SQSCANGHA-40 Restore permission fix for files in the project basedir

SonarSource · Jul 2, 2024 · aecaf43 · aecaf43
1 parent 540792c
commit aecaf43
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 5 deletions.
diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml
@@ -153,3 +153,40 @@ jobs:
       - name: Assert
         run: |
           ./test/assertFileContains ./output.properties "sonar.verbose=true"
+  runAnalysisWithCacheTest:
+    runs-on: ubuntu-latest
+    services:
+      sonarqube:
+        image: sonarqube:lts-community
+        ports:
+          - 9000:9000
+        volumes:
+          - sonarqube_data:/opt/sonarqube/data
+          - sonarqube_logs:/opt/sonarqube/logs
+          - sonarqube_extensions:/opt/sonarqube/extensions
+        options: >-
+          --health-cmd "grep -Fq \"SonarQube is operational\" /opt/sonarqube/logs/sonar.log"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: SonarQube Cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/.sonar/cache
+          key: ${{ runner.os }}-sonar
+      - name: Run action on sample project
+        id: runTest
+        uses: ./
+        env:
+          SONAR_HOST_URL: http://sonarqube:9000
+          SONAR_USER_HOME: ${{ github.workspace }}/.sonar
+        with:
+          args: -Dsonar.login=admin -Dsonar.password=admin
+          projectBaseDir: ./test/example-project
+      - name: Assert
+        run: |
+          ./test/assertFileExists ./test/example-project/.scannerwork/report-task.txt
diff --git a/cleanup.sh b/cleanup.sh
@@ -2,12 +2,12 @@
 
 set -e
 
-if [ ! -d "${INPUT_PROJECTBASEDIR%/}/.scannerwork" ]; then
-    echo ".scannerwork directory not found; nothing to clean up."
-    exit
-fi
+# Reset all files permissions to the default Runner user and group to allow the follow up steps (mainly cache) to access all files.
 
+# Assume that the first (non-hidden) file in the project directory is one from the project, and not one written by the scanner
 _tmp_file=$(ls "${INPUT_PROJECTBASEDIR%/}/" | head -1)
+echo "Reading permissions from $_tmp_file"
 PERM=$(stat -c "%u:%g" "${INPUT_PROJECTBASEDIR%/}/$_tmp_file")
 
-chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/.scannerwork/"
+echo "Applying permissions $PERM to all files in the project base directory"
+chown -R $PERM "${INPUT_PROJECTBASEDIR%/}/"