sonar-scanner-cli-docker/.github/workflows/build.yml at f79a7154072b10ff92daab80deb903d7e74aa2f3 · SonarSource/sonar-scanner-cli-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Build
on:
  push:
    branches:
      - master
      - 'branch-*'
  pull_request:
  merge_group:
  workflow_dispatch:

env:
  DOCKER_REPOX_BUILDS_REGISTRY: repox-sonarsource-docker-builds.jfrog.io
  DOCKER_IMAGE: "sonarsource/sonar-scanner-cli"

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

permissions:
  id-token: write
  contents: write

jobs:
  build:
    name: Build Docker image
    runs-on: github-ubuntu-latest-s
    timeout-minutes: 30
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
          submodules: 'true'

      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
        with:
          version: 2025.7.12

      - uses: SonarSource/ci-github-actions/get-build-number@v1

      - name: Vault
        id: secrets
        uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32  # 3.1.0
        with:
          secrets: |
            development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release access_token | ARTIFACTORY_DEPLOY_PASSWORD;
            development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release username | ARTIFACTORY_DEPLOY_USERNAME;

      - name: Docker login to Repox registry
        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1  # v3.5.0
        with:
          registry: ${{ env.DOCKER_REPOX_BUILDS_REGISTRY }}
          username: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_DEPLOY_USERNAME }}
          password: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_DEPLOY_PASSWORD }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392  # v3.6.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2  # v3.10.0

      - name: Setup Docker image
        shell: bash
        id: docker-image-setup
        run: |
          DOCKER_IMAGE_BUILD_NUMBER="${DOCKER_REPOX_BUILDS_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}"
          echo "docker-image=${DOCKER_IMAGE_BUILD_NUMBER}" >> $GITHUB_OUTPUT

      - name: Build Docker image
        shell: bash
        env:
          DOCKER_IMAGE_BUILD_NUMBER: ${{ steps.docker-image-setup.outputs.docker-image }}
        run: |
          docker buildx build --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_BUILD_NUMBER}" --push .

  test:
    needs:
      - build
    name: Test Docker image
    runs-on: github-ubuntu-latest-s
    timeout-minutes: 30
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
          submodules: 'true'

      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
        with:
          version: 2025.7.12

      - uses: SonarSource/ci-github-actions/get-build-number@v1

      - name: Vault
        id: secrets
        uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32  # 3.1.0
        with:
          secrets: |
            development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release access_token | ARTIFACTORY_DEPLOY_PASSWORD;
            development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release username | ARTIFACTORY_DEPLOY_USERNAME;

      - name: Docker login to Repox registry
        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1  # v3.5.0
        with:
          registry: ${{ env.DOCKER_REPOX_BUILDS_REGISTRY }}
          username: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_DEPLOY_USERNAME }}
          password: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_DEPLOY_PASSWORD }}

      - name: Setup Docker image
        shell: bash
        id: docker-image-setup
        run: |
          DOCKER_IMAGE_BUILD_NUMBER="${DOCKER_REPOX_BUILDS_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}"
          echo "docker-image=${DOCKER_IMAGE_BUILD_NUMBER}" >> $GITHUB_OUTPUT

      - name: Test Docker image
        shell: bash
        env:
          DOCKER_IMAGE_BUILD_NUMBER: ${{ steps.docker-image-setup.outputs.docker-image }}
        run: |
          apt-get update && apt-get install -qy curl jq
          echo "Checking out the sonar-scanning-examples repository"
          git clone https://github.com/SonarSource/sonar-scanning-examples.git target_repository
          echo "Test the ${DOCKER_IMAGE_BUILD_NUMBER} image"
          TEST_IMAGE="${DOCKER_IMAGE_BUILD_NUMBER}" ./test/bats/bin/bats --tap test

  scan:
    needs:
      - build
    runs-on: github-ubuntu-latest-s
    name: SonarQube Server scan
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          submodules: 'true'
      - uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
        with:
          cache_save: false
          version: 2025.7.12
      - name: Vault
        id: secrets
        uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32  # 3.1.0
        with:
          secrets: |
            development/kv/data/next url | NEXT_URL;
            development/kv/data/next token | NEXT_TOKEN;
      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@v6
        env:
          SONAR_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).NEXT_TOKEN }}
          SONAR_HOST_URL: ${{ fromJSON(steps.secrets.outputs.vault).NEXT_URL }}