Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2f77a1ec69 | ||
|
1a6d90ebcb | ||
|
|
016cabf33a | ||
|
|
5fc8cfce6b | ||
|
786af10ed4 | ||
|
01850e2590 | ||
|
8c71dc039c | ||
|
ef211f93a6 | ||
|
74f62c995b | ||
|
|
c8aa051cc4 | ||
|
bfe63be746 | ||
|
|
2500896589 | ||
|
|
73bc64cb64 | ||
|
|
7d51dd28ef | ||
|
|
be0a85295f | ||
|
12d7d00f02 |
@@ -1,4 +0,0 @@
|
||||
docker.projectNameFormat=repositoryNameAndTag
|
||||
docker.scanImages=true
|
||||
wss.url=https://saas-eu.whitesourcesoftware.com/agent
|
||||
productName=GitHubAction/SonarQubeScanAction
|
||||
2
.github/CODEOWNERS
vendored
2
.github/CODEOWNERS
vendored
@@ -1 +1 @@
|
||||
.github/CODEOWNERS @sonarsource/orchestration-processing-squad
|
||||
.github/* @sonarsource/orchestration-processing-squad
|
||||
|
||||
2
.github/workflows/PullRequestClosed.yml
vendored
2
.github/workflows/PullRequestClosed.yml
vendored
@@ -7,7 +7,7 @@ on:
|
||||
jobs:
|
||||
PullRequestClosed_job:
|
||||
name: Pull Request Closed
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
permissions:
|
||||
id-token: write
|
||||
pull-requests: read
|
||||
|
||||
2
.github/workflows/PullRequestCreated.yml
vendored
2
.github/workflows/PullRequestCreated.yml
vendored
@@ -7,7 +7,7 @@ on:
|
||||
jobs:
|
||||
PullRequestCreated_job:
|
||||
name: Pull Request Created
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
permissions:
|
||||
id-token: write
|
||||
# For external PR, ticket should be created manually
|
||||
|
||||
2
.github/workflows/RequestReview.yml
vendored
2
.github/workflows/RequestReview.yml
vendored
@@ -7,7 +7,7 @@ on:
|
||||
jobs:
|
||||
RequestReview_job:
|
||||
name: Request review
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
permissions:
|
||||
id-token: write
|
||||
# For external PR, ticket should be moved manually
|
||||
|
||||
2
.github/workflows/SubmitReview.yml
vendored
2
.github/workflows/SubmitReview.yml
vendored
@@ -7,7 +7,7 @@ on:
|
||||
jobs:
|
||||
SubmitReview_job:
|
||||
name: Submit Review
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
permissions:
|
||||
id-token: write
|
||||
pull-requests: read
|
||||
|
||||
4
.github/workflows/qa-deprecated-c-cpp.yml
vendored
4
.github/workflows/qa-deprecated-c-cpp.yml
vendored
@@ -12,7 +12,7 @@ jobs:
|
||||
name: Action outputs
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
|
||||
os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13]
|
||||
cache: [true, false]
|
||||
include:
|
||||
- arch: X64
|
||||
@@ -31,7 +31,7 @@ jobs:
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ jobs:
|
||||
name: Action outputs
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-latest, windows-latest, macos-latest, macos-13]
|
||||
os: [ubuntu-latest-large, windows-latest-large, macos-latest, macos-13]
|
||||
cache: [true, false]
|
||||
include:
|
||||
- arch: X64
|
||||
@@ -31,7 +31,7 @@ jobs:
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
|
||||
231
.github/workflows/qa-main.yml
vendored
231
.github/workflows/qa-main.yml
vendored
@@ -11,12 +11,15 @@ jobs:
|
||||
noInputsTest:
|
||||
name: >
|
||||
No inputs
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with args
|
||||
- name: Run action without args
|
||||
uses: ./
|
||||
env:
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
@@ -29,31 +32,144 @@ jobs:
|
||||
'args' input
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, windows-latest, macos-latest ]
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with args
|
||||
uses: ./
|
||||
with:
|
||||
args: -Dsonar.someArg=aValue -Dsonar.scanner.internal.dumpToFile=./output.properties
|
||||
args: -Dsonar.someArg=aValue -Dsonar.anotherArgWithSpaces="Another Value" -Dsonar.argWithSingleQuotes='Another Value'
|
||||
env:
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
|
||||
- name: Assert
|
||||
run: |
|
||||
./test/assertFileContains ./output.properties "sonar.someArg=aValue"
|
||||
./test/assertFileContains ./output.properties 'sonar.anotherArgWithSpaces="Another Value"'
|
||||
./test/assertFileContains ./output.properties "sonar.argWithSingleQuotes='Another Value'"
|
||||
argsInputInjectionTest:
|
||||
name: >
|
||||
'args' input with command injection will fail
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
args: [ -Dsonar.someArg=aValue && echo "Injection", -Dsonar.someArg="value\"; whoami; echo \"" ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with args
|
||||
uses: ./
|
||||
continue-on-error: true
|
||||
with:
|
||||
args: ${{ matrix.args }}
|
||||
env:
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
|
||||
- name: Fail if action succeeded
|
||||
if: steps.runTest.outcome == 'success'
|
||||
run: exit 1
|
||||
- name: Assert the scanner was not called
|
||||
run: |
|
||||
./test/assertFileDoesntExist ./output.properties
|
||||
backtickCommandInjectionTest:
|
||||
name: >
|
||||
'args' input with backticks injection does not execute command
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with args
|
||||
uses: ./
|
||||
continue-on-error: true
|
||||
with:
|
||||
args: >
|
||||
-Dsonar.arg1="refs/heads/branch: [workflows] Bump `actions/*`" -Dsonar.arg2="test `echo Command Injection`" -Dsonar.arg3="`id`" -Dsonar.arg4="test'; `echo injection`; echo '" -Dsonar.arg5=" `whoami` " -Dsonar.arg6="test\`echo injection\`test"
|
||||
env:
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
|
||||
- name: Assert command in arg is not executed
|
||||
run: |
|
||||
./test/assertFileContains ./output.properties 'sonar.arg1="refs/heads/branch\\: \[workflows\] Bump `actions/\*`"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg2="test `echo Command Injection`"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg3="`id`"'
|
||||
./test/assertFileContains ./output.properties "sonar.arg4=\"test'; \`echo injection\`; echo '\""
|
||||
./test/assertFileContains ./output.properties 'sonar.arg5=" `whoami` "'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg6="test\\\\`echo injection\\\\`test"'
|
||||
dollarSymbolCommandInjectionTest:
|
||||
name: >
|
||||
'args' input with dollar command injection does not execute command
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with args
|
||||
uses: ./
|
||||
continue-on-error: true
|
||||
with:
|
||||
args: -Dsonar.arg1="$(whoami)" -Dsonar.arg2="$GITHUB_TOKEN" -Dsonar.arg3="$(echo outer $(echo inner))" -Dsonar.arg4="value\$(whoami)end" -Dsonar.arg5="$(printf 'A%.0s' {1..10000})" -Dsonar.arg6='value"; $(whoami); echo "'
|
||||
env:
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
|
||||
- name: Assert command in arg is not executed
|
||||
run: |
|
||||
./test/assertFileContains ./output.properties 'sonar.arg1="$(whoami)"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg2="$GITHUB_TOKEN"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg3="$(echo outer $(echo inner))"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg4="value\\\\$(whoami)end"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg5="$(printf '\''A%.0s'\'' {1..10000})"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg6='\''value"; $(whoami); echo "'\'''
|
||||
otherCommandInjectionVariantsTest:
|
||||
name: >
|
||||
'args' input with other command injection variants does not execute command
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with args
|
||||
uses: ./
|
||||
continue-on-error: true
|
||||
with:
|
||||
args: -Dsonar.arg1="test | base64" -Dsonar.arg2="value; whoami" -Dsonar.arg3="value && echo test" -Dsonar.arg4="value > /tmp/output.txt" -Dsonar.arg5="< /etc/passwd" -Dsonar.arg6="" -Dsonar.arg7="../../../*" -Dsonar.arg8="*.key" -Dsonar.arg9="test\u0027\u0060whoami\u0060"
|
||||
env:
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
|
||||
- name: Assert command in arg is not executed
|
||||
run: |
|
||||
./test/assertFileContains ./output.properties 'sonar.arg1="test | base64"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg2="value; whoami"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg3="value && echo test"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg4="value > /tmp/output.txt"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg5="< /etc/passwd"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg6=""'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg7="../../../\*"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg8="\*.key"'
|
||||
./test/assertFileContains ./output.properties 'sonar.arg9="test\\\\u0027\\\\u0060whoami\\\\u0060"'
|
||||
projectBaseDirInputTest:
|
||||
name: >
|
||||
'projectBaseDir' input
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, windows-latest, macos-latest ]
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: mkdir -p ./baseDir
|
||||
@@ -71,9 +187,9 @@ jobs:
|
||||
scannerVersionTest:
|
||||
name: >
|
||||
'scannerVersion' input
|
||||
runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
|
||||
runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with scannerVersion
|
||||
@@ -91,9 +207,9 @@ jobs:
|
||||
scannerBinariesUrlTest:
|
||||
name: >
|
||||
'scannerBinariesUrl' input with invalid URL
|
||||
runs-on: ubuntu-latest # assumes default RUNNER_ARCH for linux is X64
|
||||
runs-on: ubuntu-latest-large # assumes default RUNNER_ARCH for linux is X64
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with scannerBinariesUrl
|
||||
@@ -119,9 +235,9 @@ jobs:
|
||||
scannerBinariesUrlIsEscapedWithWget:
|
||||
name: >
|
||||
'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with scannerBinariesUrl
|
||||
@@ -140,9 +256,9 @@ jobs:
|
||||
scannerBinariesUrlIsEscapedWithCurl:
|
||||
name: >
|
||||
'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Remove wget
|
||||
@@ -169,9 +285,9 @@ jobs:
|
||||
dontFailGradleTest:
|
||||
name: >
|
||||
Don't fail on Gradle project
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action on Gradle project
|
||||
@@ -190,9 +306,9 @@ jobs:
|
||||
dontFailGradleKotlinTest:
|
||||
name: >
|
||||
Don't fail on Kotlin Gradle project
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action on Kotlin Gradle project
|
||||
@@ -211,9 +327,9 @@ jobs:
|
||||
dontFailMavenTest:
|
||||
name: >
|
||||
Don't fail on Maven project
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action on Maven project
|
||||
@@ -230,7 +346,7 @@ jobs:
|
||||
run: |
|
||||
./test/assertFileExists ./output.properties
|
||||
runAnalysisTest:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
services:
|
||||
sonarqube:
|
||||
image: sonarqube:lts-community
|
||||
@@ -246,7 +362,7 @@ jobs:
|
||||
--health-timeout 5s
|
||||
--health-retries 10
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action on sample project
|
||||
@@ -265,10 +381,10 @@ jobs:
|
||||
'RUNNER_DEBUG' is used
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, windows-latest, macos-latest ]
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with debug mode
|
||||
@@ -283,7 +399,7 @@ jobs:
|
||||
run: |
|
||||
./test/assertFileContains ./output.properties "sonar.verbose=true"
|
||||
runAnalysisWithCacheTest:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
services:
|
||||
sonarqube:
|
||||
image: sonarqube:lts-community
|
||||
@@ -299,7 +415,7 @@ jobs:
|
||||
--health-timeout 5s
|
||||
--health-retries 10
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: SonarQube Cache
|
||||
@@ -324,10 +440,10 @@ jobs:
|
||||
'SONARCLOUD_URL' is used
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, windows-latest, macos-latest ]
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with SONARCLOUD_URL
|
||||
@@ -343,9 +459,9 @@ jobs:
|
||||
./test/assertFileContains ./output.properties "sonar.scanner.sonarcloudUrl=mirror.sonarcloud.io"
|
||||
dontFailWhenMissingWgetButCurlAvailable:
|
||||
name: Don't fail when missing wget but curl available
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Remove wget
|
||||
@@ -369,9 +485,9 @@ jobs:
|
||||
./test/assertFileExists ./output.properties
|
||||
dontFailWhenMissingCurlButWgetAvailable:
|
||||
name: Don't fail when missing curl but wget available
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Remove curl
|
||||
@@ -396,9 +512,9 @@ jobs:
|
||||
./test/assertFileExists ./output.properties
|
||||
failWhenBothWgetAndCurlMissing:
|
||||
name: Fail when both wget and curl are missing
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Remove wget and curl
|
||||
@@ -429,9 +545,9 @@ jobs:
|
||||
curlPerformsRedirect:
|
||||
name: >
|
||||
curl performs redirect when scannerBinariesUrl returns 3xx
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Remove wget
|
||||
@@ -463,10 +579,10 @@ jobs:
|
||||
'SONAR_ROOT_CERT' is converted to truststore
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, windows-latest, macos-latest ]
|
||||
os: [ ubuntu-latest-large, windows-latest-large, macos-latest ]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with SSL certificate
|
||||
@@ -515,9 +631,9 @@ jobs:
|
||||
analysisWithSslCertificate:
|
||||
name: >
|
||||
Analysis takes into account 'SONAR_ROOT_CERT'
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Generate server certificate
|
||||
@@ -623,9 +739,9 @@ jobs:
|
||||
overridesScannerLocalFolderWhenPresent: # can happen in uncleaned self-hosted runners
|
||||
name: >
|
||||
'SCANNER_LOCAL_FOLDER' is cleaned with warning when present
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Create a dummy SCANNER_LOCAL_FOLDER with dummy content in it
|
||||
@@ -657,9 +773,9 @@ jobs:
|
||||
updateTruststoreWhenPresent: # can happen in uncleaned self-hosted runners
|
||||
name: >
|
||||
truststore.p12 is updated when present
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Create SONAR_SSL_FOLDER with a file in it (not-truststore.p12)
|
||||
@@ -783,3 +899,26 @@ jobs:
|
||||
[ -f "$SONAR_SSL_FOLDER/truststore.p12" ] || exit 1
|
||||
TRUSTSTORE_P12_MOD_TIME_T3=$(stat -c %Y "$SONAR_SSL_FOLDER/truststore.p12")
|
||||
[ "$TRUSTSTORE_P12_MOD_TIME_T2" != "$TRUSTSTORE_P12_MOD_TIME_T3" ] || exit 1
|
||||
scannerVersionValidationTest:
|
||||
name: >
|
||||
'scannerVersion' input validation
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run action with invalid scannerVersion
|
||||
id: invalid_version
|
||||
uses: ./
|
||||
continue-on-error: true
|
||||
with:
|
||||
scannerVersion: "7.1.0-SNAPSHOT"
|
||||
args: -Dsonar.scanner.internal.dumpToFile=./output.properties
|
||||
env:
|
||||
NO_CACHE: true
|
||||
SONAR_HOST_URL: http://not_actually_used
|
||||
- name: Assert failure of previous step
|
||||
if: steps.invalid_version.outcome == 'success'
|
||||
run: |
|
||||
echo "Action with invalid scannerVersion should have failed but succeeded"
|
||||
exit 1
|
||||
|
||||
16
.github/workflows/qa-scripts.yml
vendored
16
.github/workflows/qa-scripts.yml
vendored
@@ -10,9 +10,9 @@ on:
|
||||
jobs:
|
||||
create-install-dir-test:
|
||||
name: create_install_path.sh
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
@@ -107,7 +107,7 @@ jobs:
|
||||
grep "=== Script failed ===" output
|
||||
setup-script-test:
|
||||
name: configure_paths.sh
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
env:
|
||||
INSTALL_PATH: 'install-directory'
|
||||
SONAR_HOST_URL: 'http://sonar-host.com'
|
||||
@@ -123,7 +123,7 @@ jobs:
|
||||
SONAR_SCANNER_URL_MACOSX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip'
|
||||
SONAR_SCANNER_SHA_MACOSX_AARCH64: 'DOWNLOAD-SHA-MACOSX-AARCH64'
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
@@ -250,9 +250,9 @@ jobs:
|
||||
grep "=== Script failed ===" output
|
||||
download-script-test:
|
||||
name: download.sh
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
|
||||
@@ -319,9 +319,9 @@ jobs:
|
||||
grep "=== Script failed ===" output
|
||||
fetch-latest-version-test:
|
||||
name: fetch_latest_version.sh
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||
- name: Test script
|
||||
|
||||
6
.github/workflows/update-tags.yml
vendored
6
.github/workflows/update-tags.yml
vendored
@@ -7,16 +7,16 @@ on:
|
||||
|
||||
jobs:
|
||||
generate:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-latest-large
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v5
|
||||
|
||||
- name: Parse semver
|
||||
uses: madhead/semver-utils@v4
|
||||
uses: madhead/semver-utils@36d1e0ed361bd7b4b77665de8093092eaeabe6ba # v4.3.0
|
||||
id: version
|
||||
with:
|
||||
version: ${{ github.ref_name }}
|
||||
|
||||
63
.github/workflows/version_update.yml
vendored
63
.github/workflows/version_update.yml
vendored
@@ -5,19 +5,17 @@ on:
|
||||
- cron: '15 10 * * *'
|
||||
|
||||
jobs:
|
||||
update-version:
|
||||
name: Prepare pull request for sonar-scanner version update
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
check-version:
|
||||
name: Check for sonar-scanner version update
|
||||
runs-on: ubuntu-latest-large
|
||||
outputs:
|
||||
should_update: ${{ steps.version-check.outputs.should_update }}
|
||||
new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }}
|
||||
steps:
|
||||
- run: sudo apt install -y jq
|
||||
- run: sudo snap install yq
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
ref: master
|
||||
persist-credentials: true
|
||||
fetch-depth: 0
|
||||
|
||||
- name: "Fetch currently used sonar-scanner version"
|
||||
@@ -25,25 +23,50 @@ jobs:
|
||||
shell: bash
|
||||
run: cat sonar-scanner-version >> $GITHUB_OUTPUT
|
||||
|
||||
- name: "Fetch lastest sonar-scanner version"
|
||||
- name: "Fetch latest sonar-scanner version"
|
||||
id: latest-version
|
||||
shell: bash
|
||||
run: |
|
||||
./scripts/fetch_latest_version.sh > sonar-scanner-version
|
||||
cat sonar-scanner-version >> $GITHUB_OUTPUT
|
||||
- name: "Update default version"
|
||||
if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
|
||||
|
||||
- name: "Determine if update is needed"
|
||||
id: version-check
|
||||
shell: bash
|
||||
env:
|
||||
NEW_VERSION: ${{ steps.latest-version.outputs.sonar-scanner-version }}
|
||||
run: |
|
||||
yq -i '.inputs.scannerVersion.default = strenv(NEW_VERSION)' action.yml
|
||||
- name: "Create Pull Request for version update"
|
||||
if: steps.tagged-version.outputs.sonar-scanner-version != steps.latest-version.outputs.sonar-scanner-version
|
||||
if [[ "${{ steps.tagged-version.outputs.sonar-scanner-version }}" != "${{ steps.latest-version.outputs.sonar-scanner-version }}" ]]; then
|
||||
echo "should_update=true" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "should_update=false" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
update-version:
|
||||
name: Prepare pull request for sonar-scanner version update
|
||||
needs: check-version
|
||||
runs-on: ubuntu-latest-large
|
||||
permissions:
|
||||
contents: write
|
||||
pull-requests: write
|
||||
if: needs.check-version.outputs.should_update == 'true'
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
ref: master
|
||||
persist-credentials: true
|
||||
fetch-depth: 0
|
||||
- run: sudo snap install yq
|
||||
- name: "Update default version"
|
||||
shell: bash
|
||||
env:
|
||||
UPDATE_BRANCH: update-to-sonar-scanner-${{ steps.latest-version.outputs.sonar-scanner-version }}
|
||||
TITLE: "Update SonarScanner CLI to ${{ steps.latest-version.outputs.sonar-scanner-version }}"
|
||||
NEW_VERSION: ${{ needs.check-version.outputs.new-version }}
|
||||
run: |
|
||||
yq -i '.inputs.scannerVersion.default = strenv(NEW_VERSION)' action.yml
|
||||
./scripts/fetch_latest_version.sh > sonar-scanner-version
|
||||
- name: "Create Pull Request for version update"
|
||||
shell: bash
|
||||
env:
|
||||
UPDATE_BRANCH: update-to-sonar-scanner-${{ needs.check-version.outputs.new-version }}
|
||||
TITLE: "Update SonarScanner CLI to ${{ needs.check-version.outputs.new-version }}"
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
git config --global user.name "SonarTech"
|
||||
@@ -56,5 +79,5 @@ jobs:
|
||||
gh pr list
|
||||
|
||||
if [[ $(gh pr list -H "${UPDATE_BRANCH}" | grep "${UPDATE_BRANCH}" | wc -l) -eq 0 ]]; then
|
||||
gh pr create -B master -H ${UPDATE_BRANCH} --title "${TITLE}" --body "Automatic updated of sonar-scanner version value. Needs to be tagged for release."
|
||||
gh pr create -B master -H ${UPDATE_BRANCH} --title "${TITLE}" --body "Automatic update of the sonar-scanner version value. Be sure to trigger the QA workflow by closing and reopening this PR (see https://github.com/orgs/community/discussions/65321)."
|
||||
fi
|
||||
|
||||
11
action.yml
11
action.yml
@@ -17,7 +17,7 @@ inputs:
|
||||
description: Version of the Sonar Scanner CLI to use
|
||||
required: false
|
||||
# to be kept in sync with sonar-scanner-version
|
||||
default: 7.1.0.4889
|
||||
default: 7.2.0.5079
|
||||
scannerBinariesUrl:
|
||||
description: URL to download the Sonar Scanner CLI binaries from
|
||||
required: false
|
||||
@@ -30,9 +30,13 @@ runs:
|
||||
shell: bash
|
||||
env:
|
||||
INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
|
||||
INPUT_SCANNERVERSION: ${{ inputs.scannerVersion }}
|
||||
- name: Vulnerability warning
|
||||
shell: bash
|
||||
run: echo "::warning title=Vulnerability warning::This version of the SonarQube Scanner GitHub Action is no longer supported and contains a security vulnerability. Please update your workflow to use sonarsource/sonarqube-scan-action@v6 for the latest security patches and features. For more information visit https://community.sonarsource.com/gha-v6-update"
|
||||
- name: Load Sonar Scanner CLI from cache
|
||||
id: sonar-scanner-cli
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4
|
||||
env:
|
||||
# The default value is 60mins. Reaching timeout is treated the same as a cache miss.
|
||||
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
|
||||
@@ -50,8 +54,9 @@ runs:
|
||||
run: echo "${RUNNER_TEMP}/sonar-scanner-cli-${{ inputs.scannerVersion }}-${{ runner.os }}-${{ runner.arch }}/bin" >> $GITHUB_PATH
|
||||
shell: bash
|
||||
- name: Run SonarScanner
|
||||
run: ${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh ${{ inputs.args }}
|
||||
run: ${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner.sh
|
||||
shell: bash
|
||||
env:
|
||||
INPUT_ARGS: ${{ inputs.args }}
|
||||
INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
|
||||
SONAR_SCANNER_JRE: ${{ runner.temp }}/sonar-scanner-cli-${{ inputs.scannerVersion }}-${{ runner.os }}-${{ runner.arch }}/jre
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [[ -n "${SONAR_ROOT_CERT}" ]]; then
|
||||
echo "Adding custom root certificate to java certificate store"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [[ ${ARCH} != "X64" && ! (${ARCH} == "ARM64" && (${OS} == "macOS" || ${OS} == "Linux")) ]]; then
|
||||
echo "::error::Architecture '${ARCH}' is unsupported by build-wrapper"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
source "$(dirname -- "$0")/utils.sh"
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
source "$(dirname -- "$0")/utils.sh"
|
||||
|
||||
@@ -28,7 +28,7 @@ parse_arguments() {
|
||||
}
|
||||
|
||||
verify_download_correctness() {
|
||||
echo "${EXPECTED_SHA} ${TMP_ZIP_PATH}" | sha256sum -c
|
||||
echo "${EXPECTED_SHA} ${TMP_ZIP_PATH}" | sha256sum -c -
|
||||
check_status "Checking sha256 failed"
|
||||
}
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
source "$(dirname -- "$0")/utils.sh"
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
@@ -73,9 +73,19 @@ if [[ -n "${SONAR_ROOT_CERT}" ]]; then
|
||||
scanner_args+=("-Dsonar.scanner.truststorePassword=$SONAR_SSL_TRUSTSTORE_PASSWORD")
|
||||
fi
|
||||
|
||||
scanner_args+=("$@")
|
||||
# split input args correctly (passed through INPUT_ARGS env var to avoid execution of injected command)
|
||||
args=()
|
||||
if [[ -n "${INPUT_ARGS}" ]]; then
|
||||
# the regex recognizes args with values in single or double quotes (without character escaping), and args without quotes as well
|
||||
# more specifically, the following patterns: -Darg="value", -Darg='value', -Darg=value, "-Darg=value" and '-Darg=value'
|
||||
IFS=$'\n'; args=($(echo ${INPUT_ARGS} | egrep -o '[^" '\'']+="[^"]*"|[^" '\'']+='\''[^'\'']*'\''|[^" '\'']+|"[^"]+"|'\''[^'\'']+'\'''))
|
||||
fi
|
||||
|
||||
for arg in "${args[@]}"; do
|
||||
scanner_args+=("$arg")
|
||||
done
|
||||
|
||||
set -ux
|
||||
|
||||
$SCANNER_BIN "${scanner_args[@]}"
|
||||
$SCANNER_BIN ${scanner_args[@]+"${scanner_args[@]}"}
|
||||
|
||||
|
||||
6
scripts/run-sonar-scanner.sh
Executable file
6
scripts/run-sonar-scanner.sh
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# run the sonar scanner cli
|
||||
cmd=(${GITHUB_ACTION_PATH}/scripts/run-sonar-scanner-cli.sh "${INPUT_ARGS}")
|
||||
"${cmd[@]}"
|
||||
@@ -1,7 +1,12 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
if [[ ! "${INPUT_SCANNERVERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "::error title=SonarScanner::Invalid scannerVersion format. Expected format: x.y.z.w (e.g., 7.1.0.4889)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "${SONAR_TOKEN}" ]]; then
|
||||
echo "::warning title=SonarScanner::Running this GitHub Action without SONAR_TOKEN is not recommended"
|
||||
fi
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
check_status() {
|
||||
exit_status=$?
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
sonar-scanner-version=7.1.0.4889
|
||||
sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-windows-x64.zip
|
||||
sonar-scanner-sha-windows-x64=64c5154d3d924eb2e03386f10eecb3ec4132298e2c1bf0b60a0d0195cd51a555
|
||||
sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip
|
||||
sonar-scanner-sha-linux-x64=b4d2a001d65b489f9effe1ea8a78495db1b152f124d7f7b058aad8651c7e1484
|
||||
sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-aarch64.zip
|
||||
sonar-scanner-sha-linux-aarch64=7948ccde77843829b87d41815ead669486f681cd38b0b0893006083a9b6f6b5c
|
||||
sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-x64.zip
|
||||
sonar-scanner-sha-macosx-x64=08ad1e75994d91a17016ce55248d0827b62a757b263917234ea2d89bee8f136d
|
||||
sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-macosx-aarch64.zip
|
||||
sonar-scanner-sha-macosx-aarch64=9ad8c5da9e9665c065328b86adb3f33ef43801347ecb3ff1ec27d598ac37b449
|
||||
sonar-scanner-version=7.2.0.5079
|
||||
sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-windows-x64.zip
|
||||
sonar-scanner-sha-windows-x64=71936f352206b63cb05ffbcd68e366e52d22916148cf4a2418789bc776f733ea
|
||||
sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-x64.zip
|
||||
sonar-scanner-sha-linux-x64=da9f4e64a3d555f08ce38b5469ebd91fe2b311af473f7001a5ee5c1fd58b004b
|
||||
sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-linux-aarch64.zip
|
||||
sonar-scanner-sha-linux-aarch64=803ca725d463e95eeb7537515706367bb8e52bf05ac32174daf9773bdb36d1e2
|
||||
sonar-scanner-url-macosx-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-x64.zip
|
||||
sonar-scanner-sha-macosx-x64=7b9e92248ca740fff41503bfe5459c460bac43c501d80043cc4fbebb72dfc5fa
|
||||
sonar-scanner-url-macosx-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.2.0.5079-macosx-aarch64.zip
|
||||
sonar-scanner-sha-macosx-aarch64=c8adb3fbfe5485c17de193a217be765b66cbc10d6540057655afa3c3b5be6f61
|
||||
|
||||
@@ -1,10 +1,14 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
error() { echo -e "\\e[31m✗ $*\\e[0m"; }
|
||||
|
||||
assertFileExists $1
|
||||
scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
|
||||
|
||||
if ! grep -q $2 $1; then
|
||||
$scriptDir/assertFileExists "$1"
|
||||
|
||||
if ! grep -q "$2" "$1"; then
|
||||
error "'$2' not found in '$1'"
|
||||
exit 1
|
||||
fi
|
||||
@@ -1,8 +1,10 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
error() { echo -e "\\e[31m✗ $*\\e[0m"; }
|
||||
|
||||
if [ -f $1 ]; then
|
||||
if [ -f "$1" ]; then
|
||||
error "File '$1' found"
|
||||
exit 1
|
||||
fi
|
||||
@@ -1,8 +1,10 @@
|
||||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
error() { echo -e "\\e[31m✗ $*\\e[0m"; }
|
||||
|
||||
if [ ! -f $1 ]; then
|
||||
if [ ! -f "$1" ]; then
|
||||
error "File '$1' not found"
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user