Commit 6bc534d7 authored by Florian Hennig's avatar Florian Hennig
Browse files

fix(newer-sonar-image): permissions for custom certificates 

this should fix https://gitlab.com/to-be-continuous/sonar/-/issues/26


fix typo in log and variable name

Signed-off-by: default avatarFlorian Hennig <florian.hennig@committance.com>
parent 80c2015a

templates/gitlab-ci-sonar.yml

+22 −5
Original line number Diff line number Diff line
@@ -147,15 +147,17 @@ stages: 
    then

      return

    fi

    # creat a writable folder for the keystore and certs

    mkdir -p /tmp/certs



    # import in system

    if echo "$certs" >> /etc/ssl/certs/ca-certificates.crt

    if echo "$certs" >> /tmp/certs/ca-certificates.crt

    then

      log_info "CA certificates imported in \\e[33;1m/etc/ssl/certs/ca-certificates.crt\\e[0m"

      log_info "CA certificates imported in \\e[33;1m/tmp/certs/ca-certificates.crt\\e[0m"

    fi

    if echo "$certs" >> /etc/ssl/cert.pem

    if echo "$certs" >> /tmp/certs/cert.pem

    then

      log_info "CA certificates imported in \\e[33;1m/etc/ssl/cert.pem\\e[0m"

      log_info "CA certificates imported in \\e[33;1m/tmp/certs/cert.pem\\e[0m"

    fi



    # import in Java keystore (if keytool command found)
@@ -167,6 +169,10 @@ stages: 
      keystore=${JAVA_KEYSTORE_PATH:-$(ls -1 $javahome/jre/lib/security/cacerts 2>/dev/null || ls -1 $javahome/lib/security/cacerts 2>/dev/null || echo "")}

      if [[ -f "$keystore" ]]

      then

        # copy keystore into writable folder

        cp -L -r --no-preserve=mode "$keystore" /tmp/writable_keystore

        # set writable keystore as keystore

        keystore="/tmp/writable_keystore"

        storepass=${JAVA_KEYSTORE_PASSWORD:-changeit}

        nb_certs=$(echo "$certs" | grep -c 'END CERTIFICATE')

        log_info "importing $nb_certs certificates in Java keystore \\e[33;1m$keystore\\e[0m..."
@@ -427,8 +433,19 @@ sonar: 
        log_warn '$SONAR_AUTH_TOKEN variable detected: use $SONAR_TOKEN instead (see doc)'

        export SONAR_TOKEN="$SONAR_AUTH_TOKEN"

      fi

    - |

      if [[ -z "$CUSTOM_CA_CERTS" ]]

      then

        log_info '$CUSTOM_CA_CERTS not set: using default keystore'

      else

        log_info '$CUSTOM_CA_CERTS variable detected: using writable keystore path (/tmp/writable_keystore)'

        export CUSTOM_KEYSTORE_PATH="/tmp/writable_keystore"

        export CUSTOM_KEYSTORE_PASSWORD="changeit"

      fi

    - >-

      sonar-scanner ${TRACE+-Dsonar.verbose=true} $java_proxy_args

      ${CUSTOM_KEYSTORE_PATH:+-Dsonar.scanner.truststorePath=$CUSTOM_KEYSTORE_PATH}

      ${CUSTOM_KEYSTORE_PASSWORD:+-Dsonar.scanner.truststorePassword=$CUSTOM_KEYSTORE_PASSWORD}

      ${SONAR_LOGIN:+-Dsonar.login=$SONAR_LOGIN} 

      ${SONAR_PASSWORD:+-Dsonar.password=$SONAR_PASSWORD} 

      ${SONAR_PROJECT_KEY:+-Dsonar.projectKey=$SONAR_PROJECT_KEY}