diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 161abfa..004ecda 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -283,7 +283,7 @@ jobs: version: ${{ vars.KOSLI_CLI_VERSION }} - name: Attest SonarCloud as generic attestation in Kosli - run: ./sh/sonarcloud-scan-and-attest.sh + run: ./sh/sonarcloud_scan_and_attest.sh sdlc-control-gate: diff --git a/sh/sonarcloud-scan-and-attest.sh b/sh/sonarcloud-scan-and-attest.sh deleted file mode 100755 index 35c73c1..0000000 --- a/sh/sonarcloud-scan-and-attest.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash -set -Eeu - -repo_root() { git rev-parse --show-toplevel; } -sha="$(cd "$(repo_root)" && git rev-parse HEAD)" -OWNER="${KOSLI_ORG}" -REPO="${SERVICE_NAME}" - -get_checks_json() -{ - curl --request GET \ - --url "https://sonarcloud.io/api/measures/component?metricKeys=alert_status%2Cquality_gate_details%2Cbugs%2Csecurity_issues%2Ccode_smells%2Ccomplexity%2Cmaintainability_issues%2Creliability_issues%2Ccoverage&component=${OWNER}_${REPO}" \ - --header "Authorization: ${SONARCLOUD_TOKEN}" -} - -parse_json() { - json_filename=results.json - get_checks_json | jq '.' > ${json_filename} - measures=$(jq -r '.component.measures' ${json_filename}) - measures_length=$(jq '.component.measures | length' ${json_filename}) - - for i in $(seq 0 $(( ${measures_length} - 1 ))); do - metric=$(jq -r ".component.measures[$i].metric" ${json_filename}) - if ([ ${metric} = "alert_status" ]); then - success=$(jq -r ".component.measures[$i].value" ${json_filename}) - break - fi - done - - url="https://sonarcloud.io/project/overview?id=${OWNER}_${REPO}" - - KOSLI_COMPLIANT=$([ ${success} = "OK" ] && echo "true" || echo "false") -} - -attest_to_kosli_generic() { - kosli attest generic \ - --attachments="${json_filename}" \ - --compliant="${KOSLI_COMPLIANT}" \ - --name="${REPO}.sonarcloud-scan" \ - --external-url="sonarcloud-code-analysis=${url}" -} - -remove_json() { - rm ${json_filename} -} - -parse_json -attest_to_kosli_generic -remove_json diff --git a/sh/sonarcloud_scan_and_attest.sh b/sh/sonarcloud_scan_and_attest.sh new file mode 100755 index 0000000..b35c519 --- /dev/null +++ b/sh/sonarcloud_scan_and_attest.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +set -Eeu + +repo_root() { git rev-parse --show-toplevel; } + +readonly OWNER="${KOSLI_ORG}" +readonly REPO="${SERVICE_NAME}" +readonly JSON_FILENAME=results.json + +get_checks_json() +{ + curl \ + --header "Authorization: ${SONARCLOUD_TOKEN}" \ + --request GET \ + --url "https://sonarcloud.io/api/measures/component?metricKeys=alert_status%2Cquality_gate_details%2Cbugs%2Csecurity_issues%2Ccode_smells%2Ccomplexity%2Cmaintainability_issues%2Creliability_issues%2Ccoverage&component=${OWNER}_${REPO}" +} + +parse_json() +{ + local success, metric + get_checks_json | jq '.' > "${JSON_FILENAME}" + local -r measures_length=$(jq '.component.measures | length' "${JSON_FILENAME}") + + success="" + for i in $(seq 0 $(( measures_length - 1 ))); do + metric=$(jq -r ".component.measures[$i].metric" "${JSON_FILENAME}") + if [ "${metric}" = "alert_status" ] ; then + success=$(jq -r ".component.measures[$i].value" "${JSON_FILENAME}") + break + fi + done + + KOSLI_COMPLIANT=$([ "${success}" = "OK" ] && echo "true" || echo "false") +} + +attest_to_kosli_generic() +{ + local -r url="https://sonarcloud.io/project/overview?id=${OWNER}_${REPO}" + kosli attest generic \ + --attachments="${JSON_FILENAME}" \ + --compliant="${KOSLI_COMPLIANT}" \ + --name="${REPO}.sonarcloud-scan" \ + --external-url="sonarcloud-code-analysis=${url}" +} + +remove_json() +{ + rm "${JSON_FILENAME}" +} + +parse_json +attest_to_kosli_generic +remove_json