SonarSource/sonarqube-scan-action
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SQSCANGHA-112 Migrate installation step

Browse Source
This commit is contained in:
Jeremy Davis
2025-09-09 17:00:04 +02:00
committed by Julien HENRY
parent 8f448484d9
commit ed9f3aad50
12 changed files with 2963 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
.github/workflows/qa-main.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
No inputs
strategy:
matrix:
os: [ github-ubuntu-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -32,7 +32,7 @@ jobs:
'args' input
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -55,8 +55,12 @@ jobs:
'args' input with command injection will fail
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
args: [ -Dsonar.someArg=aValue && echo "Injection", -Dsonar.someArg="value\"; whoami; echo \"" ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
args:
[
-Dsonar.someArg=aValue && echo "Injection",
-Dsonar.someArg="value\"; whoami; echo \"",
]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -81,7 +85,7 @@ jobs:
'args' input with backticks injection does not execute command
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -109,7 +113,7 @@ jobs:
'args' input with dollar command injection does not execute command
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -136,7 +140,7 @@ jobs:
'args' input with other command injection variants does not execute command
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -166,7 +170,7 @@ jobs:
'projectBaseDir' input
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -203,7 +207,12 @@ jobs:
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
- name: Assert
run: |
./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.1.0.4477-linux-x64.zip"
# The new JavaScript implementation uses @actions/tool-cache which caches tools differently
# Instead of checking for the zip file, verify the tool was installed by checking it's in PATH
if ! command -v sonar-scanner &> /dev/null; then
echo "Error: sonar-scanner not found in PATH"
exit 1
fi
scannerBinariesUrlTest:
name: >
'scannerBinariesUrl' input with invalid URL
@@ -245,7 +254,7 @@ jobs:
uses: ./
continue-on-error: true
with:
scannerBinariesUrl: 'http://some_uri;touch file.txt;'
scannerBinariesUrl: "http://some_uri;touch file.txt;"
env:
NO_CACHE: true
SONAR_HOST_URL: http://not_actually_used
@@ -274,7 +283,7 @@ jobs:
uses: ./
continue-on-error: true
with:
scannerBinariesUrl: 'http://some_uri http://another_uri''; touch file.txt;'
scannerBinariesUrl: "http://some_uri http://another_uri'; touch file.txt;"
env:
NO_CACHE: true
SONAR_HOST_URL: http://not_actually_used
@@ -381,7 +390,7 @@ jobs:
'RUNNER_DEBUG' is used
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -434,13 +443,13 @@ jobs:
projectBaseDir: ./test/example-project
- name: Assert
run: |
./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt
./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt
overrideSonarcloudUrlTest:
name: >
'SONARCLOUD_URL' is used
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -456,92 +465,7 @@ jobs:
- name: Assert
run: |
./test/assertFileContains ./output.properties "sonar.host.url=mirror.sonarcloud.io"
./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
dontFailWhenMissingWgetButCurlAvailable:
name: Don't fail when missing wget but curl available
runs-on: github-ubuntu-latest-s
steps:
- uses: actions/checkout@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Remove wget
run: sudo apt-get remove -y wget
- name: Assert wget is not available
run: |
if command -v wget 2>&1 >/dev/null
then
exit 1
fi
- name: Run action
uses: ./
env:
NO_CACHE: true
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
with:
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
- name: Assert
run: |
./test/assertFileExists ./output.properties
dontFailWhenMissingCurlButWgetAvailable:
name: Don't fail when missing curl but wget available
runs-on: github-ubuntu-latest-s
steps:
- uses: actions/checkout@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Remove curl
run: sudo apt-get remove -y curl
- name: Assert curl is not available
run: |
if command -v curl 2>&1 >/dev/null
then
exit 1
fi
- name: Run action
id: runTest
uses: ./
env:
NO_CACHE: true
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
with:
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
- name: Assert
run: |
./test/assertFileExists ./output.properties
failWhenBothWgetAndCurlMissing:
name: Fail when both wget and curl are missing
runs-on: github-ubuntu-latest-s
steps:
- uses: actions/checkout@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Remove wget and curl
run: sudo apt-get remove -y wget curl
- name: Assert wget and curl are not available
run: |
if command -v wget 2>&1 >/dev/null
then
exit 1
fi
if command -v curl 2>&1 >/dev/null
then
exit 1
fi
- name: Run action
id: runTest
uses: ./
continue-on-error: true
env:
NO_CACHE: true
SONAR_HOST_URL: http://not_actually_used
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
with:
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
- name: Assert failure of previous step
if: steps.runTest.outcome == 'success'
run: exit 1
./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
curlPerformsRedirect:
name: >
curl performs redirect when scannerBinariesUrl returns 3xx
@@ -566,7 +490,7 @@ jobs:
uses: ./
with:
scannerVersion: 6.2.1.4610
scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries
scannerBinariesUrl: https://localhost:8080/clientRedirectToSonarBinaries
env:
NO_CACHE: true
SONAR_HOST_URL: http://not_actually_used
@@ -579,7 +503,7 @@ jobs:
'SONAR_ROOT_CERT' is converted to truststore
strategy:
matrix:
os: [ github-ubuntu-latest-s, github-windows-latest-s, macos-latest ]
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
@@ -652,7 +576,7 @@ jobs:
- name: Start nginx and SonarQube via Docker Compose
run: docker compose up -d --wait
working-directory: .github/qa-sq-behind-ngix
- name: Read correct server certificate
- name: Read correct server certificate
run: |
# read server.crt from .github/qa-sq-behind-ngix/ and store into the SONAR_ROOT_CERT_VALID
# environment variable, to be able to read it in the next step
@@ -791,7 +715,7 @@ jobs:
- name: Run action with SONAR_ROOT_CERT
uses: ./
env:
# NO_CACHE not needed, as SONAR_SSL_FOLDER is setup when the Sonar Scanner is run, not installed
# NO_CACHE not needed, as SONAR_SSL_FOLDER is setup when the Sonar Scanner is run, not installed
SONAR_HOST_URL: http://not_actually_used
SONAR_ROOT_CERT: |
-----BEGIN CERTIFICATE-----
@@ -840,7 +764,7 @@ jobs:
- name: Run action a second time with a different SONAR_ROOT_CERT
uses: ./
env:
# NO_CACHE not needed, as SONAR_SSL_FOLDER is setup when the Sonar Scanner is run, not installed
# NO_CACHE not needed, as SONAR_SSL_FOLDER is setup when the Sonar Scanner is run, not installed
SONAR_HOST_URL: http://not_actually_used
SONAR_ROOT_CERT: |
-----BEGIN CERTIFICATE-----
@@ -873,7 +797,7 @@ jobs:
- name: Run action a third time
uses: ./
env:
# NO_CACHE not needed, as SONAR_SSL_FOLDER is setup when the Sonar Scanner is run, not installed
# NO_CACHE not needed, as SONAR_SSL_FOLDER is setup when the Sonar Scanner is run, not installed
SONAR_HOST_URL: http://not_actually_used
SONAR_ROOT_CERT: |
-----BEGIN CERTIFICATE-----