tests/ci: add sonarqube scan
Adding sonarqube scan to the pipeline.
This commit is contained in:
Jakub Rusz
Alexander Todorov
parent
597759c18f
commit
8bc4bff80c
4 changed files with 50 additions and 1 deletions
2
.github/workflows/checks.yml
vendored
2
.github/workflows/checks.yml
vendored
|
|
@ -54,5 +54,5 @@ jobs:
|
|||
- uses: actions/checkout@v2
|
||||
- uses: codespell-project/actions-codespell@master
|
||||
with:
|
||||
ignore_words_list: msdos
|
||||
ignore_words_list: msdos, pullrequest
|
||||
skip: ./.git,coverity,rpmbuild,samples
|
||||
|
|
|
|||
|
|
@ -75,6 +75,17 @@ OSTree Images:
|
|||
- aws/rhel-9.0-nightly-x86_64
|
||||
INTERNAL_NETWORK: "true"
|
||||
|
||||
SonarQube:
|
||||
stage: test
|
||||
extends: .terraform
|
||||
script:
|
||||
- schutzbot/sonarqube.sh
|
||||
parallel:
|
||||
matrix:
|
||||
- RUNNER:
|
||||
- aws/centos-stream-8-x86_64
|
||||
INTERNAL_NETWORK: "true"
|
||||
|
||||
finish:
|
||||
stage: finish
|
||||
tags:
|
||||
|
|
|
|||
BIN
schutzbot/RH-IT-Root-CA.keystore
Normal file
BIN
schutzbot/RH-IT-Root-CA.keystore
Normal file
Binary file not shown.
38
schutzbot/sonarqube.sh
Executable file
38
schutzbot/sonarqube.sh
Executable file
|
|
@ -0,0 +1,38 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -euxo pipefail
|
||||
|
||||
SONAR_SCANNER_CLI_VERSION=${SONAR_SCANNER_CLI_VERSION:-4.6.2.2472}
|
||||
|
||||
export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore=schutzbot/RH-IT-Root-CA.keystore -Djavax.net.ssl.trustStorePassword=$KEYSTORE_PASS"
|
||||
sudo dnf install -y unzip
|
||||
curl "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_CLI_VERSION-linux.zip" -o sonar-scanner-cli.zip
|
||||
unzip -q sonar-scanner-cli.zip
|
||||
|
||||
SONAR_SCANNER_CMD="$(pwd)/sonar-scanner-$SONAR_SCANNER_CLI_VERSION-linux/bin/sonar-scanner"
|
||||
|
||||
# SonarQube complains about shallow git clone so do a full checkout in tempdir
|
||||
FOLDER="$(mktemp -d)"
|
||||
pushd "$FOLDER"
|
||||
git clone http://github.com/osbuild/osbuild
|
||||
cd osbuild
|
||||
PR_NUMBER=${CI_COMMIT_BRANCH/*-/}
|
||||
git fetch origin pull/"$PR_NUMBER"/head:sonarscan
|
||||
git checkout sonarscan
|
||||
$SONAR_SCANNER_CMD -Dsonar.projectKey=osbuild:osbuild \
|
||||
-Dsonar.sources=. \
|
||||
-Dsonar.host.url=https://sonarqube.corp.redhat.com \
|
||||
-Dsonar.login="$SONAR_SCANNER_TOKEN" \
|
||||
-Dsonar.pullrequest.branch="$CI_COMMIT_BRANCH" \
|
||||
-Dsonar.pullrequest.key="$CI_COMMIT_SHA" \
|
||||
-Dsonar.pullrequest.base="main"
|
||||
popd
|
||||
|
||||
SONARQUBE_URL="https://sonarqube.corp.redhat.com/dashboard?id=osbuild%3Aosbuild&pullRequest=$CI_COMMIT_SHA"
|
||||
# Report back to GitHub
|
||||
curl \
|
||||
-u "${SCHUTZBOT_LOGIN}" \
|
||||
-X POST \
|
||||
-H "Accept: application/vnd.github.v3+json" \
|
||||
"https://api.github.com/repos/osbuild/osbuild/statuses/${CI_COMMIT_SHA}" \
|
||||
-d '{"state":"success", "description": "SonarQube scan sent for analysis", "context": "SonarQube", "target_url": "'"${SONARQUBE_URL}"'"}'
|
||||
Loading…
Add table
Add a link
Reference in a new issue