forked from webpwnized/mutillidae
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
edit SonarQube workflow + add docker-compose file
- Loading branch information
1 parent
48f5148
commit 0dfa132
Showing
2 changed files
with
57 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,82 +1,29 @@ | ||
| name: SonarQube Analysis | ||
|
|
||
| on: | ||
| # Trigger analysis when pushing to your main branches, and when creating a pull request. | ||
| push: | ||
| branches: | ||
| - main | ||
| - master | ||
| - development | ||
| - 'releases/**' | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
|
|
||
| name: Mutillidae II SonarQube Workflow | ||
|
|
||
| jobs: | ||
| sonarqube: | ||
| sonar-scan: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| # Step 1: Check out your repository code | ||
| - name: Checkout Code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| # Disabling shallow clones is recommended for improving the relevancy of reporting | ||
| fetch-depth: 0 | ||
|
|
||
| # Step 2: Set up Java | ||
| - name: Set up JDK 17 (Required for SonarQube) | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'temurin' | ||
| java-package: 'jdk' | ||
|
|
||
| # Step 3: Create a Docker network | ||
| - name: Create Docker network | ||
| run: docker network create sonarnet | ||
|
|
||
| # Step 4: Start SonarQube Docker container | ||
| - name: Start SonarQube | ||
| run: | | ||
| docker run -d --name sonar-server --network sonarnet -p 9000:9000 sonarqube | ||
| echo "Waiting for SonarQube to start..." | ||
| while ! curl -s http://localhost:9000/api/system/status | grep -q "UP"; do sleep 10; done | ||
| # Step 5: Run the SonarQube Scan | ||
| - name: SonarQube Scan | ||
| run: | | ||
| docker run --rm --network sonarnet \ | ||
| -e SONAR_HOST_URL="http://sonar-server:9000" \ | ||
| -e SONAR_TOKEN="${{ secrets.SONAR_TOKEN }}" \ | ||
| -v $(pwd):/usr/src \ | ||
| sonarsource/sonar-scanner-cli -X | ||
| -Dsonar.projectKey=Mutillidae-II-2 \ | ||
| -Dsonar.sources=. | ||
| # Check the Quality Gate status. | ||
| - name: SonarQube Quality Gate check | ||
| id: sonarqube-quality-gate-check | ||
| uses: sonarsource/sonarqube-quality-gate-action@master | ||
| # Force to fail step after specific time. | ||
| timeout-minutes: 5 | ||
| env: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # Optionally you can use the output from the Quality Gate in another step. | ||
| # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`. | ||
| - name: Show SonarQube Quality Gate Status value | ||
| run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}" | ||
| - name: Set up Docker Compose | ||
| run: sudo apt-get install docker-compose | ||
|
|
||
| # Step 6: Stop SonarQube Docker container | ||
| - name: Stop SonarQube | ||
| run: docker stop sonar-server | ||
| - name: Build and Run SonarQube with Docker Compose | ||
| run: docker-compose up -d | ||
|
|
||
| # Step 7: Remove SonarQube Docker network | ||
| - name: Remove SonarQube network | ||
| run: docker network rm sonarnet | ||
| - name: Run SonarScanner | ||
| run: | | ||
| docker-compose run sonar-scanner | ||
| # Step 8: Remove SonarQube Docker container | ||
| - name: Remove SonarQube | ||
| run: docker rm sonar-server | ||
|
|
||
| - name: Tear down Docker Compose | ||
| if: always() | ||
| run: docker-compose down |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| version: '3' | ||
|
|
||
| services: | ||
| sonar-server: | ||
| image: sonarqube:latest | ||
| container_name: sonar-server | ||
| ports: | ||
| - "9000:9000" # Expose port 9000 for SonarQube | ||
| networks: | ||
| - sonarnet | ||
| environment: | ||
| - SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube | ||
| - SONAR_JDBC_USERNAME=sonar | ||
| - SONAR_JDBC_PASSWORD=sonar | ||
|
|
||
| db: | ||
| image: postgres:latest | ||
| container_name: sonar-db | ||
| networks: | ||
| - sonarnet | ||
| environment: | ||
| - POSTGRES_USER=sonar | ||
| - POSTGRES_PASSWORD=sonar | ||
| - POSTGRES_DB=sonarqube | ||
|
|
||
| sonar-scanner: | ||
| image: sonarsource/sonar-scanner-cli:latest | ||
| container_name: sonar-scanner | ||
| depends_on: | ||
| - sonar-server | ||
| networks: | ||
| - sonarnet | ||
| environment: | ||
| - SONAR_HOST_URL=http://sonar-server:9000 | ||
| - SONAR_TOKEN=${{ secrets.SONAR_TOKEN }} # GitHub Secret for SonarQube Token | ||
| volumes: | ||
| - .:/usr/src | ||
| entrypoint: ["/bin/bash", "-c", "sonar-scanner -Dsonar.projectKey=Mutillidae-II-2 -Dsonar.sources=."] | ||
|
|
||
| networks: | ||
| sonarnet: | ||
| driver: bridge |