From 507ea3a342d33c2573c1a29ba72a3ab61de4124a Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Mon, 14 Jan 2019 12:04:49 -0800 Subject: [PATCH 1/4] Adding github action for sonarcloud scanning --- .github/action/sonarcloud-scan/Dockerfile | 25 +++++++++++++++++++++++ .github/main.workflow | 10 +++++++++ 2 files changed, 35 insertions(+) create mode 100644 .github/action/sonarcloud-scan/Dockerfile create mode 100644 .github/main.workflow diff --git a/.github/action/sonarcloud-scan/Dockerfile b/.github/action/sonarcloud-scan/Dockerfile new file mode 100644 index 0000000..3767f35 --- /dev/null +++ b/.github/action/sonarcloud-scan/Dockerfile @@ -0,0 +1,25 @@ +#FROM alpine:3.8 +FROM ubuntu:18.04 + +WORKDIR /github/workspace + +ENV SONAR_DOWNLOAD_USER=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip +ENV SONAR_PROJECT_KEY=tattle +ENV SONAR_ORG=scottbrown-github + +RUN apt-get update -qq && apt-get install unzip -y + +#ADD $SONAR_DOWNLOAD_URL /tmp/scanner.zip +ADD https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip /tmp/scanner.zip + +RUN mkdir -p /tmp/sonar && unzip /tmp/scanner.zip -d /tmp/sonar + +#CMD /tmp/sonar/bin/sonar-scanner \ +CMD /tmp/sonar/sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner \ + -Dsonar.projectKey=$SONAR_PROJECT_KEY \ + -Dsonar.organization=$SONAR_ORG \ + -Dsonar.sources=/github/workspace \ + -Dsonar.host.url=https://sonarcloud.io \ + -Dsonar.login=$SONAR_LOGIN \ + -Dsonar.branch.name=$GITHUB_REF + diff --git a/.github/main.workflow b/.github/main.workflow new file mode 100644 index 0000000..a219172 --- /dev/null +++ b/.github/main.workflow @@ -0,0 +1,10 @@ +workflow "Scan for Vulnerabilities with SonarCloud" { + on = "push" + resolves = ["sonarcloud-scan"] +} + +action "sonarcloud-scan" { + uses = "./.github/action/sonarcloud-scan" + secrets = ["SONAR_LOGIN"] +} + From 6500581cbfcb816098df9736a7cf4fbaeb22db98 Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Tue, 15 Jan 2019 08:06:56 -0800 Subject: [PATCH 2/4] Cleaning up dockerfile and injecting deps --- .github/action/sonarcloud-scan/Dockerfile | 20 ++++++++++++-------- .github/main.workflow | 4 ++++ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/action/sonarcloud-scan/Dockerfile b/.github/action/sonarcloud-scan/Dockerfile index 3767f35..9bf308b 100644 --- a/.github/action/sonarcloud-scan/Dockerfile +++ b/.github/action/sonarcloud-scan/Dockerfile @@ -1,21 +1,25 @@ -#FROM alpine:3.8 FROM ubuntu:18.04 +MAINTAINER Scott Brown WORKDIR /github/workspace -ENV SONAR_DOWNLOAD_USER=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip -ENV SONAR_PROJECT_KEY=tattle -ENV SONAR_ORG=scottbrown-github +# +# The version of SonarCloud CLI we want to use. +# +ENV SONAR_VERSION=3.2.0.1227 + +# +# The full URL to the SonarCloud CLI linux package from their CDN. +# +ENV SONAR_DOWNLOAD_URL=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_VERSION-linux.zip RUN apt-get update -qq && apt-get install unzip -y -#ADD $SONAR_DOWNLOAD_URL /tmp/scanner.zip -ADD https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip /tmp/scanner.zip +ADD $SONAR_DOWNLOAD_URL /tmp/scanner.zip RUN mkdir -p /tmp/sonar && unzip /tmp/scanner.zip -d /tmp/sonar -#CMD /tmp/sonar/bin/sonar-scanner \ -CMD /tmp/sonar/sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner \ +CMD /tmp/sonar/sonar-scanner-$SONAR_VERSION-linux/bin/sonar-scanner \ -Dsonar.projectKey=$SONAR_PROJECT_KEY \ -Dsonar.organization=$SONAR_ORG \ -Dsonar.sources=/github/workspace \ diff --git a/.github/main.workflow b/.github/main.workflow index a219172..8280135 100644 --- a/.github/main.workflow +++ b/.github/main.workflow @@ -6,5 +6,9 @@ workflow "Scan for Vulnerabilities with SonarCloud" { action "sonarcloud-scan" { uses = "./.github/action/sonarcloud-scan" secrets = ["SONAR_LOGIN"] + env = { + "SONAR_PROJECT_KEY" = "unbounce_tattle" + "SONAR_ORG" = "unbounceinc" + } } From 93b4cf716a7dcff5a946ecacdfb1ceb9d3a8ec6c Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Wed, 16 Jan 2019 10:36:41 -0800 Subject: [PATCH 3/4] Converting to use public docker image --- .github/main.workflow | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/main.workflow b/.github/main.workflow index 8280135..3539452 100644 --- a/.github/main.workflow +++ b/.github/main.workflow @@ -4,7 +4,7 @@ workflow "Scan for Vulnerabilities with SonarCloud" { } action "sonarcloud-scan" { - uses = "./.github/action/sonarcloud-scan" + uses = "docker://unbounce/sonarcloud-github" secrets = ["SONAR_LOGIN"] env = { "SONAR_PROJECT_KEY" = "unbounce_tattle" From 8e307deb8461fb4ba671fabebac6f278250f8778 Mon Sep 17 00:00:00 2001 From: Scott Brown Date: Wed, 16 Jan 2019 10:53:47 -0800 Subject: [PATCH 4/4] Removing unnecessary Dockerfile --- .github/action/sonarcloud-scan/Dockerfile | 29 ----------------------- 1 file changed, 29 deletions(-) delete mode 100644 .github/action/sonarcloud-scan/Dockerfile diff --git a/.github/action/sonarcloud-scan/Dockerfile b/.github/action/sonarcloud-scan/Dockerfile deleted file mode 100644 index 9bf308b..0000000 --- a/.github/action/sonarcloud-scan/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM ubuntu:18.04 -MAINTAINER Scott Brown - -WORKDIR /github/workspace - -# -# The version of SonarCloud CLI we want to use. -# -ENV SONAR_VERSION=3.2.0.1227 - -# -# The full URL to the SonarCloud CLI linux package from their CDN. -# -ENV SONAR_DOWNLOAD_URL=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_VERSION-linux.zip - -RUN apt-get update -qq && apt-get install unzip -y - -ADD $SONAR_DOWNLOAD_URL /tmp/scanner.zip - -RUN mkdir -p /tmp/sonar && unzip /tmp/scanner.zip -d /tmp/sonar - -CMD /tmp/sonar/sonar-scanner-$SONAR_VERSION-linux/bin/sonar-scanner \ - -Dsonar.projectKey=$SONAR_PROJECT_KEY \ - -Dsonar.organization=$SONAR_ORG \ - -Dsonar.sources=/github/workspace \ - -Dsonar.host.url=https://sonarcloud.io \ - -Dsonar.login=$SONAR_LOGIN \ - -Dsonar.branch.name=$GITHUB_REF -