forked from jfrog/setup-jfrog-cli
-
Notifications
You must be signed in to change notification settings - Fork 1
112 lines (98 loc) · 3.75 KB
/
sonar_test.yml
File metadata and controls
112 lines (98 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: "Test-with-|Sonar"
on: [push]
permissions:
id-token: write
contents: read
attestations: write
jobs:
test:
runs-on: self-hosted
steps:
# Checkout and install prerequisites
- name: Checkout
uses: actions/checkout@v4
- name: Setup NodeJS
uses: actions/setup-node@v4
with:
node-version: "20.x"
- name: Install jfrog cli
id: setup-cli
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: https://${{ vars.JF_URL }}
JF_PROJECT: "barber-shop"
with:
oidc-provider-name: github-barber-shop
- name: Generate .npmrc
run: |
jfrog c show
jf npm-config --global --repo-resolve=barber-shop-npm-remote --repo-deploy=barber-shop-npm-local
# Check build URL
- name: Check build URL
uses: wei/curl@master
with:
args: -I ${JFROG_CLI_BUILD_URL}
if: runner.os == 'Linux'
# Install and run tests
# - name: Install
# run: jf npm i --project barber-shop
- name: Install SonarQube Scanner
run: |
curl -sL -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip
unzip sonar-scanner.zip
export PATH=$PATH:$PWD/sonar-scanner-6.2.1.4610/bin
pwd
ls -l $PWD/sonar-scanner-6.2.1.4610/bin/
echo "$PWD/sonar-scanner-6.2.1.4610/bin"
- name: Run SonarScanner
id: run-sonar-scanner
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
$PWD/sonar-scanner-6.2.1.4610/bin/sonar-scanner \
-Dsonar.projectKey=setup-jfrog-cli \
-Dsonar.organization=my-evidence-test-org1 \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.java.jdkHome=$JAVA_HOME \
-Dsonar.verbose=true \
-Dsonar.token=$SONAR_TOKEN
- name: get task id
run: |
cat $PWD/.scannerwork/report-task.txt
- name: publish to artifactory
run: |
jf npm publish --project barber-shop --registry https://${{ vars.JF_URL }}/artifactory/api/npm/barber-shop-npm-local/
- name: Authenticate Docker
uses: docker/login-action@v3
with:
registry: ${{ vars.JF_URL }}
username: ${{ steps.setup-cli.outputs.oidc-user }}
password: ${{ steps.setup-cli.outputs.oidc-token }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64,linux/arm64
install: true
- name: docker build through
id: build-and-push
run: |
docker buildx ls
jf docker --version
jf docker build --tag ${{ vars.JF_URL }}/barber-shop-docker-local/book-service:${{ github.run_number }} --platform linux/amd64 --metadata-file metadata.json --push .
digest=$(cat metadata.json | jq '.["containerimage.digest"]')
echo "digest=$digest"
echo "docker_digest=$digest" | tr -d '"' >> $GITHUB_OUTPUT
- name: Generate docker attestation
id: attest
uses: actions/attest-build-provenance@v2
with:
subject-name: barber-shop-docker-local/book-service/${{ github.run_number }}/list.manifest.json
subject-digest: ${{ steps.build-and-push.outputs.docker_digest }}
- name: check attestation bundle
run: |
echo "bundle-path=${{ steps.attest.outputs.bundle-path }} "
echo "----------------"
cat ${{ steps.attest.outputs.bundle-path }}
echo "----------------"