Create sonar_test.yml

Author: carmithersh

.github/workflows/sonar_test.yml

@@ -0,0 +1,111 @@
+name: "Test-with-sonar"
+on: [push]
+permissions:
+      id-token: write
+      contents: read
+      attestations: write
+jobs:
+  test:
+    runs-on: self-hosted
+    steps:
+      # Checkout and install prerequisites
+      - name: Checkout
+        uses: actions/checkout@v4
+        
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20.x"
+
+      - name: Install jfrog cli
+        id:   setup-cli
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: https://${{ vars.JF_URL }}
+          JF_PROJECT: "barber-shop"
+        with:
+         oidc-provider-name: github-barber-shop
+      - name: Generate .npmrc
+        run: | 
+           jfrog c show
+           jf npm-config --global --repo-resolve=barber-shop-npm-remote --repo-deploy=barber-shop-npm-local
+          
+      # Check build URL
+      - name: Check build URL
+        uses: wei/curl@master
+        with:
+          args: -I ${JFROG_CLI_BUILD_URL}
+        if: runner.os == 'Linux'
+
+      # Install and run tests
+      - name: Install
+        run: jf npm i --project barber-shop 
+
+      - name: Install SonarQube Scanner
+        run: |          
+          curl -sL  -sSLo sonar-scanner.zip  https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip
+          unzip sonar-scanner.zip
+          export PATH=$PATH:$PWD/sonar-scanner-6.2.1.4610/bin
+          pwd
+          ls -l $PWD/sonar-scanner-6.2.1.4610/bin/
+          echo "$PWD/sonar-scanner-6.2.1.4610/bin"
+          
+      - name: Run SonarScanner
+        id: run-sonar-scanner
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          $PWD/sonar-scanner-6.2.1.4610/bin/sonar-scanner \
+            -Dsonar.projectKey=setup-jfrog-cli \
+            -Dsonar.organization=my-evidence-test-org1 \
+            -Dsonar.host.url=https://sonarcloud.io \
+            -Dsonar.java.jdkHome=$JAVA_HOME \
+            -Dsonar.verbose=true \
+            -Dsonar.token=$SONAR_TOKEN
+      - name: get task id
+        run: |
+          cat $PWD/.scannerwork/report-task.txt
+      - name: publish to artifactory
+        run: |
+          jf npm publish --project barber-shop  --registry https://${{ vars.JF_URL }}/artifactory/api/npm/barber-shop-npm-local/
+
+      - name: Authenticate Docker
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.JF_URL }}
+          username: ${{ steps.setup-cli.outputs.oidc-user }}
+          password: ${{ steps.setup-cli.outputs.oidc-token }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+          install: true 
+          
+      - name: docker build through 
+        id: build-and-push
+        run: |  
+          docker buildx ls
+          jf docker --version
+          jf docker build --tag ${{ vars.JF_URL }}/barber-shop-docker-local/book-service:${{ github.run_number }} --platform linux/amd64 --metadata-file  metadata.json --push .
+
+          digest=$(cat metadata.json | jq '.["containerimage.digest"]')
+          echo "digest=$digest"
+          echo "docker_digest=$digest" | tr -d '"' >> $GITHUB_OUTPUT
+      
+      - name: Generate docker attestation
+        id: attest
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: barber-shop-docker-local/book-service/${{ github.run_number }}/list.manifest.json
+          subject-digest: ${{ steps.build-and-push.outputs.docker_digest }}
+      
+      - name: check attestation bundle
+        run: |
+          echo "bundle-path=${{ steps.attest.outputs.bundle-path }} "
+          echo "----------------"
+          cat ${{ steps.attest.outputs.bundle-path }} 
+          echo "----------------"