[TEST] SQCPPGHA-9 Test SONAR_ROOT_CERT with Build Wrapper installation #67
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [opened, synchronize, reopened] | |
jobs: | |
create-install-dir-test: | |
name: create_install_path.sh script test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Existing | |
shell: bash | |
env: | |
INSTALL_PATH: '.sonar' | |
run: | | |
echo "- Create dir" | |
mkdir -p "${INSTALL_PATH}" | |
echo "- Test script behavior" | |
./scripts/create_install_path.sh > output | |
grep -v "::error::" output | |
- name: Non-existing nested in current dir | |
shell: bash | |
env: | |
INSTALL_PATH: '.sonar' | |
run: | | |
./scripts/create_install_path.sh > output | |
grep -v "::error::" output | |
test -d "${INSTALL_PATH}" | |
- name: Nonexisting nested in home | |
shell: bash | |
env: | |
INSTALL_PATH: '~/third_party/.sonar' | |
run: | | |
./scripts/create_install_path.sh > output | |
grep -v "::error::" output | |
test -d "${INSTALL_PATH}" | |
- name: Empty install dir specified | |
shell: bash | |
env: | |
INSTALL_PATH: '' | |
run: | | |
(./scripts/create_install_path.sh || echo "=== Script failed ===") > output | |
grep "::error::Empty installation path specified" output | |
grep "=== Script failed ===" output | |
- name: No permission to create directory | |
shell: bash | |
env: | |
INSTALL_PATH: '/non_creatable' | |
run: | | |
(./scripts/create_install_path.sh || echo "=== Script failed ===") > output | |
grep "::error::Failed to create non-existing installation path '/non_creatable'" output | |
grep "=== Script failed ===" output | |
- name: Existing but not directory | |
shell: bash | |
env: | |
INSTALL_PATH: 'not_directory' | |
run: | | |
echo "- Create normal file" | |
echo "content" > "${INSTALL_PATH}" | |
echo "- Test script behavior" | |
(./scripts/create_install_path.sh || echo "=== Script failed ===") > output | |
grep "::error::Installation path 'not_directory' is not a directory" output | |
grep "=== Script failed ===" output | |
- name: Existing but not readable | |
shell: bash | |
env: | |
INSTALL_PATH: 'not_readable' | |
run: | | |
echo "- Create dir and make it not readable" | |
mkdir -p "${INSTALL_PATH}" | |
chmod -r "${INSTALL_PATH}" | |
echo "- Test script behavior" | |
(./scripts/create_install_path.sh || echo "=== Script failed ===") > output | |
grep "::error::Installation path 'not_readable' is not readable" output | |
grep "=== Script failed ===" output | |
- name: Existing but not writeable | |
shell: bash | |
env: | |
INSTALL_PATH: 'not_writeable' | |
run: | | |
echo "- Create dir and make it not writeable" | |
mkdir -p "${INSTALL_PATH}" | |
chmod -w "${INSTALL_PATH}" | |
echo "- Test script behavior" | |
(./scripts/create_install_path.sh || echo "=== Script failed ===") > output | |
grep "::error::Installation path 'not_writeable' is not writeable" output | |
grep "=== Script failed ===" output | |
setup-script-test: | |
name: configure_paths.sh script test | |
runs-on: ubuntu-latest | |
env: | |
INSTALL_PATH: 'install-directory' | |
SONAR_HOST_URL: 'http://sonar-host.com' | |
SONAR_SCANNER_VERSION: 'vX.Y.Z.MMMM' | |
SONAR_SCANNER_URL_WINDOWS_X64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-windows-x64.zip' | |
SONAR_SCANNER_SHA_WINDOWS_X64: 'DOWNLOAD-SHA-WINDOWS-X64' | |
SONAR_SCANNER_URL_LINUX_X64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux-x64.zip' | |
SONAR_SCANNER_SHA_LINUX_X64: 'DOWNLOAD-SHA-LINUX-X64' | |
SONAR_SCANNER_URL_LINUX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux-aarch64.zip' | |
SONAR_SCANNER_SHA_LINUX_AARCH64: 'DOWNLOAD-SHA-LINUX-AARCH64' | |
SONAR_SCANNER_URL_MACOSX_X64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-x64.zip' | |
SONAR_SCANNER_SHA_MACOSX_X64: 'DOWNLOAD-SHA-MACOSX-X64' | |
SONAR_SCANNER_URL_MACOSX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip' | |
SONAR_SCANNER_SHA_MACOSX_AARCH64: 'DOWNLOAD-SHA-MACOSX-AARCH64' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Windows | |
shell: bash | |
env: | |
OS: 'Windows' | |
ARCH: 'X64' | |
run: | | |
./scripts/configure_paths.sh > output | |
grep -v "::error::" output | |
echo "- Check sonar-scanner:" | |
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-windows-x64.zip" output | |
grep "sonar-scanner-sha=DOWNLOAD-SHA-WINDOWS-X64" output | |
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-windows-x64" output | |
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-windows-x64/bin/sonar-scanner.bat" output | |
echo "- Check build-wrapper:" | |
grep "build-wrapper-url=http://sonar-host.com/static/cpp/build-wrapper-win-x86.zip" output | |
grep "build-wrapper-dir=install-directory/build-wrapper-win-x86" output | |
grep "build-wrapper-bin=install-directory/build-wrapper-win-x86/build-wrapper-win-x86-64.exe" output | |
- name: Linux X64 | |
shell: bash | |
env: | |
OS: 'Linux' | |
ARCH: 'X64' | |
run: | | |
./scripts/configure_paths.sh > output | |
grep -v "::error::" output | |
echo "- Check sonar-scanner:" | |
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux-x64.zip" output | |
grep "sonar-scanner-sha=DOWNLOAD-SHA-LINUX-X64" output | |
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux-x64" output | |
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux-x64/bin/sonar-scanner" output | |
echo "- Check build-wrapper:" | |
grep "build-wrapper-url=http://sonar-host.com/static/cpp/build-wrapper-linux-x86.zip" output | |
grep "build-wrapper-dir=install-directory/build-wrapper-linux-x86" output | |
grep "build-wrapper-bin=install-directory/build-wrapper-linux-x86/build-wrapper-linux-x86-64" output | |
- name: Linux ARM64 | |
shell: bash | |
env: | |
OS: 'Linux' | |
ARCH: 'ARM64' | |
run: | | |
./scripts/configure_paths.sh > output | |
grep -v "::error::" output | |
echo "- Check sonar-scanner:" | |
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-linux-aarch64.zip" output | |
grep "sonar-scanner-sha=DOWNLOAD-SHA-LINUX-AARCH64" output | |
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux-aarch64" output | |
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-linux-aarch64/bin/sonar-scanner" output | |
echo "- Check build-wrapper:" | |
grep "build-wrapper-url=http://sonar-host.com/static/cpp/build-wrapper-linux-aarch64.zip" output | |
grep "build-wrapper-dir=install-directory/build-wrapper-linux-aarch64" output | |
grep "build-wrapper-bin=install-directory/build-wrapper-linux-aarch64/build-wrapper-linux-aarch64" output | |
- name: macOSX_X64 | |
shell: bash | |
env: | |
OS: 'macOS' | |
ARCH: 'X64' | |
run: | | |
./scripts/configure_paths.sh > output | |
grep -v "::error::" output | |
echo "- Check sonar-scanner:" | |
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-x64.zip" output | |
grep "sonar-scanner-sha=DOWNLOAD-SHA-MACOSX-X64" output | |
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx-x64" output | |
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx-x64/bin/sonar-scanner" output | |
echo "- Check build-wrapper:" | |
grep "build-wrapper-url=http://sonar-host.com/static/cpp/build-wrapper-macosx-x86.zip" output | |
grep "build-wrapper-dir=install-directory/build-wrapper-macosx-x86" output | |
grep "build-wrapper-bin=install-directory/build-wrapper-macosx-x86/build-wrapper-macosx-x86" output | |
- name: macOSX_ARM64 | |
shell: bash | |
env: | |
OS: 'macOS' | |
ARCH: 'ARM64' | |
run: | | |
./scripts/configure_paths.sh > output | |
grep -v "::error::" output | |
echo "- Check sonar-scanner:" | |
grep "sonar-scanner-url=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip" output | |
grep "sonar-scanner-sha=DOWNLOAD-SHA-MACOSX-AARCH64" output | |
grep "sonar-scanner-dir=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx-aarch64" output | |
grep "sonar-scanner-bin=install-directory/sonar-scanner-vX.Y.Z.MMMM-macosx-aarch64/bin/sonar-scanner" output | |
echo "- Check build-wrapper:" | |
grep "build-wrapper-url=http://sonar-host.com/static/cpp/build-wrapper-macosx-x86.zip" output | |
grep "build-wrapper-dir=install-directory/build-wrapper-macosx-x86" output | |
grep "build-wrapper-bin=install-directory/build-wrapper-macosx-x86/build-wrapper-macosx-x86" output | |
- name: Unssuported OS | |
shell: bash | |
env: | |
OS: 'unsupportedOS' | |
ARCH: 'X64' | |
run: | | |
(./scripts/configure_paths.sh || echo "=== Script failed ===") > output | |
echo "- Check errors:" | |
grep "::error::Unsupported runner OS 'unsupportedOS'" output | |
grep "=== Script failed ===" output | |
- name: Unssuported architecture | |
shell: bash | |
env: | |
OS: 'Linux' | |
ARCH: 'X86' | |
run: | | |
(./scripts/configure_paths.sh || echo "=== Script failed ===") > output | |
echo "- Check errors:" | |
grep "::error::Architecture 'X86' is unsupported by build-wrapper" output | |
grep "=== Script failed ===" output | |
download-script-test: | |
name: download.sh script test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Download test without validation | |
shell: bash | |
env: | |
INSTALL_PATH: 'install-directory-no-sha-validation' | |
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' | |
EXPECTED_SHA: 'incorrect-sha-not-validated' | |
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip | |
run: | | |
./scripts/download.sh > output | |
test -f "$TMP_ZIP_PATH" | |
grep -v "::error::" output | |
- name: Download test with validation | |
shell: bash | |
env: | |
INSTALL_PATH: 'install-directory-sha-validation' | |
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' | |
EXPECTED_SHA: '9411331814c1d002bd65d37758b872918b7602e7cf3ca5b83a3e19a729b2be05' | |
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip | |
run: | | |
./scripts/download.sh -v > output | |
test -f "$TMP_ZIP_PATH" | |
grep -v "::error::" output | |
- name: Incorrect install dir | |
shell: bash | |
env: | |
INSTALL_PATH: '' | |
run: | | |
(./scripts/download.sh || echo "=== Script failed ===") > output | |
grep "::error::Failed to create" output | |
grep "=== Script failed ===" output | |
- name: Incorrect download url | |
shell: bash | |
env: | |
INSTALL_PATH: 'install-directory-incorrect-url' | |
DOWNLOAD_URL: 'incorrect-url' | |
run: | | |
(./scripts/download.sh || echo "=== Script failed ===") > output | |
grep "::error::Failed to download 'incorrect-url'" output | |
grep "=== Script failed ===" output | |
- name: Incorrect SHA256 | |
shell: bash | |
env: | |
INSTALL_PATH: 'install-directory-incorrect-sha' | |
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' | |
EXPECTED_SHA: 'incorrect-sha256' | |
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip | |
run: | | |
(./scripts/download.sh -v || echo "=== Script failed ===") > output | |
grep "::error::Checking sha256 failed" output | |
grep "=== Script failed ===" output | |
- name: Mismatching SHA256 | |
shell: bash | |
env: | |
INSTALL_PATH: 'install-directory-mismtaching-sha' | |
DOWNLOAD_URL: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' | |
EXPECTED_SHA: '3e121d85a4adb1f30b917d5f3eb897966b59e02c3d6d313a78dcd964193dc963' | |
TMP_ZIP_PATH: ${{ runner.temp }}/sonar-scanner.zip | |
run: | | |
(./scripts/download.sh -v || echo "=== Script failed ===") > output | |
grep "::error::Checking sha256 failed" output | |
grep "=== Script failed ===" output | |
fetch-latest-version-test: | |
name: fetch_latest_version.sh script test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Test script | |
shell: bash | |
run: | | |
./scripts/fetch_latest_version.sh > output | |
echo "- Check sonar-scanner version:" | |
grep "sonar-scanner-version=" output | |
SONAR_SCANNER_VERSION=$(cat output | cut -d= -f 2) | |
test ! -z "${SONAR_SCANNER_VERSION}" | |
echo "- Check windows sonar-scanner URLs:" | |
grep "sonar-scanner-url-windows-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-windows-x64.zip" output | |
grep -e "^sonar-scanner-sha-windows-x64=[0-9A-Fa-f]\+$" output | |
echo "- Check linux sonar-scanner URLs:" | |
grep "sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" output | |
grep -e "^sonar-scanner-sha-linux-x64=[0-9A-Fa-f]\+$" output | |
grep "sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-aarch64.zip" output | |
grep -e "^sonar-scanner-sha-linux-aarch64=[0-9A-Fa-f]\+$" output | |
echo "- Check macosx sonar-scanner URLs:" | |
grep "sonar-scanner-url-linux-x64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" output | |
grep -e "^sonar-scanner-sha-linux-x64=[0-9A-Fa-f]\+$" output | |
grep "sonar-scanner-url-linux-aarch64=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-aarch64.zip" output | |
grep -e "^sonar-scanner-sha-linux-aarch64=[0-9A-Fa-f]\+$" output | |
output-test: | |
name: Test action outputs | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest, macos-latest, macos-13] | |
cache: [true, false] | |
include: | |
- arch: X64 | |
- os: macos-latest | |
arch: ARM64 | |
runs-on: ${{ matrix.os }} | |
steps: | |
# Specifying a specific architecture of the runner is not possible for Github hosted runners | |
# We can only check if the runner architecture matches the expected one | |
- name: check_runner_arch | |
shell: bash | |
run: | | |
echo "Runner architecture: ${{ runner.arch }}" | |
if [[ "${{ runner.arch }}" != "${{ matrix.arch }}" ]]; then | |
echo "##[error]Runner architecture does not match the expected one" | |
exit 1 | |
fi | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Run SonarQube C/C++ action | |
id: run-action | |
uses: ./ | |
env: | |
SONAR_HOST_URL: 'https://next.sonarqube.com/sonarqube/' | |
with: | |
cache-binaries: ${{ matrix.cache }} | |
- name: SONAR_HOST_URL is set | |
shell: bash | |
run: | | |
[[ $SONAR_HOST_URL == "https://next.sonarqube.com/sonarqube/" ]] | |
- name: sonar-scanner is installed and in PATH | |
run: | | |
sonar-scanner --help | grep "usage: sonar-scanner " | |
- name: sonar-scanner-binary output is correct | |
shell: bash | |
env: | |
BINARY: ${{ steps.run-action.outputs.sonar-scanner-binary }} | |
run: | | |
"$BINARY" --help | grep "usage: sonar-scanner " | |
# build-wrapper does not have --help or equivalent option. | |
# Pass to few arguments and ignore error code | |
- name: build-wrapper is installed and in PATH on Windows | |
if: runner.os == 'Windows' | |
shell: bash | |
run: | | |
(build-wrapper-win-x86-64.exe || true) | grep "build-wrapper, version " | |
- name: build-wrapper is installed and in PATH on Linux | |
if: runner.os == 'Linux' | |
shell: bash | |
run: | | |
(build-wrapper-linux-x86-64 || true) | grep "build-wrapper, version " | |
- name: build-wrapper is installed and in PATH on macOS | |
if: runner.os == 'macOs' | |
shell: bash | |
run: | | |
(build-wrapper-macosx-x86 || true) | grep "build-wrapper, version " | |
- name: build-wrapper-binary output is correct | |
shell: bash | |
env: | |
BINARY: ${{ steps.run-action.outputs.build-wrapper-binary }} | |
run: | | |
("$BINARY" || true) | grep "build-wrapper, version " | |
analysisWithSslCertificate: | |
name: > | |
Build wrapper download takes into account 'SONAR_ROOT_CERT' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate server certificate | |
run: | | |
openssl req \ | |
-newkey rsa:4096 \ | |
-x509 \ | |
-sha256 \ | |
-addext "subjectAltName = DNS:localhost" \ | |
-days 3650 \ | |
-nodes \ | |
-out server.crt \ | |
-subj "/C=CH/ST=Geneva/L=Geneva/O=Server/OU=Dept" \ | |
-keyout server.key | |
working-directory: .github/qa-sq-behind-ngix | |
- name: Start nginx and SonarQube via Docker Compose | |
run: docker compose up -d --wait | |
working-directory: .github/qa-sq-behind-ngix | |
- name: Read correct server certificate | |
run: | | |
# read server.crt from .github/qa-sq-behind-ngix/ and store into the SONAR_ROOT_CERT_VALID | |
# environment variable, to be able to read it in the next step | |
{ | |
echo 'SONAR_ROOT_CERT_VALID<<==========' | |
cat .github/qa-sq-behind-ngix/server.crt | |
echo ========== | |
} >> $GITHUB_ENV | |
- name: Run action with the correct SSL certificate | |
uses: ./ | |
env: | |
SONAR_ROOT_CERT: ${{ env.SONAR_ROOT_CERT_VALID }} | |
SONAR_HOST_URL: https://localhost:4443 |