Update sonarqube.yml #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SonarQube + CNES Report | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| sonar-analysis: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: "1.21" | |
| - name: Prepare sonarqube.crt | |
| run: | | |
| echo "${{ secrets.SONAR_CERT }}" > sonarqube.crt | |
| - name: Install certificate in the system | |
| run: | | |
| sudo cp sonarqube.crt /usr/local/share/ca-certificates/sonarqube.crt | |
| sudo update-ca-certificates | |
| #- name: SonarQube Analysis | |
| # uses: SonarSource/sonarqube-scan-action@v2 | |
| # env: | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| # SONAR_HOST_URL: https://sonarqube.k8s-ants.inf.um.es | |
| - name: Debug Java path | |
| run: | | |
| readlink -f $(which java) | |
| - name: Import certificate into Java keystore | |
| run: | | |
| for CACERTS in \ | |
| /usr/lib/jvm/java-17-adoptopenjdk/lib/security/cacerts \ | |
| /usr/lib/jvm/java-17-openjdk-amd64/lib/security/cacerts \ | |
| /usr/lib/jvm/temurin-17*/lib/security/cacerts \ | |
| /usr/lib/jvm/java-17-*/lib/security/cacerts | |
| do | |
| if [ -f "$CACERTS" ]; then | |
| echo "Importing into: $CACERTS" | |
| sudo keytool -importcert \ | |
| -noprompt \ | |
| -trustcacerts \ | |
| -alias sonarqube-cert \ | |
| -file sonarqube.crt \ | |
| -keystore "$CACERTS" \ | |
| -storepass changeit | |
| exit 0 | |
| fi | |
| done | |
| echo "ERROR: No valid Java cacerts found" | |
| exit 1 | |
| - name: List trusted certs (optional debug) | |
| run: | | |
| keytool -list -keystore /usr/lib/jvm/java-17-*/lib/security/cacerts \ | |
| -storepass changeit | grep sonarqube-cert || true | |
| - name: Download SonarScanner CLI | |
| run: | | |
| curl -Lo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip | |
| unzip sonar-scanner.zip -d $HOME | |
| mv $HOME/sonar-scanner-* $HOME/sonar-scanner | |
| - name: Check Java version and JAVA_HOME | |
| run: | | |
| echo "JAVA_HOME=${JAVA_HOME}" | |
| java -version | |
| - name: Run SonarScanner | |
| run: | | |
| export JAVA_HOME=/usr/lib/jvm/temurin-17-jdk-amd64 | |
| export PATH=$JAVA_HOME/bin:$PATH | |
| $HOME/sonar-scanner/bin/sonar-scanner \ | |
| -Dsonar.projectKey=idm-fluidos-aries-framework-go \ | |
| -Dsonar.sources=. \ | |
| -Dsonar.host.url=https://sonarqube.k8s-ants.inf.um.es \ | |
| -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
| #- name: Show SonarQube Dashboard URL | |
| # run: echo "See results: https://sonarqube.k8s-ants.inf.um.es/dashboard?id=idm-fluidos-aries-framework-go" | |
| - name: Download CNES Report CLI | |
| run: | | |
| curl -L -o sonar-cnes-report.jar https://github.com/cnescatlab/sonar-cnes-report/releases/latest/download/sonar-cnes-report.jar | |
| - name: Generate CNES Report | |
| run: | | |
| mkdir report | |
| java -jar sonar-cnes-report.jar \ | |
| -s https://sonarqube.k8s-ants.inf.um.es \ | |
| -t ${{ secrets.SONAR_TOKEN }} \ | |
| -p idm-fluidos-aries-framework-go \ | |
| -o ./report \ | |
| -f console,html,md | |
| - name: Upload CNES Report Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sonarqube-cnes-report | |
| path: ./report |