analizar proyecto

DevSecOpsUsach · Dec 13, 2024 · f86549b · f86549b
1 parent 70c0840
commit f86549b
Showing 1 changed file with 62 additions and 0 deletions.
diff --git a/.github/workflows/pipelineIC.yml b/.github/workflows/pipelineIC.yml
@@ -76,3 +76,65 @@ jobs:
             echo "El proyecto ya existe en sonar"
             echo "project_created=false" >> $GITHUB_ENV
           fi
+
+      - name: Enable execution gradlew
+        run: | 
+          chmod 777 gradlew
+
+      - name: Perform Initial Analysis (if Project Created)
+        if: env.project_created == 'true'
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          REPO_NAME: ${{ github.event.repository.name }}
+        run: |
+          echo "Realizando análisis inicial en la rama main..."
+          ./gradlew sonarqube \
+            -Dsonar.projectKey=$REPO_NAME \
+            -Dsonar.organization=devsecopsusach \
+            -Dsonar.host.url=https://sonarcloud.io \
+            -Dsonar.token=$SONAR_TOKEN \
+            -Dsonar.branch.name=main
+
+      - name: Perform Branch Analysis
+        if: env.project_created == 'false'
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          REPO_NAME: ${{ github.event.repository.name }}
+          BRANCH_NAME: ${{ github.ref_name }}
+        run: |
+          echo "Realizando análisis en la rama actual: $BRANCH_NAME..."
+          ./gradlew sonarqube \
+            -Dsonar.projectKey=$REPO_NAME \
+            -Dsonar.organization=devsecopsusach \
+            -Dsonar.host.url=https://sonarcloud.io \
+            -Dsonar.token=$SONAR_TOKEN \
+            -Dsonar.branch.name=$BRANCH_NAME
+
+      - name: Validate Quality Gate
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          REPO_NAME: ${{ github.event.repository.name }}
+        run: |
+          echo "Validando el estado del Quality Gate..."
+          analysisId=$(curl -s -u "$SONAR_TOKEN:" \
+            "https://sonarcloud.io/api/ce/component?component=$REPO_NAME" | jq -r '.current.analysisId')
+
+          qualityGateStatus=$(curl -s -u "$SONAR_TOKEN:" \
+            "https://sonarcloud.io/api/qualitygates/project_status?analysisId=$analysisId" | jq -r '.projectStatus.status')
+
+          if [ "$qualityGateStatus" != "OK" ]; then
+            echo "El proyecto no cumple con el Quality Gate: $qualityGateStatus."
+            echo "Verificando vulnerabilidades críticas..."
+            vulnerabilities=$(curl -s -u "$SONAR_TOKEN:" \
+              "https://sonarcloud.io/api/issues/search?componentKeys=$REPO_NAME&types=VULNERABILITY&severities=CRITICAL,BLOCKER" | jq -r '.total')
+
+            if [ "$vulnerabilities" -gt 0 ]; then
+              echo "Se encontraron $vulnerabilities vulnerabilidades críticas. El proyecto no cumple con los estándares de seguridad."
+              exit 1
+            fi
+          else
+            echo "El proyecto cumple con el Quality Gate y no tiene vulnerabilidades críticas. Continuando sin problemas."
+          fi
+
+
+