SQSCANGHA-56 Support GitHub self-hosted runners without keytool

antonioaversa · antonioaversa · commit 5b8370391d0d · 2024-11-21T17:30:41.000+01:00
diff --git a/action.yml b/action.yml
@@ -42,4 +42,5 @@ runs:
       run: ${GITHUB_ACTION_PATH}/run-sonar-scanner.sh ${{ inputs.args }}
       shell: bash
       env:
-        INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
+        INPUT_PROJECTBASEDIR: ${{ inputs.projectBaseDir }}
+        SONAR_SCANNER_JRE: ${RUNNER_TEMP}/sonar-scanner-cli-${{ inputs.scannerVersion }}-${{ runner.os }}-${{ runner.arch }}/jre
diff --git a/run-sonar-scanner.sh b/run-sonar-scanner.sh
@@ -25,11 +25,11 @@ if [[ -n "${SONAR_ROOT_CERT}" ]]; then
   echo "Adding SSL certificate to the Scanner truststore"
   rm -f $RUNNER_TEMP/tmpcert.pem
   echo "${SONAR_ROOT_CERT}" > $RUNNER_TEMP/tmpcert.pem
-  # Use keytool for now, as SonarQube 11.6 won't support openssl generated keystores
+  # Use keytool for now, as SonarQube 10.6 and below doesn't support openssl generated keystores
   # keytool require a password > 6 characters, so we wan't use the default password 'sonar'
   store_pass=changeit
   mkdir -p ~/.sonar/ssl
-  keytool -storetype PKCS12 -keystore ~/.sonar/ssl/truststore.p12 -storepass $store_pass -noprompt -trustcacerts -importcert -alias sonar -file $RUNNER_TEMP/tmpcert.pem
+  SONAR_SCANNER_JRE/bin/java sun.security.tools.keytool.Main -storetype PKCS12 -keystore ~/.sonar/ssl/truststore.p12 -storepass $store_pass -noprompt -trustcacerts -importcert -alias sonar -file $RUNNER_TEMP/tmpcert.pem
   scanner_args+=("-Dsonar.scanner.truststorePassword=$store_pass")
 fi
 
