Skip to content

Commit

Permalink
Run sonar scanner as CLI or Docker
Browse files Browse the repository at this point in the history
  • Loading branch information
stefaniuk committed Oct 9, 2023
1 parent f8b9e84 commit 22f7700
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 25 deletions.
21 changes: 7 additions & 14 deletions .tool-versions
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,10 @@ pre-commit 3.4.0
# ==============================================================================
# The section below is reserved for Docker image versions.

# gitleaks, SEE: https://github.com/gitleaks/gitleaks/pkgs/container/gitleaks
# docker/ghcr.io/gitleaks/gitleaks v8.18.0@sha256:fd2b5cab12b563d2cc538b14631764a1c25577780e3b7dba71657d58da45d9d9

# terraform, SEE: https://hub.docker.com/r/hashicorp/terraform/tags
# docker/hashicorp/terraform 1.5.6@sha256:180a7efa983386a27b43657ed610e9deed9e6c3848d54f9ea9b6cb8a5c8c25f5

# shellcheck, SEE: https://hub.docker.com/r/koalaman/shellcheck/tags
# docker/koalaman/shellcheck latest@sha256:e40388688bae0fcffdddb7e4dea49b900c18933b452add0930654b2dea3e7d5c

# hadolint, SEE: https://hub.docker.com/r/hadolint/hadolint/tags
# docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42

# ghcr.io/nhs-england-tools/github-runner-image, SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
# docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646
# TODO: Move this section - consider using a different file for the repository template dependencies.
# docker/ghcr.io/gitleaks/gitleaks v8.18.0@sha256:fd2b5cab12b563d2cc538b14631764a1c25577780e3b7dba71657d58da45d9d9 # SEE: https://github.com/gitleaks/gitleaks/pkgs/container/gitleaks
# docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646 # SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
# docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42 # SEE: https://hub.docker.com/r/hadolint/hadolint/tags
# docker/hashicorp/terraform 1.5.6@sha256:180a7efa983386a27b43657ed610e9deed9e6c3848d54f9ea9b6cb8a5c8c25f5 # SEE: https://hub.docker.com/r/hashicorp/terraform/tags
# docker/koalaman/shellcheck latest@sha256:e40388688bae0fcffdddb7e4dea49b900c18933b452add0930654b2dea3e7d5c # SEE: https://hub.docker.com/r/koalaman/shellcheck/tags
# docker/sonarsource/sonar-scanner-cli 5.0.1@sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575 # SEE: https://hub.docker.com/r/sonarsource/sonar-scanner-cli/tags
4 changes: 2 additions & 2 deletions scripts/githooks/scan-secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ set -euo pipefail
# $ ./scan-secrets.sh
#
# Options:
# check={whole-history,last-commit,staged-changes} # Type of the check to run, default is `staged-changes`
# VERBOSE=true # Show all the executed commands, default is `false`
# check={whole-history,last-commit,staged-changes} # Type of the check to run, default is 'staged-changes'
# VERBOSE=true # Show all the executed commands, default is 'false'
# FORCE_USE_DOCKER=true # If set to true the command is run in a Docker container, default is 'false'
#
# Exit codes:
Expand Down
35 changes: 26 additions & 9 deletions scripts/reports/perform-static-analysis.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,27 +17,44 @@ set -euo pipefail
# SONAR_TOKEN=token # SonarCloud token
#
# Options:
# VERBOSE=true # Show all the executed commands, default is `false`

# ==============================================================================

# SEE: https://hub.docker.com/r/sonarsource/sonar-scanner-cli/tags, use the `linux/amd64` os/arch
image_version=5.0.1@sha256:494ecc3b5b1ee1625bd377b3905c4284e4f0cc155cff397805a244dee1c7d575
# VERBOSE=true # Show all the executed commands, default is 'false'
# FORCE_USE_DOCKER=true # If set to true the command is run in a Docker container, default is 'false'

# ==============================================================================

function main() {

cd "$(git rev-parse --show-toplevel)"

create-report
if command -v sonar-scanner > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
cli-run-sonar-scanner
else
docker-run-sonar-scanner
fi
}

function create-report() {
# Run Sonar Scanner natively.
function cli-run-sonar-scanner() {

sonar-scanner \
-Dproject.settings="$PWD/scripts/config/sonar-scanner.properties" \
-Dsonar.branch.name="${BRANCH_NAME:-$(git rev-parse --abbrev-ref HEAD)}" \
-Dsonar.organization="$SONAR_ORGANISATION_KEY" \
-Dsonar.projectKey="$SONAR_PROJECT_KEY" \
-Dsonar.token="$SONAR_TOKEN"
}

# Run Sonar Scanner in a Docker container.
function docker-run-sonar-scanner() {

# shellcheck disable=SC1091
source ./scripts/docker/docker.lib.sh

# shellcheck disable=SC2155
local image=$(name=sonarsource/sonar-scanner-cli docker-get-image-version-and-pull)
docker run --rm --platform linux/amd64 \
--volume "$PWD":/usr/src \
sonarsource/sonar-scanner-cli:$image_version \
"$image" \
-Dproject.settings=/usr/src/scripts/config/sonar-scanner.properties \
-Dsonar.branch.name="${BRANCH_NAME:-$(git rev-parse --abbrev-ref HEAD)}" \
-Dsonar.organization="$SONAR_ORGANISATION_KEY" \
Expand Down

0 comments on commit 22f7700

Please sign in to comment.