyE | |
| zMsnPcnkOwV5TJIKKhonrgrwmPmQ9IOV9BrThVxujjjEbAdA6jM9PMiXzuDukldm | |
| QBRwNbczGbdsHkMKHmQnrTqOyQyI4KCXF08kcOm4C1P+Whrvi0DXkqHnyKvBE0td | |
| dciInBoeHwUs2eclz7gP7pMBJUlFUkKfQxwxGLIqZSXnlAFBfW6hHLI= | |
| -----END CERTIFICATE----- | |
| SONAR_HOST_URL: https://localhost:4443 | |
| with: | |
| args: -Dsonar.login=admin -Dsonar.password=admin | |
| projectBaseDir: ./test/example-project | |
| - name: Assert failure of previous step | |
| if: steps.wrong_ssl_certificate.outcome == 'success' | |
| run: exit 1 |