Skip to content

Commit 29d6e60

Browse files
mshimamshima
committed
ci: use token in sonar-pr
1 parent b9b6fb7 commit 29d6e60

File tree

1 file changed

+20
-19
lines changed

1 file changed

+20
-19
lines changed

.github/actions/sonar/action.yml

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,21 @@ runs:
8181
echo "::endgroup::"
8282
8383
# Create SonarQube project
84-
- name: 'Create SonarQube project'
84+
- name: 'Setup SonarQube'
8585
if: github.event_name == 'pull_request'
8686
shell: bash
8787
run: |
88-
curl -s -u admin:admin -X POST "http://localhost:9000/api/projects/create?name=${{ inputs.sonar-project-key }}&project=${{ inputs.sonar-project-key }}" || true
88+
SONAR_HOST_URL=http://localhost:9000
89+
LOCAL_SONAR_LOGIN=admin
90+
LOCAL_SONAR_PASSWORD=admin
91+
92+
SONAR_TOKEN=$(curl -s -u $LOCAL_SONAR_LOGIN:$LOCAL_SONAR_PASSWORD -X POST "$SONAR_HOST_URL/api/user_tokens/generate?login=$LOCAL_SONAR_LOGIN&name=token&type=USER_TOKEN" | jq -r '.token')
93+
94+
curl -s -u $SONAR_TOKEN: -X POST "$SONAR_HOST_URL/api/projects/create?name=${{ inputs.sonar-project-key }}&project=${{ inputs.sonar-project-key }}"
95+
curl -s -u $SONAR_TOKEN: -X POST "$SONAR_HOST_URL/api/permissions/add_user?login=$LOCAL_SONAR_LOGIN&permission=scan"
96+
97+
echo "SONAR_HOST_URL=$SONAR_HOST_URL" >> $GITHUB_ENV
98+
echo "SONAR_TOKEN=$SONAR_TOKEN" >> $GITHUB_ENV
8999
90100
# Run SonarQube analysis on the main branch or add an empty scan
91101
- name: 'Run SonarQube analysis on main branch'
@@ -94,10 +104,7 @@ runs:
94104
run: >-
95105
echo "::group::Scanning main branch application" &&
96106
./mvnw --batch-mode initialize org.jacoco:jacoco-maven-plugin:prepare-agent sonar:sonar
97-
-Dsonar.host.url=http://localhost:9000
98107
-Dsonar.projectKey=${{ inputs.sonar-project-key }}
99-
-Dsonar.login=admin
100-
-Dsonar.password=admin
101108
-Dsonar.branch.name=main &&
102109
echo "::endgroup::"
103110
working-directory: ${{ inputs.sonar-project-key }}
@@ -109,11 +116,8 @@ runs:
109116
echo "::group::Scanning empty commit" &&
110117
git init &&
111118
git commit -m "Initial commit" --allow-empty &&
112-
docker run --net=host -v ".:/usr/src" --rm sonarsource/sonar-scanner-cli
113-
-Dsonar.host.url=http://localhost:9000
119+
docker run --net=host -v ".:/usr/src" -e SONAR_HOST_URL -e SONAR_TOKEN --rm sonarsource/sonar-scanner-cli
114120
-Dsonar.projectKey=${{ inputs.sonar-project-key }}
115-
-Dsonar.login=admin
116-
-Dsonar.password=admin
117121
-Dsonar.branch.name=main &&
118122
echo "::endgroup::"
119123
working-directory: ${{ inputs.sonar-project-key }}
@@ -146,10 +150,7 @@ runs:
146150
run: >-
147151
echo "::group::Scanning PR application changes" &&
148152
./mvnw --batch-mode initialize org.jacoco:jacoco-maven-plugin:prepare-agent sonar:sonar
149-
-Dsonar.host.url=http://localhost:9000
150153
-Dsonar.projectKey=${{ inputs.sonar-project-key }}
151-
-Dsonar.login=admin
152-
-Dsonar.password=admin
153154
-Dsonar.pullrequest.key=${{github.event.pull_request.number}}
154155
-Dsonar.pullrequest.branch=dev
155156
-Dsonar.pullrequest.base=main
@@ -163,7 +164,7 @@ runs:
163164
shell: bash
164165
run: |
165166
timeout 300s bash -c 'while :; do
166-
response=$(curl -s -u admin:admin "http://localhost:9000/api/ce/component?component=${{ inputs.sonar-project-key }}")
167+
response=$(curl -s -u $SONAR_TOKEN: "$SONAR_HOST_URL/api/ce/component?component=${{ inputs.sonar-project-key }}")
167168
queue_status=$(echo "$response" | jq -r ".queue[]?.status")
168169
current_status=$(echo "$response" | jq -r ".current.status")
169170
@@ -187,14 +188,14 @@ runs:
187188
id: sonar_metrics
188189
shell: bash
189190
run: |
190-
SONAR_RESPONSE=$(curl -s -u admin:admin \
191-
"http://localhost:9000/api/measures/component?component=${{ inputs.sonar-project-key }}&pullRequest=${{ github.event.pull_request.number }}&metricKeys=new_bugs,new_vulnerabilities,new_code_smells,new_coverage,new_duplicated_lines_density,new_violations")
191+
SONAR_RESPONSE=$(curl -s -u $SONAR_TOKEN: \
192+
"$SONAR_HOST_URL/api/measures/component?component=${{ inputs.sonar-project-key }}&pullRequest=${{ github.event.pull_request.number }}&metricKeys=new_bugs,new_vulnerabilities,new_code_smells,new_coverage,new_duplicated_lines_density,new_violations")
192193
echo ":::group::PR SonarQube Analysis"
193194
echo "$SONAR_RESPONSE"
194195
echo "::endgroup::"
195196
196-
SONAR_RESPONSE_MAIN=$(curl -s -u admin:admin \
197-
"http://localhost:9000/api/measures/component?component=${{ inputs.sonar-project-key }}&metricKeys=violations")
197+
SONAR_RESPONSE_MAIN=$(curl -s -u $SONAR_TOKEN: \
198+
"$SONAR_HOST_URL/api/measures/component?component=${{ inputs.sonar-project-key }}&metricKeys=violations")
198199
echo ":::group::SonarQube Analysis"
199200
echo "$SONAR_RESPONSE_MAIN"
200201
echo "::endgroup::"
@@ -243,8 +244,8 @@ runs:
243244
echo ""
244245
echo "<details><summary>Unresolved New Issues (click to expand)</summary>"
245246
echo ""
246-
ISSUES=$(curl -s -u admin:admin \
247-
"http://localhost:9000/api/issues/search?componentKeys=${{ inputs.sonar-project-key }}&resolved=false&pullRequest=${{ github.event.pull_request.number }}" | \
247+
ISSUES=$(curl -s -u $SONAR_TOKEN: \
248+
"$SONAR_HOST_URL/api/issues/search?componentKeys=${{ inputs.sonar-project-key }}&resolved=false&pullRequest=${{ github.event.pull_request.number }}" | \
248249
jq -r '.issues[] | "File: \(.component) Line: \(.line)\n [\(.rule)] \(.message)\n"')
249250
echo "$ISSUES"
250251
echo "</details>"

0 commit comments

Comments
 (0)