Skip to content
Snippets Groups Projects
Commit 2cf582e8 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'master' into 'master' 

fix(newer-sonar-image): permissions for custom certificates

Closes #26

See merge request to-be-continuous/sonar!53
parents 80c2015a 6bc534d7
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/gitlab-ci-sonar.yml
+ 22
5
View file @ 2cf582e8
...@@ -147,15 +147,17 @@ stages: ...@@ -147,15 +147,17 @@ stages:
then then
return return
fi fi
# creat a writable folder for the keystore and certs
mkdir -p /tmp/certs
# import in system # import in system
if echo "$certs" >> /etc/ssl/certs/ca-certificates.crt if echo "$certs" >> /tmp/certs/ca-certificates.crt
then then
log_info "CA certificates imported in \\e[33;1m/etc/ssl/certs/ca-certificates.crt\\e[0m" log_info "CA certificates imported in \\e[33;1m/tmp/certs/ca-certificates.crt\\e[0m"
fi fi
if echo "$certs" >> /etc/ssl/cert.pem if echo "$certs" >> /tmp/certs/cert.pem
then then
log_info "CA certificates imported in \\e[33;1m/etc/ssl/cert.pem\\e[0m" log_info "CA certificates imported in \\e[33;1m/tmp/certs/cert.pem\\e[0m"
fi fi
# import in Java keystore (if keytool command found) # import in Java keystore (if keytool command found)
...@@ -167,6 +169,10 @@ stages: ...@@ -167,6 +169,10 @@ stages:
keystore=${JAVA_KEYSTORE_PATH:-$(ls -1 $javahome/jre/lib/security/cacerts 2>/dev/null || ls -1 $javahome/lib/security/cacerts 2>/dev/null || echo "")} keystore=${JAVA_KEYSTORE_PATH:-$(ls -1 $javahome/jre/lib/security/cacerts 2>/dev/null || ls -1 $javahome/lib/security/cacerts 2>/dev/null || echo "")}
if [[ -f "$keystore" ]] if [[ -f "$keystore" ]]
then then
# copy keystore into writable folder
cp -L -r --no-preserve=mode "$keystore" /tmp/writable_keystore
# set writable keystore as keystore
keystore="/tmp/writable_keystore"
storepass=${JAVA_KEYSTORE_PASSWORD:-changeit} storepass=${JAVA_KEYSTORE_PASSWORD:-changeit}
nb_certs=$(echo "$certs" | grep -c 'END CERTIFICATE') nb_certs=$(echo "$certs" | grep -c 'END CERTIFICATE')
log_info "importing $nb_certs certificates in Java keystore \\e[33;1m$keystore\\e[0m..." log_info "importing $nb_certs certificates in Java keystore \\e[33;1m$keystore\\e[0m..."
...@@ -427,8 +433,19 @@ sonar: ...@@ -427,8 +433,19 @@ sonar:
log_warn '$SONAR_AUTH_TOKEN variable detected: use $SONAR_TOKEN instead (see doc)' log_warn '$SONAR_AUTH_TOKEN variable detected: use $SONAR_TOKEN instead (see doc)'
export SONAR_TOKEN="$SONAR_AUTH_TOKEN" export SONAR_TOKEN="$SONAR_AUTH_TOKEN"
fi fi
- |
if [[ -z "$CUSTOM_CA_CERTS" ]]
then
log_info '$CUSTOM_CA_CERTS not set: using default keystore'
else
log_info '$CUSTOM_CA_CERTS variable detected: using writable keystore path (/tmp/writable_keystore)'
export CUSTOM_KEYSTORE_PATH="/tmp/writable_keystore"
export CUSTOM_KEYSTORE_PASSWORD="changeit"
fi
- >- - >-
sonar-scanner ${TRACE+-Dsonar.verbose=true} $java_proxy_args sonar-scanner ${TRACE+-Dsonar.verbose=true} $java_proxy_args
${CUSTOM_KEYSTORE_PATH:+-Dsonar.scanner.truststorePath=$CUSTOM_KEYSTORE_PATH}
${CUSTOM_KEYSTORE_PASSWORD:+-Dsonar.scanner.truststorePassword=$CUSTOM_KEYSTORE_PASSWORD}
${SONAR_LOGIN:+-Dsonar.login=$SONAR_LOGIN} ${SONAR_LOGIN:+-Dsonar.login=$SONAR_LOGIN}
${SONAR_PASSWORD:+-Dsonar.password=$SONAR_PASSWORD} ${SONAR_PASSWORD:+-Dsonar.password=$SONAR_PASSWORD}
${SONAR_PROJECT_KEY:+-Dsonar.projectKey=$SONAR_PROJECT_KEY} ${SONAR_PROJECT_KEY:+-Dsonar.projectKey=$SONAR_PROJECT_KEY}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment