Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQSCANGHA-76 Support self-hosted runners not clearing truststore after run #165

Merged
merged 7 commits into from
Dec 17, 2024
Merged

SQSCANGHA-76 Support self-hosted runners not clearing truststore after run #165

merged 7 commits into from
Dec 17, 2024

Conversation

antonioaversa
Copy link
Contributor

@antonioaversa antonioaversa commented Dec 16, 2024
edited
Loading

Kept in draft to avoid accidental merging into #165.

Originated from this discuss post.

Similar scenario as #164 (self-hosted Github runners), but for SSL certificates:

v4.1.0 of the sonarqube-scan-action GitHub Action fails in the following situation:

  • The GitHub Action workflow is using a self-hosted runner.
  • Additionally, the self-hosted runner is set up in such a way that a clean instance is not provided for each job execution. (See About self-hosted runners - GitHub Docs for more information about self-hosted runners.)
  • The SONAR_ROOT_CERT environment variable is set in the sonarqube-scan-action step.

The warning appears like here

Update: change of behavior

Now, if the truststore.p12 exists already, we don't remove anymore the ~/sonar/ssl directory.
Instead, we check whether such truststore.p12 contains a sonar alias.
If it does, and only if it does, we remove the alias from the truststore, and then we proceed as usual.
If people really want to start with a clean truststore.p12, they can tune their agent.

Here is a successful run: https://github.com/SonarSource/sonarqube-scan-action/actions/runs/12355702818/job/34479954427?pr=165

@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch 5 times, most recently from 13624c6 to 756903a Compare December 16, 2024 09:07
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-75-clear-runner-temp branch from 3ee5ee7 to 0d06820 Compare December 16, 2024 09:41
Base automatically changed from antonio/SQSCANGHA-75-clear-runner-temp to master December 16, 2024 09:45
@antonioaversa antonioaversa marked this pull request as ready for review December 16, 2024 09:46
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch from 756903a to 4d448d0 Compare December 16, 2024 09:47
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch 2 times, most recently from 8834ec6 to 111a640 Compare December 16, 2024 14:16
henryju
henryju reviewed Dec 16, 2024
View reviewed changes
scripts/run-sonar-scanner-cli.sh Outdated Show resolved Hide resolved
scripts/run-sonar-scanner-cli.sh Show resolved Hide resolved
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch from 111a640 to bb88be4 Compare December 16, 2024 14:39
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch from bb88be4 to 839486e Compare December 16, 2024 14:42
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch 4 times, most recently from 1ca746e to d5f7c21 Compare December 16, 2024 15:16
@antonioaversa antonioaversa force-pushed the antonio/SQSCANGHA-76-clear-truststore branch from d5f7c21 to 3f42147 Compare December 16, 2024 15:19
henryju
henryju approved these changes Dec 16, 2024
View reviewed changes
Copy link
Member

@henryju henryju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice, congrats for the test!

@antonioaversa antonioaversa merged commit 26c5182 into master Dec 17, 2024
53 checks passed
@antonioaversa antonioaversa deleted the antonio/SQSCANGHA-76-clear-truststore branch December 17, 2024 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henryju henryju henryju approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@antonioaversa @henryju