Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bogus PR for Sonar experiments #207

Closed
wants to merge 1 commit into from
Closed

Bogus PR for Sonar experiments #207

wants to merge 1 commit into from

Conversation

nipafx
Copy link
Member

@nipafx nipafx commented Mar 29, 2020
edited

Experimental PR to make Sonar work.

I hereby agree to the terms of the JUnit Pioneer Contributor License Agreement.

@sonarcloud
Copy link

sonarcloud bot commented Mar 29, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@nipafx
Copy link
Member Author

nipafx commented Mar 30, 2020

We found out that GitHub Actions does not make secret tokens available to builds started in forks. This is a security feature and can be observed in the log output where only GitHub's token has a *** next to it while others, including SonarQube's, are blank. That's why the Sonar integration works in this PR (branch in origin repo), but not in general ones.

@nipafx nipafx closed this Mar 30, 2020
nipafx pushed a commit that referenced this pull request Mar 30, 2020
Fix SonarCloud integration
6fe755b 
GitHub Actions does currently not allow to provide secrets for a
workflow to a fork[1]. This means, SonarCloud works fine on branches
and pull requests within the same repository, but not across forks
as the forks will never know the sonar token.

At the moment, the only way to achieve integration for all PRs is
to hard-code the token into the workflow file for GitHub Actions.
We could also add it to the Gradle script, but it makes more sense
to keep it out of the build and in the CI configuration

PR: #206 (and experiments in #207)
Issue: no specific one, but belongs to #192
Related: 4f3647f

[1] https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#using-encrypted-secrets-in-a-workflow
@nipafx nipafx deleted the nicolaiparlog-bogus-pr branch March 30, 2020 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@nipafx