diff --git a/Dockerfile b/Dockerfile index f3191b9..65a7e68 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,6 @@ LABEL version="1.1.0" \ com.github.actions.icon="check" \ com.github.actions.color="green" -# https://help.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user -USER root COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh diff --git a/entrypoint.sh b/entrypoint.sh index 29cda00..f4c1fed 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,8 +3,9 @@ set -e if [[ -z "${SONAR_TOKEN}" ]]; then - echo "This GitHub Action requires the SONAR_TOKEN env variable." - exit 1 + echo "============================ WARNING ============================" + echo "Running this GitHub Action without SONAR_TOKEN is not recommended" + echo "============================ WARNING ============================" fi if [[ -z "${SONAR_HOST_URL}" ]]; then @@ -25,3 +26,8 @@ fi unset JAVA_HOME sonar-scanner -Dsonar.projectBaseDir=${INPUT_PROJECTBASEDIR} ${INPUT_ARGS} + +_tmp_file=$(ls "${INPUT_PROJECTBASEDIR}/" | head -1) +PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR}/$_tmp_file") + +chown -R $PERM "${INPUT_PROJECTBASEDIR}/" diff --git a/test/run-qa.sh b/test/run-qa.sh index 47b1f3f..e822da5 100755 --- a/test/run-qa.sh +++ b/test/run-qa.sh @@ -16,6 +16,8 @@ check_sq_is_up() { echo $status; } +_current_perm=$(stat -c "%u:%g" $(pwd)) + info "Build scanner action..." docker build --no-cache -t sonarsource/sonarqube-scan-action . if [[ ! $? -eq 0 ]]; then @@ -88,13 +90,18 @@ success "Correctly failed fast." info "Analyze project..." cd test/example-project/ -docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action +docker run -v `pwd`:/github/workspace/ --workdir /github/workspace --network $network --env INPUT_PROJECTBASEDIR=/github/workspace --env SONAR_TOKEN=$token --env SONAR_HOST_URL='http://sonarqube:9000' sonarsource/sonarqube-scan-action if [[ ! $? -eq 0 ]]; then error "Couldn't run the analysis." exit 1 elif [[ ! -f ".scannerwork/report-task.txt" ]]; then error "Couldn't find the report task file. Analysis failed." exit 1 +elif [ ! "$(stat -c "%u:%g" ".scannerwork/report-task.txt")" == "$_current_perm" ]; then + error "File permissions differ from desired once" + error "desired: $_current_perm" + error "actual: $(stat -c "%u:%g" ".scannerwork/report-task.txt")" + exit 1 fi success "Analysis successful."