pkaramol
(Pantelis Karamolegkos)
1
I am using the official GH action as follows to post to a cloudflare protected SQ instance
- name: post results to SQ
uses: sonarsource/sonarqube-scan-action@v1.2.0
with:
args: >
-Dsonar.ws.headers="CF-Access-Client-Id: ${{ secrets.CF_ACCESS_CLIENT_ID }}, CF-Access-Client-Secret: ${{ secrets.CF_ACCESS_CLIENT_SECRET }}"
env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_API_TOKEN }}
SONAR_HOST_URL: https://my-sonarqube.instance.com
Ηere are the execution logs:
ERROR: Unrecognized option: ***,
INFO:
INFO: usage: sonar-scanner [options]
INFO:
INFO: Options:
INFO: -D,--define <arg> Define property
INFO: -h,--help Display help information
INFO: -v,--version Display version information
INFO: -X,--debug Produce execution debug output
Why is the command failing it is entirety and interpreting the scrambled sensitive values as options?
Colin
(Colin)
2
Hey there.
This analysis parameter does not exist. Where did you find it?
Thanks for already adding your voice to this thread:
pkaramol
(Pantelis Karamolegkos)
3
I misread it somewhere in the docs so apologies for that. So currently there is no way to bypass CFlare protection using its custom headers, right?
Is there a way then to
a) run the analysis using the sonar-scanner
cli
b) skip posting the results to SONARQUBE_HOST
c) use curl
to do this so as to leverage custom headers?