CCS-4 - Sonar scanning evidence 2 #3

Workflow file for this run

.github/workflows/sonar-evidence-example.yml at d4eb7b9

	name: sonar-evidence-example

	on:
	workflow_dispatch: # This allows manual triggering of the workflow
	push:
	branches:
	- carmit_examples
	pull_request:
	branches:
	- carmit_examples
	permissions:
	id-token: write
	contents: read


	jobs:
	docker-build-with-sonar-evidence:
	runs-on: ubuntu-latest
	env:
	DOCKER_REPO: 'test-docker-local'
	IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'
	BUILD_NAME: 'jira-evidence-example'
	steps:
	- name: Install jfrog cli
	id: setup-cli
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_URL: ${{ vars.ARTIFACTORY_URL }}
	with:
	oidc-provider-name: jfrog-github-oidc

	- uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version: 1.18

	- name: Install SonarQube Scanner
	run: \|
	curl -sL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip -o sonar-scanner-cli-4.6.2.2472-linux.zip
	unzip sonar-scanner-cli-4.6.2.2472-linux.zip
	export PATH=$PATH:$PWD/sonar-scanner-4.6.2.2472-linux/bin

	- name: Run SonarScanner
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	$PATH:$PWD/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner -Dsonar.token=$SONAR_TOKEN

	- name: Log in to Artifactory Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.ARTIFACTORY_URL }}
	username: ${{ steps.setup-cli.outputs.oidc-user }}
	password: ${{ steps.setup-cli.outputs.oidc-token }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and Push Docker image
	uses: docker/build-push-action@v6
	id: docker-build
	with:
	push: true
	provenance: false
	platforms: linux/amd64 #, linux/arm64
	build-args: REPO_URL=${{ vars.JF_URL }}/example-project-docker-dev-remote
	tags: ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}

	- name: add docker package to build
	run: \|
	echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@${{ steps.docker-build.outputs.digest }}" > metadata.json
	jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json --build-name ${{ env.BUILD_NAME }} --build-number ${{ github.run_number }}

	- name: Publish build info
	if: ${{ true }}
	run: \|
	jf rt build-collect-env
	jf rt build-add-git
	jf rt build-publish

	- name: Create SonarQube evidence
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	./examples/sonar-scan-example/bin/sonar-scan-extractor-linux-amd64 > predicate.json
	# Attach evidence onto build using JFrog CLI
	jf evd create \
	--build-name "${{ env.BUILD_NAME }}" \
	--build-number "${{ github.run_number }}" \
	--predicate ./predicate.json \
	--predicate-type https://jfrog.com/evidence/sonar-scan/v1 \
	--key "${{ secrets.JIRA_TEST_PKEY }}" \
	--key-alias ${{ vars.JIRA_TEST_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CCS-4 - Sonar scanning evidence 2 #3

Workflow file

CCS-4 - Sonar scanning evidence 2 #3

Jobs

Run details

Workflow file for this run