alyx
/
sonarqube-scan-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SQSCANGHA-6 Add ability to pass custom PEM certificate to action (#37)

This commit is contained in:
Bart Riepe 2022-09-26 23:47:58 +09:00 committed by GitHub
parent 26fe7d6b0e
commit 50d5d98163
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -63,6 +63,17 @@ If your source code file names contain special characters that are not covered b
LC_ALL: "ru_RU.UTF-8"
```
If your SonarQube server uses a self-signed certificate, you can pass a root certificate (in PEM format) to the java certificate store:
```yaml
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_ROOT_CERT: ${{ secrets.SONAR_ROOT_CERT }}
```
You can change the analysis base directory by using the optional input `projectBaseDir` like this:
```yaml
@ -91,6 +102,7 @@ More information about possible analysis parameters can be found in [the documen
- `SONAR_TOKEN` **Required** this is the token used to authenticate access to SonarQube. You can read more about security tokens [here](https://docs.sonarqube.org/latest/user-guide/user-token/). You can set the `SONAR_TOKEN` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
- `SONAR_HOST_URL` **Required** this tells the scanner where SonarQube is hosted. You can set the `SONAR_HOST_URL` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
- `SONAR_ROOT_CERT` Holds an additional root certificate (in PEM format) that is used to validate the SonarQube server certificate. You can set the `SONAR_ROOT_CERT` environment variable in the "Secrets" settings page of your repository, or you can add them at the level of your GitHub organization (recommended).
## Alternatives for Java, .NET, and C/C++ projects

7
entrypoint.sh
View File

@ -13,6 +13,13 @@ if [[ -z "${SONAR_HOST_URL}" ]]; then
exit 1
fi
if [[ -n "${SONAR_ROOT_CERT}" ]]; then
echo "Adding custom root certificate to java certificate store"
rm -f /tmp/tmpcert.pem
echo "${SONAR_ROOT_CERT}" > /tmp/tmpcert.pem
keytool -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias sonarqube -file /tmp/tmpcert.pem
fi
if [[ -f "${INPUT_PROJECTBASEDIR%/}pom.xml" ]]; then
echo "Maven project detected. You should run the goal 'org.sonarsource.scanner.maven:sonar' during build rather than using this GitHub Action."
exit 1