Skip to content

Update sonarqube.yml #11

Update sonarqube.yml

Update sonarqube.yml #11

Workflow file for this run

name: SonarQube + CNES Report
on:
push:
branches:
- main
pull_request:
jobs:
sonar-analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.21"
- name: Prepare sonarqube.crt
run: |
echo "${{ secrets.SONAR_CERT }}" > sonarqube.crt
- name: Install certificate in the system
run: |
sudo cp sonarqube.crt /usr/local/share/ca-certificates/sonarqube.crt
sudo update-ca-certificates
#- name: SonarQube Analysis
# uses: SonarSource/sonarqube-scan-action@v2
# env:
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# SONAR_HOST_URL: https://sonarqube.k8s-ants.inf.um.es
- name: Debug Java path
run: |
readlink -f $(which java)
- name: Import certificate into Java keystore
run: |
for CACERTS in \
/usr/lib/jvm/java-17-adoptopenjdk/lib/security/cacerts \
/usr/lib/jvm/java-17-openjdk-amd64/lib/security/cacerts \
/usr/lib/jvm/temurin-17*/lib/security/cacerts \
/usr/lib/jvm/java-17-*/lib/security/cacerts
do
if [ -f "$CACERTS" ]; then
echo "Importing into: $CACERTS"
sudo keytool -importcert \
-noprompt \
-trustcacerts \
-alias sonarqube-cert \
-file sonarqube.crt \
-keystore "$CACERTS" \
-storepass changeit
exit 0
fi
done
echo "ERROR: No valid Java cacerts found"
exit 1
- name: List trusted certs (optional debug)
run: |
keytool -list -keystore /usr/lib/jvm/java-17-*/lib/security/cacerts \
-storepass changeit | grep sonarqube-cert || true
- name: Download SonarScanner CLI
run: |
curl -Lo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
unzip sonar-scanner.zip -d $HOME
mv $HOME/sonar-scanner-* $HOME/sonar-scanner
- name: Check Java version and JAVA_HOME
run: |
echo "JAVA_HOME=${JAVA_HOME}"
java -version
- name: Run SonarScanner
run: |
export JAVA_HOME=/usr/lib/jvm/temurin-17-jdk-amd64
export PATH=$JAVA_HOME/bin:$PATH
$HOME/sonar-scanner/bin/sonar-scanner \
-Dsonar.projectKey=idm-fluidos-aries-framework-go \
-Dsonar.sources=. \
-Dsonar.host.url=https://sonarqube.k8s-ants.inf.um.es \
-Dsonar.login=${{ secrets.SONAR_TOKEN }}
#- name: Show SonarQube Dashboard URL
# run: echo "See results: https://sonarqube.k8s-ants.inf.um.es/dashboard?id=idm-fluidos-aries-framework-go"
- name: Download CNES Report CLI
run: |
curl -L -o sonar-cnes-report.jar https://github.com/cnescatlab/sonar-cnes-report/releases/latest/download/sonar-cnes-report.jar
- name: Generate CNES Report
run: |
mkdir report
java -jar sonar-cnes-report.jar \
-s https://sonarqube.k8s-ants.inf.um.es \
-t ${{ secrets.SONAR_TOKEN }} \
-p idm-fluidos-aries-framework-go \
-o ./report \
-f console,html,md
- name: Upload CNES Report Artifact
uses: actions/upload-artifact@v4
with:
name: sonarqube-cnes-report
path: ./report