mirror of
https://github.com/SonarSource/sonarqube-scan-action.git
synced 2026-07-13 18:31:16 +03:00
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| bc1610626e | |||
| 2dfea3d9ad | |||
| 7cdc154593 | |||
| 45f27363d4 |
+3
-1
@@ -1 +1,3 @@
|
|||||||
.github/* @sonarsource/quality-processing-squad
|
# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
|
||||||
|
|
||||||
|
* @sonarsource/code-quality-ci-experience-squad
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ jobs:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||||
|
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ jobs:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||||
|
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action without args
|
- name: Run action without args
|
||||||
@@ -37,7 +37,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with args
|
- name: Run action with args
|
||||||
@@ -66,7 +66,7 @@ jobs:
|
|||||||
]
|
]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with args
|
- name: Run action with args
|
||||||
@@ -93,7 +93,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with args
|
- name: Run action with args
|
||||||
@@ -121,7 +121,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with args
|
- name: Run action with args
|
||||||
@@ -148,7 +148,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with args
|
- name: Run action with args
|
||||||
@@ -178,7 +178,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- run: mkdir -p ./baseDir
|
- run: mkdir -p ./baseDir
|
||||||
@@ -198,7 +198,7 @@ jobs:
|
|||||||
'scannerVersion' input
|
'scannerVersion' input
|
||||||
runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
|
runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with scannerVersion
|
- name: Run action with scannerVersion
|
||||||
@@ -222,7 +222,7 @@ jobs:
|
|||||||
'scannerBinariesUrl' input with invalid URL
|
'scannerBinariesUrl' input with invalid URL
|
||||||
runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
|
runs-on: github-ubuntu-latest-s # assumes default RUNNER_ARCH for linux is X64
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with scannerBinariesUrl
|
- name: Run action with scannerBinariesUrl
|
||||||
@@ -250,7 +250,7 @@ jobs:
|
|||||||
'scannerBinariesUrl' does not allow command injection via semicolons
|
'scannerBinariesUrl' does not allow command injection via semicolons
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with scannerBinariesUrl
|
- name: Run action with scannerBinariesUrl
|
||||||
@@ -271,7 +271,7 @@ jobs:
|
|||||||
'scannerBinariesUrl' does not allow command injection via spaces and quotes
|
'scannerBinariesUrl' does not allow command injection via spaces and quotes
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with scannerBinariesUrl
|
- name: Run action with scannerBinariesUrl
|
||||||
@@ -292,7 +292,7 @@ jobs:
|
|||||||
Don't fail on Gradle project
|
Don't fail on Gradle project
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action on Gradle project
|
- name: Run action on Gradle project
|
||||||
@@ -313,7 +313,7 @@ jobs:
|
|||||||
Don't fail on Kotlin Gradle project
|
Don't fail on Kotlin Gradle project
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action on Kotlin Gradle project
|
- name: Run action on Kotlin Gradle project
|
||||||
@@ -334,7 +334,7 @@ jobs:
|
|||||||
Don't fail on Maven project
|
Don't fail on Maven project
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action on Maven project
|
- name: Run action on Maven project
|
||||||
@@ -367,7 +367,7 @@ jobs:
|
|||||||
--health-timeout 5s
|
--health-timeout 5s
|
||||||
--health-retries 10
|
--health-retries 10
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action on sample project
|
- name: Run action on sample project
|
||||||
@@ -390,7 +390,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with debug mode
|
- name: Run action with debug mode
|
||||||
@@ -421,7 +421,7 @@ jobs:
|
|||||||
--health-timeout 5s
|
--health-timeout 5s
|
||||||
--health-retries 10
|
--health-retries 10
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: SonarQube Cache
|
- name: SonarQube Cache
|
||||||
@@ -450,7 +450,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with deprecated SONARCLOUD_URL
|
- name: Run action with deprecated SONARCLOUD_URL
|
||||||
@@ -469,7 +469,7 @@ jobs:
|
|||||||
scannerBinariesUrl redirect (3xx) is followed
|
scannerBinariesUrl redirect (3xx) is followed
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Generate SSL certificates for nginx
|
- name: Generate SSL certificates for nginx
|
||||||
@@ -505,7 +505,7 @@ jobs:
|
|||||||
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
os: [github-ubuntu-latest-s, github-windows-latest-s, macos-latest]
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with SSL certificate
|
- name: Run action with SSL certificate
|
||||||
@@ -556,7 +556,7 @@ jobs:
|
|||||||
Analysis takes into account 'SONAR_ROOT_CERT'
|
Analysis takes into account 'SONAR_ROOT_CERT'
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Generate server certificate
|
- name: Generate server certificate
|
||||||
@@ -664,7 +664,7 @@ jobs:
|
|||||||
truststore.p12 is updated when present
|
truststore.p12 is updated when present
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Create SONAR_SSL_FOLDER with a file in it (not-truststore.p12)
|
- name: Create SONAR_SSL_FOLDER with a file in it (not-truststore.p12)
|
||||||
@@ -793,7 +793,7 @@ jobs:
|
|||||||
'scannerVersion' input validation
|
'scannerVersion' input validation
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Run action with invalid scannerVersion
|
- name: Run action with invalid scannerVersion
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ jobs:
|
|||||||
name: create_install_path.sh
|
name: create_install_path.sh
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||||
|
|
||||||
@@ -123,7 +123,7 @@ jobs:
|
|||||||
SONAR_SCANNER_URL_MACOSX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip'
|
SONAR_SCANNER_URL_MACOSX_AARCH64: 'https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-vX.Y.Z.MMMM-macosx-aarch64.zip'
|
||||||
SONAR_SCANNER_SHA_MACOSX_AARCH64: 'DOWNLOAD-SHA-MACOSX-AARCH64'
|
SONAR_SCANNER_SHA_MACOSX_AARCH64: 'DOWNLOAD-SHA-MACOSX-AARCH64'
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||||
|
|
||||||
@@ -252,7 +252,7 @@ jobs:
|
|||||||
name: download.sh
|
name: download.sh
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||||
|
|
||||||
@@ -321,7 +321,7 @@ jobs:
|
|||||||
name: fetch_latest_version.sh
|
name: fetch_latest_version.sh
|
||||||
runs-on: github-ubuntu-latest-s
|
runs-on: github-ubuntu-latest-s
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
||||||
- name: Test script
|
- name: Test script
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ jobs:
|
|||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0
|
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e #v6.4.0
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
|
|
||||||
- name: Parse semver
|
- name: Parse semver
|
||||||
uses: madhead/semver-utils@4cf918affe9106ea59f86c6250e5ec4570ac4389 # v5.0.0
|
uses: madhead/semver-utils@4cf918affe9106ea59f86c6250e5ec4570ac4389 # v5.0.0
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ jobs:
|
|||||||
new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }}
|
new-version: ${{ steps.latest-version.outputs.sonar-scanner-version }}
|
||||||
steps:
|
steps:
|
||||||
- run: sudo apt install -y jq
|
- run: sudo apt install -y jq
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
ref: master
|
ref: master
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
@@ -49,7 +49,7 @@ jobs:
|
|||||||
pull-requests: write
|
pull-requests: write
|
||||||
if: needs.check-version.outputs.should_update == 'true'
|
if: needs.check-version.outputs.should_update == 'true'
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||||
with:
|
with:
|
||||||
ref: master
|
ref: master
|
||||||
persist-credentials: true
|
persist-credentials: true
|
||||||
|
|||||||
Vendored
+19
-4
@@ -14,6 +14,7 @@ import * as fs$2 from 'node:fs/promises';
|
|||||||
import * as os$1 from 'node:os';
|
import * as os$1 from 'node:os';
|
||||||
import * as path$1 from 'node:path';
|
import * as path$1 from 'node:path';
|
||||||
import { join } from 'node:path';
|
import { join } from 'node:path';
|
||||||
|
import { randomBytes } from 'node:crypto';
|
||||||
import * as fs$1 from 'node:fs';
|
import * as fs$1 from 'node:fs';
|
||||||
import fs__default from 'node:fs';
|
import fs__default from 'node:fs';
|
||||||
import 'http';
|
import 'http';
|
||||||
@@ -3900,6 +3901,10 @@ function toSemVer(version) {
|
|||||||
const SONARSOURCE_KEY_FINGERPRINT = "679F1EE92B19609DE816FDE81DB198F93525EC1A";
|
const SONARSOURCE_KEY_FINGERPRINT = "679F1EE92B19609DE816FDE81DB198F93525EC1A";
|
||||||
const DEFAULT_KEYSERVER = "hkps://keyserver.ubuntu.com";
|
const DEFAULT_KEYSERVER = "hkps://keyserver.ubuntu.com";
|
||||||
const FALLBACK_KEYSERVER = "hkps://keys.openpgp.org";
|
const FALLBACK_KEYSERVER = "hkps://keys.openpgp.org";
|
||||||
|
// Linux/macOS sockaddr_un.sun_path limit is 108 bytes including the NUL terminator.
|
||||||
|
// S.gpg-agent.browser is the longest socket GPG creates directly under the home directory.
|
||||||
|
const MAX_GPG_SOCKET_PATH = 107;
|
||||||
|
const LONGEST_GPG_SOCKET = "/S.gpg-agent.browser";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verifies the GPG signature of a downloaded file
|
* Verifies the GPG signature of a downloaded file
|
||||||
@@ -3990,12 +3995,22 @@ function convertToUnixPath(windowsPath) {
|
|||||||
* @returns {string} Path to the temporary GPG home directory
|
* @returns {string} Path to the temporary GPG home directory
|
||||||
*/
|
*/
|
||||||
function setupGpgHome() {
|
function setupGpgHome() {
|
||||||
const tempDir = process.env.RUNNER_TEMP || os$1.tmpdir();
|
const dirName = `gpg-${randomBytes(4).toString("hex")}`;
|
||||||
const gpgHome = path$1.join(tempDir, `gpg-home-${Date.now()}-${process.pid}`);
|
|
||||||
|
|
||||||
fs$1.mkdirSync(gpgHome, { recursive: true, mode: 0o700 });
|
const runnertemp = process.env.RUNNER_TEMP;
|
||||||
|
for (const base of [runnertemp, os$1.tmpdir()].filter(Boolean)) {
|
||||||
|
const gpgHome = path$1.join(base, dirName);
|
||||||
|
if (process.platform === "win32" || (gpgHome + LONGEST_GPG_SOCKET).length <= MAX_GPG_SOCKET_PATH) {
|
||||||
|
fs$1.mkdirSync(gpgHome, { recursive: true, mode: 0o700 });
|
||||||
|
return gpgHome;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return gpgHome;
|
throw new Error(
|
||||||
|
`Cannot create a GPG home directory with a short enough path for GPG sockets. ` +
|
||||||
|
`The longest socket path (gpgHome + "${LONGEST_GPG_SOCKET}") must not exceed ${MAX_GPG_SOCKET_PATH} characters. ` +
|
||||||
|
`Consider setting RUNNER_TEMP to a shorter path, was "${runnertemp || '<empty>'}".`
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Vendored
+1
-1
File diff suppressed because one or more lines are too long
@@ -20,7 +20,9 @@
|
|||||||
|
|
||||||
import assert from "node:assert/strict";
|
import assert from "node:assert/strict";
|
||||||
import * as fs from "node:fs";
|
import * as fs from "node:fs";
|
||||||
import { afterEach, describe, it, mock } from "node:test";
|
import * as os from "node:os";
|
||||||
|
import * as path from "node:path";
|
||||||
|
import { afterEach, beforeEach, describe, it, mock } from "node:test";
|
||||||
import { getProxyFromEnv, setupGpgHome, } from "../gpg-verification.js";
|
import { getProxyFromEnv, setupGpgHome, } from "../gpg-verification.js";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -492,6 +494,76 @@ describe("gpg-verification with mocked exec", () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe("setupGpgHome", () => {
|
||||||
|
let originalRunnerTemp;
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
originalRunnerTemp = process.env.RUNNER_TEMP;
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(() => {
|
||||||
|
if (originalRunnerTemp === undefined) {
|
||||||
|
delete process.env.RUNNER_TEMP;
|
||||||
|
} else {
|
||||||
|
process.env.RUNNER_TEMP = originalRunnerTemp;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
it("should create directory under RUNNER_TEMP when path is short enough", () => {
|
||||||
|
const runnerTemp = fs.mkdtempSync(path.join(os.tmpdir(), "runner-temp-"));
|
||||||
|
tempDirs.push(runnerTemp);
|
||||||
|
process.env.RUNNER_TEMP = runnerTemp;
|
||||||
|
|
||||||
|
const gpgHome = setupGpgHome();
|
||||||
|
tempDirs.push(gpgHome);
|
||||||
|
|
||||||
|
assert.equal(path.dirname(gpgHome), runnerTemp);
|
||||||
|
assert.ok(fs.existsSync(gpgHome));
|
||||||
|
});
|
||||||
|
|
||||||
|
it("should fall back to os.tmpdir() when RUNNER_TEMP is not set", () => {
|
||||||
|
delete process.env.RUNNER_TEMP;
|
||||||
|
|
||||||
|
const gpgHome = setupGpgHome();
|
||||||
|
tempDirs.push(gpgHome);
|
||||||
|
|
||||||
|
assert.equal(path.dirname(gpgHome), os.tmpdir());
|
||||||
|
assert.ok(fs.existsSync(gpgHome));
|
||||||
|
});
|
||||||
|
|
||||||
|
it("should fall back to os.tmpdir() when RUNNER_TEMP path is too long for GPG sockets", () => {
|
||||||
|
// Customer's actual RUNNER_TEMP (93 chars) — pushes the dirmngr socket path over the 107-char Linux limit
|
||||||
|
process.env.RUNNER_TEMP = "/codebuild/output/src2280/src/2bc4e189_61b5_4b91_abc6_9c5c06637b96/actions-runner/_work/_temp";
|
||||||
|
|
||||||
|
const gpgHome = setupGpgHome();
|
||||||
|
tempDirs.push(gpgHome);
|
||||||
|
|
||||||
|
assert.equal(path.dirname(gpgHome), os.tmpdir());
|
||||||
|
assert.ok(fs.existsSync(gpgHome));
|
||||||
|
});
|
||||||
|
|
||||||
|
it("should throw a clear error when all candidate paths are too long", async (t) => {
|
||||||
|
const longPath = "/codebuild/output/src2280/src/2bc4e189_61b5_4b91_abc6_9c5c06637b96/actions-runner/_work/_temp";
|
||||||
|
|
||||||
|
t.mock.module("node:os", {
|
||||||
|
namedExports: {
|
||||||
|
tmpdir: () => longPath,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
process.env.RUNNER_TEMP = longPath;
|
||||||
|
|
||||||
|
const { setupGpgHome: freshSetupGpgHome } = await import("../gpg-verification.js?test=both-paths-too-long");
|
||||||
|
|
||||||
|
assert.throws(
|
||||||
|
() => freshSetupGpgHome(),
|
||||||
|
{ message: `Cannot create a GPG home directory with a short enough path for GPG sockets. ` +
|
||||||
|
`The longest socket path (gpgHome + "/S.gpg-agent.browser") must not exceed 107 characters. ` +
|
||||||
|
`Consider setting RUNNER_TEMP to a shorter path, was "${longPath}".` }
|
||||||
|
);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
describe("getProxyFromEnv", () => {
|
describe("getProxyFromEnv", () => {
|
||||||
afterEach(() => {
|
afterEach(() => {
|
||||||
clearProxyEnv();
|
clearProxyEnv();
|
||||||
|
|||||||
@@ -101,9 +101,8 @@ async function withMockedEnv(envVars, testFn) {
|
|||||||
* @returns {string} The path to the created temporary directory
|
* @returns {string} The path to the created temporary directory
|
||||||
*/
|
*/
|
||||||
function createTempDir() {
|
function createTempDir() {
|
||||||
const tempDir = path.join(os.tmpdir(), `test-runner-temp-${Date.now()}`);
|
// Use a short prefix so the gpg socket path stays within the 107-char Linux limit
|
||||||
fs.mkdirSync(tempDir, { recursive: true });
|
return fs.mkdtempSync(path.join(os.tmpdir(), "r"));
|
||||||
return tempDir;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
describe("gpg-verification", () => {
|
describe("gpg-verification", () => {
|
||||||
@@ -177,10 +176,8 @@ describe("gpg-verification", () => {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should create unique directories on multiple calls", async () => {
|
it("should create unique directories on multiple calls", () => {
|
||||||
const gpgHome1 = createTrackedGpgHome(tempDirs);
|
const gpgHome1 = createTrackedGpgHome(tempDirs);
|
||||||
// Small delay to ensure different timestamps
|
|
||||||
await new Promise((resolve) => setTimeout(resolve, 10));
|
|
||||||
const gpgHome2 = createTrackedGpgHome(tempDirs);
|
const gpgHome2 = createTrackedGpgHome(tempDirs);
|
||||||
|
|
||||||
assert.notEqual(gpgHome1, gpgHome2);
|
assert.notEqual(gpgHome1, gpgHome2);
|
||||||
|
|||||||
@@ -20,6 +20,7 @@
|
|||||||
|
|
||||||
import * as core from "@actions/core";
|
import * as core from "@actions/core";
|
||||||
import * as exec from "@actions/exec";
|
import * as exec from "@actions/exec";
|
||||||
|
import { randomBytes } from "node:crypto";
|
||||||
import * as fs from "node:fs";
|
import * as fs from "node:fs";
|
||||||
import * as os from "node:os";
|
import * as os from "node:os";
|
||||||
import * as path from "node:path";
|
import * as path from "node:path";
|
||||||
@@ -27,6 +28,10 @@ import * as path from "node:path";
|
|||||||
const SONARSOURCE_KEY_FINGERPRINT = "679F1EE92B19609DE816FDE81DB198F93525EC1A";
|
const SONARSOURCE_KEY_FINGERPRINT = "679F1EE92B19609DE816FDE81DB198F93525EC1A";
|
||||||
const DEFAULT_KEYSERVER = "hkps://keyserver.ubuntu.com";
|
const DEFAULT_KEYSERVER = "hkps://keyserver.ubuntu.com";
|
||||||
const FALLBACK_KEYSERVER = "hkps://keys.openpgp.org";
|
const FALLBACK_KEYSERVER = "hkps://keys.openpgp.org";
|
||||||
|
// Linux/macOS sockaddr_un.sun_path limit is 108 bytes including the NUL terminator.
|
||||||
|
// S.gpg-agent.browser is the longest socket GPG creates directly under the home directory.
|
||||||
|
const MAX_GPG_SOCKET_PATH = 107;
|
||||||
|
const LONGEST_GPG_SOCKET = "/S.gpg-agent.browser";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Verifies the GPG signature of a downloaded file
|
* Verifies the GPG signature of a downloaded file
|
||||||
@@ -117,12 +122,22 @@ export function convertToUnixPath(windowsPath) {
|
|||||||
* @returns {string} Path to the temporary GPG home directory
|
* @returns {string} Path to the temporary GPG home directory
|
||||||
*/
|
*/
|
||||||
export function setupGpgHome() {
|
export function setupGpgHome() {
|
||||||
const tempDir = process.env.RUNNER_TEMP || os.tmpdir();
|
const dirName = `gpg-${randomBytes(4).toString("hex")}`;
|
||||||
const gpgHome = path.join(tempDir, `gpg-home-${Date.now()}-${process.pid}`);
|
|
||||||
|
|
||||||
fs.mkdirSync(gpgHome, { recursive: true, mode: 0o700 });
|
const runnertemp = process.env.RUNNER_TEMP;
|
||||||
|
for (const base of [runnertemp, os.tmpdir()].filter(Boolean)) {
|
||||||
|
const gpgHome = path.join(base, dirName);
|
||||||
|
if (process.platform === "win32" || (gpgHome + LONGEST_GPG_SOCKET).length <= MAX_GPG_SOCKET_PATH) {
|
||||||
|
fs.mkdirSync(gpgHome, { recursive: true, mode: 0o700 });
|
||||||
|
return gpgHome;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return gpgHome;
|
throw new Error(
|
||||||
|
`Cannot create a GPG home directory with a short enough path for GPG sockets. ` +
|
||||||
|
`The longest socket path (gpgHome + "${LONGEST_GPG_SOCKET}") must not exceed ${MAX_GPG_SOCKET_PATH} characters. ` +
|
||||||
|
`Consider setting RUNNER_TEMP to a shorter path, was "${runnertemp || '<empty>'}".`
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user