From b4373edbbb58bc048c351d824e30b823cb94cc06 Mon Sep 17 00:00:00 2001
From: Guilhem Bonnefille <guilhem.bonnefille@csgroup.eu>
Date: Mon, 17 Mar 2025 14:36:37 +0000
Subject: [PATCH] fix: use keystore when either DEFAULT_CA_CERTS or
 CUSTOM_CA_CERTS are set

---
 templates/gitlab-ci-sonar.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/templates/gitlab-ci-sonar.yml b/templates/gitlab-ci-sonar.yml
index 3d070e4..faa5161 100644
--- a/templates/gitlab-ci-sonar.yml
+++ b/templates/gitlab-ci-sonar.yml
@@ -431,13 +431,11 @@ sonar:
         export SONAR_TOKEN="$SONAR_AUTH_TOKEN"
       fi
     - |
-      if [[ -z "$CUSTOM_CA_CERTS" ]]
+      if [[ "$CUSTOM_CA_CERTS" ]] || [[ "$DEFAULT_CA_CERTS" ]]
       then
-        log_info '$CUSTOM_CA_CERTS not set: using default keystore'
-      else
-        log_info '$CUSTOM_CA_CERTS variable detected: using writable keystore path (/tmp/writable_keystore)'
+        log_info "Custom CA certificates detected: using custom Java KeyStore"
         export CUSTOM_KEYSTORE_PATH="/tmp/writable_keystore"
-        export CUSTOM_KEYSTORE_PASSWORD="changeit"
+        export CUSTOM_KEYSTORE_PASSWORD=${JAVA_KEYSTORE_PASSWORD:-changeit}
       fi
     - >-
       sonar-scanner ${TRACE+-Dsonar.verbose=true} $java_proxy_args
-- 
GitLab