Skip to content

Sonar evd spike #2989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bhanurp wants to merge 116 commits into
base: master
Choose a base branch
from
Draft

Sonar evd spike #2989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
116 commits
Select commit Hold shift + click to select a range
31db520
Initial sonar evidence spike
bhanurp Apr 22, 2025
355d2c6
Updated with dependencies
bhanurp May 15, 2025
b58565c
Updated dependencies
bhanurp May 16, 2025
53e2f7f
Updated dependencies
bhanurp May 19, 2025
16f5690
Updated dependencies
bhanurp May 21, 2025
c04292a
Updated dependencies
bhanurp May 24, 2025
fedc6f5
Added functional tests for sonar integration
bhanurp Jun 3, 2025
f355037
Updated the workflow name
bhanurp Jun 3, 2025
b107f55
Added trigger on a new evenr
bhanurp Jun 3, 2025
1e8c980
Trigger workflow
bhanurp Jun 3, 2025
924714c
Updated to use bhanurp org for actions
bhanurp Jun 3, 2025
918017b
Trigger workflow
bhanurp Jun 3, 2025
55d877b
Added sonar integration tests removed rt installaiton action
bhanurp Jun 3, 2025
577aa8a
Trigger workflow
bhanurp Jun 3, 2025
f11a3e5
Updated workflow
bhanurp Jun 3, 2025
ec5f496
Fixed reading env var
bhanurp Jun 3, 2025
cc74aeb
Updated health URL
bhanurp Jun 3, 2025
b4ac74a
Removed health status check step
bhanurp Jun 3, 2025
4fd60e5
Updated mvn command
bhanurp Jun 3, 2025
2a18a14
Added sonar integration flag
bhanurp Jun 3, 2025
b96658f
changed sonar tests name
bhanurp Jun 3, 2025
bf92e6b
Changed flag name
bhanurp Jun 3, 2025
ef19573
Updated tests to check sonar report-task
bhanurp Jun 4, 2025
b5877ee
Updated sonar integration workflow with jf installation
bhanurp Jun 5, 2025
5b9d6b8
Updated sonar test project
bhanurp Jun 6, 2025
8ca90e5
Updated to use setup-jfrog-cli action
bhanurp Jun 6, 2025
54f2021
Updated to jf from PATH
bhanurp Jun 6, 2025
a6e2582
Removed action and added own step to install jfrog-cli
bhanurp Jun 6, 2025
1454959
Fixed bug with installation of jf
bhanurp Jun 6, 2025
25b254a
Updated server id
bhanurp Jun 6, 2025
c0ef8fe
Added plugin repositories for sample project
bhanurp Jun 6, 2025
479bade
Updated plugin repositories
bhanurp Jun 6, 2025
89eed19
Updated dependencies
bhanurp Jun 8, 2025
c939e11
Added setup java step
bhanurp Jun 8, 2025
cd3c116
Trigger workflow
bhanurp Jun 8, 2025
ec099ae
Fixed rt wait test cases
bhanurp Jun 8, 2025
ddfac3f
Added key pair generation
bhanurp Jun 8, 2025
1816aea
Added uploading signing keys
bhanurp Jun 9, 2025
6707365
Fix sonar test case
bhanurp Jun 9, 2025
05a7781
Fixed key pair path
bhanurp Jun 9, 2025
78c0adb
Fixed authentication issue
bhanurp Jun 9, 2025
fd7220d
Fixed RSA generation
bhanurp Jun 9, 2025
36dce64
Updated command predicate type
bhanurp Jun 9, 2025
1aa0904
Updated evidence cli command
bhanurp Jun 9, 2025
4e1160d
Trigger workflow
bhanurp Jun 9, 2025
5f175ff
Updated evd command
bhanurp Jun 9, 2025
ff97005
Trigger workflow
bhanurp Jun 9, 2025
323f915
Added to delete signing key pair
bhanurp Jun 9, 2025
c85da5a
Updated tests and cleaned redundant code and comments
bhanurp Jun 11, 2025
45e6bce
Added params logs
bhanurp Jun 11, 2025
24df628
Added url and token params
bhanurp Jun 11, 2025
7aa5df4
Updated dependencies
bhanurp Jun 11, 2025
5a824c8
Updated workflow to reflect required env
bhanurp Jun 11, 2025
97e9142
Updated workflow to reflect required env
bhanurp Jun 11, 2025
dc88024
Updated sonar pre requisites workflow
bhanurp Jun 11, 2025
d53e562
Updated workflow and tests
bhanurp Jun 11, 2025
3a28b3b
Updated workflow and tests
bhanurp Jun 11, 2025
2e8fd10
Updated artifactory URL
bhanurp Jun 11, 2025
db543e3
Added debug log
bhanurp Jun 11, 2025
69b87d0
Added debug log
bhanurp Jun 11, 2025
d13aa4c
Updated to use jf
bhanurp Jun 11, 2025
566ef15
Added key alias name
bhanurp Jun 11, 2025
f08866e
Updated to verify evidence via get evidence API
bhanurp Jun 12, 2025
9f2ad16
Updated artifactory evidence get
bhanurp Jun 12, 2025
e501fa7
Removed artifactory evidence get
bhanurp Jun 12, 2025
f444e66
Reverted checks
bhanurp Jun 12, 2025
2af5d3d
Fixed compilation issue
bhanurp Jun 12, 2025
eb6be48
Added fetch evidence from artifactory
bhanurp Jun 13, 2025
bcb9d1a
Added to run only sonar integration tests
bhanurp Jun 13, 2025
73eff66
Added to run sonar integration tests only
bhanurp Jun 17, 2025
53e79c8
Updated tests path
bhanurp Jun 17, 2025
7703593
Added cleanup step
bhanurp Jun 17, 2025
034d810
Trigger workflow
bhanurp Jun 18, 2025
d9c6b25
Added zero config test case
bhanurp Jun 18, 2025
7094e9b
Merged zero config test case
bhanurp Jun 18, 2025
2f3896c
Removed zero config test
bhanurp Jun 18, 2025
bec3262
Updated key pair
bhanurp Jun 18, 2025
7a5650b
Improved to add key pair only when it is not available
bhanurp Jun 18, 2025
ed2a530
Trigger workflow
bhanurp Jun 18, 2025
1cc0b00
Trigger workflow 1
bhanurp Jun 18, 2025
ca98db6
Trigger workflow 2
bhanurp Jun 18, 2025
bd95f10
Added zero config test case
bhanurp Jun 18, 2025
180ee57
Updated to check artifact path
bhanurp Jun 18, 2025
b31ac33
Fixed compilation errors
bhanurp Jun 18, 2025
100dce6
Added case for build publish
bhanurp Jun 18, 2025
73313cb
Evidence with build publish fix
bhanurp Jun 18, 2025
c311394
Run bp with rt
bhanurp Jun 18, 2025
5404217
Updated cli init for build publish test
bhanurp Jun 19, 2025
4002a7d
Updated cli to to rt cli for bp tests
bhanurp Jun 19, 2025
b9b4315
Added url for evidence
bhanurp Jun 19, 2025
63eb13c
Removed url flag for build publish
bhanurp Jun 19, 2025
9fa0858
Updated sonar integration flags
bhanurp Jun 19, 2025
bb8ce7a
Added trim space arounf flags
bhanurp Jun 19, 2025
a500cb8
Added rt url
bhanurp Jun 19, 2025
5c56030
Added jf config before running bp command
bhanurp Jun 22, 2025
e401ad6
Removed user and password from server configuration
bhanurp Jun 22, 2025
fc3ca34
Added logs dependency
bhanurp Jun 22, 2025
d7f54a3
Fixed command exec
bhanurp Jun 22, 2025
6db266a
Fixed windows not resizing
bhanurp Jun 22, 2025
45b2f30
Added url in server config
bhanurp Jun 22, 2025
ecbc28d
Added artifactory url for server details
bhanurp Jun 22, 2025
e77253d
Fixed artifactory url
bhanurp Jun 22, 2025
e77ed89
Fixed artifactory url
bhanurp Jun 22, 2025
8c519b4
Updated to use evidence config
bhanurp Jun 23, 2025
2ad174c
Fixed command failure
bhanurp Jun 23, 2025
36be1ef
Updated to run sonar integration with bp
bhanurp Jun 24, 2025
74f20b4
Updated to use signing keys for tests
bhanurp Jun 24, 2025
1807e9d
Updated to use home path for private keys
bhanurp Jun 24, 2025
beea844
Updated tests to copy keys to home dir
bhanurp Jun 24, 2025
034919b
Moved back to old implementation
bhanurp Jun 24, 2025
ee9cb51
Updated with creds
bhanurp Jun 24, 2025
67f7716
Removed new cli config
bhanurp Jun 24, 2025
4bf8b91
Added fetch evidence for build info
bhanurp Jun 24, 2025
ccbf0d3
Updated to clean build info
bhanurp Jun 24, 2025
f0894ae
Updated with assert statements
bhanurp Jun 24, 2025
d179755
Updated build publish test
bhanurp Jun 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 84 additions & 0 deletions .github/workflows/sonarIntegrationTests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: SonarQube Integration Tests
on:
workflow_dispatch:
push:
# TODO - Remove this branch filter once the spike is complete.
branches: [ sonar-evd-spike ]

jobs:
test-jfrog-sonar:
runs-on: ubuntu-latest
services:
sonar:
image: sonarqube:community
ports:
- 9000:9000
options: >-
--health-cmd="curl --fail -uadmin:admin http://localhost:9000/api/system/health || exit 1"
--health-interval=10s
--health-timeout=5s
--health-retries=30
env:
SONAR_ES_BOOTSTRAP_CHECKS_DISABLE: "true"

steps:
- name: Checkout Code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Fetch Sonar Access Token
id: sonar_token
run: |
echo "Fetching SonarQube access token..."
TOKEN=$(curl -s -X POST -u "admin:admin" \
"http://localhost:9000/api/user_tokens/generate?name=github-actions-token" | jq -r '.token')
echo "SONARQUBE_TOKEN=${TOKEN}" >> $GITHUB_ENV
echo "JF_SONARQUBE_ACCESS_TOKEN=${TOKEN}" >> $GITHUB_ENV

- name: Create Project in SonarQube
run: |
echo "Creating SonarQube project..."
curl -u "admin:admin" -X POST "http://localhost:9000/api/projects/create?name=mvn-sonar&project=mvn-sonar"

- name: Install JFrog CLI manually
run: |
curl -fL https://install-cli.jfrog.io | sh

- name: Configure JFrog CLI
run: |
jf c add artifactory-server \
--url ${{ secrets.PLATFORM_URL }} \
--user ${{ secrets.PLATFORM_USER }} \
--access-token ${{ secrets.PLATFORM_ADMIN_TOKEN }} \
--interactive=false

- name: Set up Java
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'

- name: Run SonarQube Analysis with JFrog CLI
working-directory: testdata/maven/mavenprojectwithsonar
run: |
echo "Running SonarQube analysis..."
jf mvn clean verify install sonar:sonar \
-Dsonar.projectKey=mvn-sonar \
-Dsonar.projectName='mvn-sonar' \
-Dsonar.host.url=http://localhost:9000 \
-Dsonar.token=${SONARQUBE_TOKEN}

- name: Run sonar integration tests
env:
JF_SONARQUBE_ACCESS_TOKEN: ${{ env.SONARQUBE_TOKEN }}
PLATFORM_URL: ${{ secrets.PLATFORM_URL }}
PLATFORM_API_KEY: ${{ secrets.PLATFORM_ADMIN_TOKEN }}
run: go test -v -run "TestSonar" github.com/jfrog/jfrog-cli --timeout 0 --test.sonarIntegration --jfrog.url=${{ secrets.PLATFORM_URL }} --jfrog.adminToken=${{ secrets.PLATFORM_ADMIN_TOKEN }}

- name: Clean up
if: always()
run: |
echo "Cleaning up generated artifacts and maven packages..."
jf rt del "dev-maven-local/com/example/demo-sonar/1.0*" --recursive --fail-no-op
jf rt bdi test-sonar-jf-cli-integration
2 changes: 2 additions & 0 deletions artifactory_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ func TestArtifactorySimpleUploadSpecUsingConfig(t *testing.T) {
}

func TestReleaseBundleImportOnPrem(t *testing.T) {
initArtifactoryTest(t, "")
// Cleanup
defer func() {
deleteReceivedReleaseBundle(t, deleteReleaseBundleV1ApiUrl, "cli-tests", "2")
Expand All @@ -244,6 +245,7 @@ func TestReleaseBundleImportOnPrem(t *testing.T) {
}

func TestReleaseBundleV2Download(t *testing.T) {
initArtifactoryTest(t, "")
buildNumber := "5"
defer func() {
deleteReceivedReleaseBundle(t, deleteReleaseBundleV2ApiUrl, tests.LcRbName1, buildNumber)
Expand Down
10 changes: 5 additions & 5 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ require (
github.com/docker/docker v27.5.1+incompatible
github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1
github.com/jfrog/archiver/v3 v3.6.1
github.com/jfrog/build-info-go v1.10.10
github.com/jfrog/build-info-go v1.10.11
github.com/jfrog/gofrog v1.7.6
github.com/jfrog/jfrog-cli-artifactory v0.2.1
github.com/jfrog/jfrog-cli-core/v2 v2.58.2
github.com/jfrog/jfrog-cli-core/v2 v2.58.3
github.com/jfrog/jfrog-cli-platform-services v1.9.0
github.com/jfrog/jfrog-cli-security v1.16.2
github.com/jfrog/jfrog-client-go v1.51.1
github.com/jfrog/jfrog-client-go v1.52.0
github.com/jszwec/csvutil v1.10.0
github.com/manifoldco/promptui v0.9.0
github.com/stretchr/testify v1.10.0
Expand Down Expand Up @@ -191,8 +191,8 @@ require (

replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e

replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20250406105605-ee90d11546f9
replace github.com/jfrog/jfrog-client-go => github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865

replace github.com/jfrog/jfrog-cli-artifactory => github.com/jfrog/jfrog-cli-artifactory v0.2.2-0.20250414045808-41544959f9b9
replace github.com/jfrog/jfrog-cli-artifactory => github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f

replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504
12 changes: 6 additions & 6 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs=
github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA=
github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f h1:u45tgidRfRI5OeNVDW4F79PyvZv2USvIAW+OWgL34JI=
github.com/bhanurp/jfrog-cli-artifactory v0.1.12-0.20250622193359-8ebe3a10c43f/go.mod h1:34yyDLWQSYzxiG4AO3GUfwMk/VVblnYGAZwmCMaPDM0=
github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865 h1:kilH1D7qR3aOv+pEfC1ErirRFiNXnYdYIwp01XLOvaI=
github.com/bhanurp/jfrog-client-go v1.28.1-0.20250608133457-6a4cfafe1865/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
Expand Down Expand Up @@ -176,8 +180,8 @@ github.com/jedib0t/go-pretty/v6 v6.6.5 h1:9PgMJOVBedpgYLI56jQRJYqngxYAAzfEUua+3N
github.com/jedib0t/go-pretty/v6 v6.6.5/go.mod h1:Uq/HrbhuFty5WSVNfjpQQe47x16RwVGXIveNGEyGtHs=
github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI=
github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw=
github.com/jfrog/build-info-go v1.10.10 h1:2nOFjV7SX1uisi2rQK7fb4Evm7YkSOdmssrm6Tf4ipc=
github.com/jfrog/build-info-go v1.10.10/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE=
github.com/jfrog/build-info-go v1.10.11 h1:wAMGCAHa49+ec01HqzSidLAHNIub+glh4ksFp3pYy7o=
github.com/jfrog/build-info-go v1.10.11/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE=
github.com/jfrog/froggit-go v1.16.2 h1:F//S83iXH14qsCwYzv0zB2JtjS2pJVEsUoEmYA+37dQ=
github.com/jfrog/froggit-go v1.16.2/go.mod h1:5VpdQfAcbuyFl9x/x8HGm7kVk719kEtW/8YJFvKcHPA=
github.com/jfrog/go-mockhttp v0.3.1 h1:/wac8v4GMZx62viZmv4wazB5GNKs+GxawuS1u3maJH8=
Expand All @@ -186,16 +190,12 @@ github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
github.com/jfrog/jfrog-cli-artifactory v0.2.2-0.20250414045808-41544959f9b9 h1:j9bepUA23952AdytsBqGbsl4QMScksbCFXulqWvj0eY=
github.com/jfrog/jfrog-cli-artifactory v0.2.2-0.20250414045808-41544959f9b9/go.mod h1:8qrGaRb162a4NWGr7R1rj8P80s8NU8KRTs69NMkQENA=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e h1:N+7gJdZmwggKqrTbrEvAFxxXQziFbJ4zHI/sXa8vR1A=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250410085750-f34f5feea93e/go.mod h1:4S7yztLwWq4yA+k9j9s5gvIqr7xC/6EjJQ+0ENCHTFc=
github.com/jfrog/jfrog-cli-platform-services v1.9.0 h1:r/ETgJuMUOUu12w20ydsF6paqEaj0khH6bxMRsdNz1Y=
github.com/jfrog/jfrog-cli-platform-services v1.9.0/go.mod h1:pMZMSwhj7yA4VKyj0Skr2lObIyGpZUxNJ40DSLKXU38=
github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504 h1:mnU8PtDaCmU1ZC8Wcy0VKj1gJEZnnyjgAc3rJLCcMjs=
github.com/jfrog/jfrog-cli-security v1.16.3-0.20250402121228-12cce9f88504/go.mod h1:tJyLh4KI4qoF/AVBy0wC9s8DVxV/hoyKK4LIzpxL590=
github.com/jfrog/jfrog-client-go v1.28.1-0.20250406105605-ee90d11546f9 h1:pEBTHYeyuDa+w0oJNCYFq1wD2O2NqWdDTAtDRFy7s3w=
github.com/jfrog/jfrog-client-go v1.28.1-0.20250406105605-ee90d11546f9/go.mod h1:uRmT8Q1SJymIzId01v0W1o8mGqrRfrwUF53CgEMsH0U=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jszwec/csvutil v1.10.0 h1:upMDUxhQKqZ5ZDCs/wy+8Kib8rZR8I8lOR34yJkdqhI=
Expand Down
Loading
Loading