CI: Drop SonarQube and Schutzbot in favor of Snyk (HMS-3696)

Snyk is now being used for code analysis in favor of Sonarqube. This commit drops Sonarqube. Schutzbot was only neccessary for running SonarQube, so it has also been dropped.
2024-03-04 14:37:12 +01:00 · 2024-03-04 14:37:12 +01:00 · 32b936d4c6
commit 32b936d4c6
parent 97b7aa6bfd
6 changed files with 0 additions and 127 deletions
--- a/.github/workflows/trigger-gitlab.yml
+++ b/.github/workflows/trigger-gitlab.yml
@ -1,33 +0,0 @@
-# inspired by rhinstaller/anaconda
-
-name: Trigger GitLab CI
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  trigger-gitlab:
-    runs-on: ubuntu-latest
-    env:
-      IMAGEBUILDER_BOT_GITLAB_SSH_KEY: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_SSH_KEY }}
-    steps:
-      - name: Install Dependencies
-        run: |
-          sudo apt install -y jq
-
-      - name: Clone repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Push to gitlab
-        run: |
-          mkdir -p ~/.ssh
-          echo "${IMAGEBUILDER_BOT_GITLAB_SSH_KEY}" > ~/.ssh/id_rsa
-          chmod 400 ~/.ssh/id_rsa
-          touch ~/.ssh/known_hosts
-          ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
-          git remote add ci git@gitlab.com:redhat/services/products/image-builder/ci/image-builder-frontend.git
-          git push -f ci
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,34 +0,0 @@
-stages:
-  - init
-  - test
-  - finish
-
-.terraform:
-  after_script:
-    - schutzbot/update_github_status.sh update
-  tags:
-    - terraform
-
-init:
-  stage: init
-  tags:
-    - shell
-  script:
-    - schutzbot/update_github_status.sh start
-
-SonarQube:
-  stage: test
-  extends: .terraform
-  script:
-    - schutzbot/sonarqube.sh
-  variables:
-    RUNNER: aws/centos-stream-8-x86_64
-    INTERNAL_NETWORK: "true"
-    GIT_DEPTH: 0
-
-finish:
-  stage: finish
-  tags:
-    - shell
-  script:
-    - schutzbot/update_github_status.sh finish
--- a/schutzbot/RH-IT-Root-CA.keystore
+++ b/schutzbot/RH-IT-Root-CA.keystore
--- a/schutzbot/sonarqube.sh
+++ b/schutzbot/sonarqube.sh
@ -1,30 +0,0 @@
-#!/bin/bash
-
-set -euxo pipefail
-
-SONAR_SCANNER_CLI_VERSION=${SONAR_SCANNER_CLI_VERSION:-4.6.2.2472}
-
-export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore=schutzbot/RH-IT-Root-CA.keystore -Djavax.net.ssl.trustStorePassword=$KEYSTORE_PASS"
-sudo dnf install -y unzip nodejs
-curl "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_CLI_VERSION-linux.zip" -o sonar-scanner-cli.zip
-unzip -q sonar-scanner-cli.zip
-
-SONAR_SCANNER_CMD="sonar-scanner-$SONAR_SCANNER_CLI_VERSION-linux/bin/sonar-scanner"
-SCANNER_OPTS="-Dsonar.projectKey=osbuild:image-builder-frontend -Dsonar.sources=. -Dsonar.host.url=https://sonarqube.corp.redhat.com -Dsonar.login=$SONAR_SCANNER_TOKEN"
-
-# add options for branch analysis if not running on main
-if [ "$CI_COMMIT_BRANCH" != "main" ];then
-    SCANNER_OPTS="$SCANNER_OPTS -Dsonar.pullrequest.branch=$CI_COMMIT_BRANCH -Dsonar.pullrequest.key=$CI_COMMIT_SHA -Dsonar.pullrequest.base=main"
-fi
-
-# run the sonar-scanner
-eval "$SONAR_SCANNER_CMD $SCANNER_OPTS"
-
-SONARQUBE_URL="https://sonarqube.corp.redhat.com/dashboard?id=osbuild%3Aimage-builder-frontend&pullRequest=$CI_COMMIT_SHA"
-# Report back to GitHub
-curl \
-    -u "${SCHUTZBOT_LOGIN}" \
-    -X POST \
-    -H "Accept: application/vnd.github.v3+json" \
-    "https://api.github.com/repos/RedHatInsights/image-builder-frontend/statuses/${CI_COMMIT_SHA}" \
-    -d '{"state":"success", "description": "SonarQube scan sent for analysis", "context": "SonarQube", "target_url": "'"${SONARQUBE_URL}"'"}'
--- a/schutzbot/terraform
+++ b/schutzbot/terraform
@ -1 +0,0 @@
-b7c1d9078a7da3b68c1aa2f4401565c52b3fdab6
--- a/schutzbot/update_github_status.sh
+++ b/schutzbot/update_github_status.sh
@ -1,29 +0,0 @@
-#!/bin/bash
-
-if [[ $1 == "start" ]]; then
-  GITHUB_NEW_STATE="pending"
-  GITHUB_NEW_DESC="I'm currently testing this commit, be patient."
-elif [[ $1 == "finish" ]]; then
-  GITHUB_NEW_STATE="success"
-  GITHUB_NEW_DESC="I like this commit!"
-elif [[ $1 == "update" ]]; then
-  if [[ $CI_JOB_STATUS == "canceled" ]]; then
-    GITHUB_NEW_STATE="failure"
-    GITHUB_NEW_DESC="Someone told me to cancel this test run."
-  elif [[ $CI_JOB_STATUS == "failed" ]]; then
-    GITHUB_NEW_STATE="failure"
-    GITHUB_NEW_DESC="I'm sorry, something is odd about this commit."
-  else
-    exit 0
-  fi
-else
-  echo "unknown command"
-  exit 1
-fi
-
-curl \
-    -u "${SCHUTZBOT_LOGIN}" \
-    -X POST \
-    -H "Accept: application/vnd.github.v3+json" \
-    "https://api.github.com/repos/RedHatInsights/image-builder-frontend/statuses/${CI_COMMIT_SHA}" \
-    -d '{"state":"'"${GITHUB_NEW_STATE}"'", "description": "'"${GITHUB_NEW_DESC}"'", "context": "Schutzbot on GitLab", "target_url": "'"${CI_PIPELINE_URL}"'"}'