particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CI: Drop SonarQube in favor of Snyk

Browse source
This commit is contained in:
Jakub Rusz 2024-03-04 14:22:14 +01:00 committed by Simon Steinbeiß
parent 9004ca6310
commit eec2cf62e1
3 changed files with 0 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.gitlab-ci.yml
View file

@ -798,18 +798,6 @@ Installer:
- rhos-01/rhel-9.4-nightly-x86_64
- rhos-01/centos-stream-9-x86_64
SonarQube:
stage: test
extends: .terraform
rules:
- if: '$CI_PIPELINE_SOURCE != "schedule" && $CI_COMMIT_BRANCH == "main"'
script:
- schutzbot/sonarqube.sh
variables:
RUNNER: aws/centos-stream-8-x86_64
INTERNAL_NETWORK: "true"
GIT_DEPTH: 0
ContainerUpload:
stage: test
extends: .terraform

BIN
schutzbot/RH-IT-Root-CA.keystore
View file

Binary file not shown.

30
schutzbot/sonarqube.sh
View file

@ -1,30 +0,0 @@
#!/bin/bash
set -euxo pipefail
SONAR_SCANNER_CLI_VERSION=${SONAR_SCANNER_CLI_VERSION:-4.6.2.2472}
export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore=schutzbot/RH-IT-Root-CA.keystore -Djavax.net.ssl.trustStorePassword=$KEYSTORE_PASS"
sudo dnf install -y unzip
curl "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_CLI_VERSION-linux.zip" -o sonar-scanner-cli.zip
unzip -q sonar-scanner-cli.zip
SONAR_SCANNER_CMD="sonar-scanner-$SONAR_SCANNER_CLI_VERSION-linux/bin/sonar-scanner"
SCANNER_OPTS="-Dsonar.projectKey=osbuild:osbuild-composer -Dsonar.sources=. -Dsonar.host.url=https://sonarqube.corp.redhat.com -Dsonar.login=$SONAR_SCANNER_TOKEN -Dsonar.c.file.suffixes=-"
# add options for branch analysis if not running on main
if [ "$CI_COMMIT_BRANCH" != "main" ];then
SCANNER_OPTS="$SCANNER_OPTS -Dsonar.pullrequest.branch=$CI_COMMIT_BRANCH -Dsonar.pullrequest.key=$CI_COMMIT_SHA -Dsonar.pullrequest.base=main"
fi
# run the sonar-scanner
eval "$SONAR_SCANNER_CMD $SCANNER_OPTS"
SONARQUBE_URL="https://sonarqube.corp.redhat.com/dashboard?id=osbuild%3Aosbuild-composer&pullRequest=$CI_COMMIT_SHA"
# Report back to GitHub
curl \
-u "${SCHUTZBOT_LOGIN}" \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/osbuild/osbuild-composer/statuses/${CI_COMMIT_SHA}" \
-d '{"state":"success", "description": "SonarQube scan sent for analysis", "context": "SonarQube", "target_url": "'"${SONARQUBE_URL}"'"}'