sonar-evidence-example #78

Workflow file for this run

.github/workflows/sonar-evidence-example.yml at 13cfec4

	name: sonar-evidence-example

	on:
	workflow_dispatch: # This allows manual triggering of the workflow
	push:
	branches:
	- CCS-2-Additional_evidence_examples
	pull_request:
	branches:
	- CCS-2-Additional_evidence_examples
	permissions:
	id-token: write
	contents: read

	jobs:
	docker-build-with-sonar-evidence:
	runs-on: ubuntu-latest
	env:
	DOCKER_REPO: 'test-docker-local'
	IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}'
	steps:
	- name: Display workflow and job names
	run: \|
	echo "Workflow name: $GITHUB_WORKFLOW"
	echo "Job name: $GITHUB_JOB"

	- name: Install jfrog cli
	id: setup-cli
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_URL: ${{ vars.ARTIFACTORY_URL }}
	with:
	oidc-provider-name: jfrog-github-oidc

	- uses: actions/checkout@v4

	- name: Install SonarQube Scanner
	run: \|
	curl -sL -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip
	unzip sonar-scanner.zip
	export PATH=$PATH:$PWD/sonar-scanner-6.2.1.4610/bin
	pwd
	ls -l $PWD/sonar-scanner-6.2.1.4610/bin/
	echo "$PWD/sonar-scanner-6.2.1.4610/bin"
	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '21' # Specify the desired Java version here
	distribution: 'temurin' # You can also use 'temurin', 'zulu', etc.

	- name: Sonar scan
	uses: SonarSource/sonarqube-scan-action@v5
	continue-on-error: true # Don't fail build on SonarCloud quality gate issues
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	with:
	args: >
	-Dsonar.projectKey=my-evidence-test-org1_evidence-example \
	-Dsonar.organization=my-evidence-test-org1 \
	-Dsonar.java.jdkHome=$JAVA_HOME \
	-Dsonar.verbose=true \

	- name: Log in to Artifactory Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ vars.ARTIFACTORY_URL }}
	username: ${{ steps.setup-cli.outputs.oidc-user }}
	password: ${{ steps.setup-cli.outputs.oidc-token }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build and Push Docker image
	uses: docker/build-push-action@v6
	id: docker-build
	with:
	push: true
	provenance: false
	platforms: linux/amd64 #, linux/arm64
	build-args: REPO_URL=${{ vars.JF_URL }}/example-project-docker-dev-remote
	tags: ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}

	- name: add docker package to build
	run: \|
	echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@${{ steps.docker-build.outputs.digest }}" > metadata.json
	jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json --build-name $GITHUB_WORKFLOW --build-number ${{ github.run_number }}

	- name: Publish build info
	if: ${{ true }}
	run: \|
	jf rt build-collect-env
	jf rt build-add-git
	jf rt build-publish

	- name: Create evidence
	if: ${{ steps.run-sonar-scanner.outputs.create-sonar-evidence == 0 }}
	run: \|
	# Attach evidence onto build using JFrog CLI
	jf evd create \
	--build-name $GITHUB_WORKFLOW \
	--build-number "${{ github.run_number }}" \
	--key "${{ secrets.JIRA_TEST_PKEY }}" \
	--key-alias ${{ vars.JIRA_TEST_KEY }} \
	--integration sonar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sonar-evidence-example #78

Workflow file

sonar-evidence-example #78

Uh oh!

Workflow file for this run