forked from RedHatInsights/edge-api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sonarqube.sh
executable file
·91 lines (70 loc) · 2.83 KB
/
sonarqube.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
set -o nounset
mkdir "${PWD}/sonarqube/"
mkdir "${PWD}/sonarqube/download/"
mkdir "${PWD}/sonarqube/extract/"
mkdir "${PWD}/sonarqube/certs/"
mkdir "${PWD}/sonarqube/store/"
RH_IT_ROOT_CA_CRT="${PWD}/sonarqube/certs/RH-IT-Root-CA.crt"
EXPECTED_SHA1_FINGERPRINT='SHA1 Fingerprint=E0:A7:13:80:9D:96:3E:EE:5F:8B:74:24:74:8D:EF:3D:0C:0F:C4:0E'
curl --output "${RH_IT_ROOT_CA_CRT}" "${ROOT_CA_CERT_URL}"
FOUND_SHA1_FINGERPRINT="$(openssl x509 -fingerprint -in "${RH_IT_ROOT_CA_CRT}" -noout | grep "^${EXPECTED_SHA1_FINGERPRINT}$")"
if [ "${EXPECTED_SHA1_FINGERPRINT}" != "${FOUND_SHA1_FINGERPRINT}" ];
then
echo "Fingerprints do not match:"
echo -e "\tExpecting '$EXPECTED_SHA1_FINGERPRINT}"
echo -e "\tFound: '${FOUND_SHA1_FINGERPRINT}'"
exit 2
fi
if [ "${BUILD_NUMBER:-}" == '' ];
then
sudo mv -i -v "${RH_IT_ROOT_CA_CRT}" "/etc/pki/ca-trust/source/anchors/"
sudo update-ca-trust extract
fi
KEYSTORE_PASSWORD="$(openssl rand -base64 32)"
KEYSTORE_PATH="${PWD}/sonarqube/store/RH-IT-Root-CA.keystore"
if [ "${JAVA_HOME:-}" == '' ];
then
BIN_DIR=$(dirname "$(which java)" )
JAVA_HOME=$(dirname "${BIN_DIR}" )
fi
"${JAVA_HOME}/bin/keytool" \
-keystore "${KEYSTORE_PATH}" \
-import \
-alias "RH-IT-Root-CA" \
-file "${RH_IT_ROOT_CA_CRT}" \
-storepass "${KEYSTORE_PASSWORD}" \
-noprompt
export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore=${KEYSTORE_PATH} -Djavax.net.ssl.trustStorePassword=${KEYSTORE_PASSWORD}"
export SONAR_SCANNER_OS="linux"
export SONAR_SCANNER_CLI_VERSION="4.7.0.2747"
export SONAR_SCANNER_DOWNLOAD_NAME="sonar-scanner-cli-${SONAR_SCANNER_CLI_VERSION}-${SONAR_SCANNER_OS}"
export SONAR_SCANNER_NAME="sonar-scanner-${SONAR_SCANNER_CLI_VERSION}-${SONAR_SCANNER_OS}"
curl --output "${PWD}/sonarqube/download/${SONAR_SCANNER_DOWNLOAD_NAME}.zip" "${SONARQUBE_CLI_URL}"
unzip -d "${PWD}/sonarqube/extract/" "${PWD}/sonarqube/download/${SONAR_SCANNER_DOWNLOAD_NAME}.zip"
export PATH="${PWD}/sonarqube/extract/${SONAR_SCANNER_NAME}/bin:${PATH}"
COMMIT_SHORT=$(git rev-parse --short=7 HEAD)
OPENJDK_CONTAINER_IMAGE='registry.redhat.io/ubi8/openjdk-17-runtime:latest'
podman pull "${OPENJDK_CONTAINER_IMAGE}"
{ \
echo "COMMIT_SHORT=${COMMIT_SHORT}";
echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}";
echo "SONAR_SCANNER_NAME=${SONAR_SCANNER_NAME}";
echo "SONARQUBE_REPORT_URL=${SONARQUBE_REPORT_URL}";
echo "SONARQUBE_TOKEN=${SONARQUBE_TOKEN}";
} > "${PWD}/sonarqube/my-env.txt"
cp /etc/group "${PWD}/group"
cp /etc/passwd "${PWD}/passwd"
podman run \
--volume "${PWD}":/home/jboss:z \
--env-file "${PWD}/sonarqube/my-env.txt" \
"${OPENJDK_CONTAINER_IMAGE}" \
/bin/bash "sonarqube_exec.sh"
mkdir -p "${WORKSPACE}/artifacts"
cat << @EOF > "${WORKSPACE}/artifacts/junit-dummy.xml"
<testsuite tests="1">
<testcase classname="dummy" name="dummytest"/>
</testsuite>
@EOF
rm "${PWD}/group"
rm "${PWD}/passwd"