sonarqube.yml

name: Code Scanner

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - release/**
  pull_request:
    branches:
      - main
      - release/**

jobs:
  sonarQubeTrigger:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Github
      uses: actions/checkout@v4.1.1

    - name: Install Oathtool and Expect
      run: |
        sudo apt-get update
        sudo apt-get -y install oathtool
        sudo apt-get -y install expect

    - name: Install Teleport
      run: |
        sudo curl https://apt.releases.teleport.dev/gpg -o /usr/share/keyrings/teleport-archive-keyring.asc
        source /etc/os-release
        echo "deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] \
          https://apt.releases.teleport.dev/${ID?} ${VERSION_CODENAME?} stable/v10" \
          | sudo tee /etc/apt/sources.list.d/teleport.list > /dev/null
        sudo apt-get update
        sudo apt-get -y install teleport

    - name: Create Expect Teleport Login
      run: |
        cat << EOF > ./teleport_login.exp
        #!/usr/bin/expect -f

        set timeout -1
        spawn tsh login --proxy=${{ secrets.TELEPORT_URL }} --auth=local --user=${{ secrets.TELEPORT_USER }}

        expect -exact "Enter password for Teleport user ${{ secrets.TELEPORT_USER }}:"
        send -- "${{ secrets.TELEPORT_PASS }}\n"

        expect -exact "Enter your OTP token:"
        send -- "$(oathtool --base32 --totp ${{ secrets.TELEPORT_SEED }})\n"

        expect eof
        EOF

        cat ./teleport_login.exp
        chmod +x ./teleport_login.exp

    - name: Teleport Login
      run: |
        ./teleport_login.exp
        tsh app login sonarqube
        tsh proxy app -p 8080 sonarqube &

    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      with:
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}