CCS-4 - Sonar scanning evidence 13 #14

Workflow file for this run

.github/workflows/sonar-evidence-example.yml at 58357cb

	name: sonar-evidence-example

	on:
	workflow_dispatch: # This allows manual triggering of the workflow
	push:
	branches:
	- carmit_examples
	pull_request:
	branches:
	- carmit_examples
	permissions:
	id-token: write
	contents: read


	jobs:
	docker-build-with-sonar-evidence:
	runs-on: ubuntu-latest
	env:
	DOCKER_REPO: 'test-docker-local'
	IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'
	BUILD_NAME: 'jira-evidence-example'
	steps:
	- name: Install jfrog cli
	id: setup-cli
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_URL: ${{ vars.ARTIFACTORY_URL }}
	with:
	oidc-provider-name: jfrog-github-oidc

	- uses: actions/checkout@v4

	- name: Install SonarQube Scanner
	run: \|
	curl -sL -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip
	unzip sonar-scanner.zip
	export PATH=$PATH:$PWD/sonar-scanner-4.6.2.2472-linux/bin
	pwd
	ls -l $PWD/sonar-scanner-4.6.2.2472-linux/bin/
	echo "$PWD/sonar-scanner-4.6.2.2472-linux/bin"
	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '21' # Specify the desired Java version here
	distribution: 'temurin' # You can also use 'temurin', 'zulu', etc.

	- name: Run SonarScanner
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	echo "java version"
	java -version
	echo "JAVA_HOME=$JAVA_HOME"
	cat /home/runner/work/Evidence-Examples/Evidence-Examples/sonar-project.properties
	echo "---------------------"
	cat /home/runner/work/Evidence-Examples/Evidence-Examples/sonar-scanner-4.6.2.2472-linux/conf/sonar-scanner.properties
	echo "Start to scan"
	$PWD/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner \
	-Dsonar.projectKey=test-evidence \
	-Dsonar.organization=my-evidence-test-org \
	-Dsonar.host.url=https://sonarcloud.io \
	-Dsonar.java.jdkHome=$JAVA_HOME \
	-Dsonar.verbose=true \
	-Dsonar.token=$SONAR_TOKEN -X

	- name: Log in to Artifactory Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.ARTIFACTORY_URL }}
	username: ${{ steps.setup-cli.outputs.oidc-user }}
	password: ${{ steps.setup-cli.outputs.oidc-token }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and Push Docker image
	uses: docker/build-push-action@v6
	id: docker-build
	with:
	push: true
	provenance: false
	platforms: linux/amd64 #, linux/arm64
	build-args: REPO_URL=${{ vars.JF_URL }}/example-project-docker-dev-remote
	tags: ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}

	- name: add docker package to build
	run: \|
	echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@${{ steps.docker-build.outputs.digest }}" > metadata.json
	jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json --build-name ${{ env.BUILD_NAME }} --build-number ${{ github.run_number }}

	- name: Publish build info
	if: ${{ true }}
	run: \|
	jf rt build-collect-env
	jf rt build-add-git
	jf rt build-publish

	- name: Create SonarQube evidence
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	./examples/sonar-scan-example/bin/sonar-scan-extractor-linux-amd64 > predicate.json
	# Attach evidence onto build using JFrog CLI
	jf evd create \
	--build-name "${{ env.BUILD_NAME }}" \
	--build-number "${{ github.run_number }}" \
	--predicate ./predicate.json \
	--predicate-type https://jfrog.com/evidence/sonar-scan/v1 \
	--key "${{ secrets.JIRA_TEST_PKEY }}" \
	--key-alias ${{ vars.JIRA_TEST_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CCS-4 - Sonar scanning evidence 13 #14

Workflow file

CCS-4 - Sonar scanning evidence 13 #14

Jobs

Run details

Workflow file for this run