SQSCANGHA-112 Fix redirect test to deal with TLS

Author: jeremy-davis-sonarsource

.github/qa-nginx-redirecting/compose.yml

@@ -5,8 +5,10 @@ services:
       - 8080:8080
     volumes:
       - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.conf:/etc/nginx/nginx.conf:ro
+      - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.crt:/etc/nginx/nginx.crt:ro
+      - $GITHUB_WORKSPACE/.github/qa-nginx-redirecting/nginx.key:/etc/nginx/nginx.key:ro
     healthcheck:
-      test: ["CMD", "curl", "--fail", "localhost:8080/health"]
+      test: ["CMD", "curl", "--fail", "--insecure", "https://localhost:8080/health"]
       interval: 10s
       timeout: 5s
       retries: 20

.github/qa-nginx-redirecting/generate-ssl.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Generate self-signed SSL certificate for localhost with 1-day expiry
+openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
+  -keyout nginx.key \
+  -out nginx.crt \
+  -subj "/C=US/ST=CA/L=Local/O=Test/CN=localhost" \
+  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
+
+echo "SSL certificates generated with 1-day expiry: nginx.crt and nginx.key"

.github/qa-nginx-redirecting/nginx.conf

@@ -18,7 +18,9 @@ http {
     include /etc/nginx/conf.d/*.conf;
 
     server {
-        listen 8080;
+        listen 8080 ssl;
+        ssl_certificate /etc/nginx/nginx.crt;
+        ssl_certificate_key /etc/nginx/nginx.key;
 
         location /health {
             add_header 'Content-Type' 'text/plain';

.github/workflows/qa-main.yml

@@ -207,8 +207,7 @@ jobs:
           SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output.properties"}'
       - name: Assert
         run: |
-          # The new JavaScript implementation uses @actions/tool-cache which caches tools differently
-          # Instead of checking for the zip file, verify the tool was installed by checking it's in PATH
+          # Verify the tool was installed by checking it's in PATH
           if ! command -v sonar-scanner &> /dev/null; then
             echo "Error: sonar-scanner not found in PATH"
             exit 1
@@ -482,6 +481,9 @@ jobs:
           then
             exit 1
           fi
+      - name: Generate SSL certificates for nginx
+        run: ./generate-ssl.sh
+        working-directory: .github/qa-nginx-redirecting
       - name: Start nginx via Docker Compose
         run: docker compose up -d --wait
         working-directory: .github/qa-nginx-redirecting
@@ -490,14 +492,19 @@ jobs:
         uses: ./
         with:
           scannerVersion: 6.2.1.4610
-          scannerBinariesUrl: http://localhost:8080/clientRedirectToSonarBinaries
+          scannerBinariesUrl: https://localhost:8080/clientRedirectToSonarBinaries
         env:
           NO_CACHE: true
+          NODE_TLS_REJECT_UNAUTHORIZED: 0
           SONAR_HOST_URL: http://not_actually_used
           SONAR_SCANNER_JSON_PARAMS: '{"sonar.scanner.internal.dumpToFile": "./output1.properties"}'
       - name: Assert Sonar Scanner CLI was downloaded
         run: |
-          ./test/assertFileExists "$RUNNER_TEMP/sonarscanner/sonar-scanner-cli-6.2.1.4610-linux-x64.zip"
+          # Verify the tool was installed by checking it's in PATH
+          if ! command -v sonar-scanner &> /dev/null; then
+            echo "Error: sonar-scanner not found in PATH"
+            exit 1
+          fi
   useSslCertificate:
     name: >
       'SONAR_ROOT_CERT' is converted to truststore