sap-jenkins-library/resources/metadata/sonar.yaml

metadata:
  name: sonarExecuteScan
  description: Executes the Sonar scanner
  longDescription: The step executes the [sonar-scanner](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner) cli command to scan the defined sources and publish the results to a SonarQube instance.
spec:
  inputs:
    params:
      - name: instance
        type: string
        description: "Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use host parameter instead"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: 'SonarCloud'
      - name: host
        type: string
        description: The URL to the Sonar backend.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        aliases:
          - name: sonarServerUrl
      - name: token
        type: string
        description: Token used to authenticate with the Sonar Server.
        scope:
          - PARAMETERS
        secret: true
        aliases:
          - name: sonarToken
      - name: organization
        type: string
        description: "SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io."
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: customTlsCertificateLinks
        type: string
        description: List of comma-separated download links to custom TLS certificates. This is required to ensure trusted connections to instances with custom certificates.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: sonarScannerDownloadUrl
        type: string
        description: "URL to the sonar-scanner-cli archive."
        default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.3.0.2102-linux.zip
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: projectVersion
        type: string
        description:
          "The project version that is reported to SonarQube."
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        resourceRef:
          - name: commonPipelineEnvironment
            param: artifactVersion
      - name: options
        type: "[]string"
        description: A list of options which are passed to the sonar-scanner.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      # Parameters for non-PR scans
      - name: branchName
        type: string
        description: "Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to."
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      # Parameters for PR-Handling
      - name: changeId
        type: string
        description: "Pull-Request only: The id of the pull-request."
        scope:
          - PARAMETERS
      - name: changeBranch
        type: string
        description: "Pull-Request only: The name of the pull-request branch."
        scope:
          - PARAMETERS
      - name: changeTarget
        type: string
        description: "Pull-Request only: The name of the base branch."
        scope:
          - PARAMETERS
      - name: pullRequestProvider
        type: string
        description: "Pull-Request only: The scm provider."
        default: GitHub
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: owner
        type: string
        description: "Pull-Request only: The owner of the scm repository."
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        aliases:
          - name: githubOrg
        resourceRef:
          - name: commonPipelineEnvironment
            param: github/owner
      - name: repository
        type: string
        description: "Pull-Request only: The scm repository."
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        aliases:
          - name: githubRepo
        resourceRef:
          - name: commonPipelineEnvironment
            param: github/repository
      # Parameters for legacy PR-Handling
      - name: githubToken
        type: string
        description: "Pull-Request only: Token for Github to set status on the Pull-Request."
        scope:
          - PARAMETERS
        secret: true
      - name: disableInlineComments
        type: bool
        description: "Pull-Request only: Disables the pull-request decoration with inline comments. DEPRECATED: only supported in SonarQube < 7.2"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: legacyPRHandling
        type: bool
        description: "Pull-Request only: Activates the pull-request handling using the [GitHub Plugin](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin). DEPRECATED: only supported in SonarQube < 7.2"
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: githubApiUrl
        type: string
        description: "Pull-Request only: The URL to the Github API. see [GitHub plugin docs](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin#GitHubPlugin-Usage) DEPRECATED: only supported in SonarQube < 7.2"
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        default: https://api.github.com
    secrets:
      - name: sonarTokenCredentialsId
        type: jenkins
        description: Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Sonar Server.
      - name: githubTokenCredentialsId
        type: jenkins
        description: Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Github Server.
  containers:
    - name: sonar
      image: node:lts-stretch
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`metadata:`
			`name: sonarExecuteScan`
			`description: Executes the Sonar scanner`
			`longDescription: The step executes the [sonar-scanner](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner) cli command to scan the defined sources and publish the results to a SonarQube instance.`
			`spec:`
			`inputs:`
			`params:`
refactor(sonar): switch to Sonar scan in GO (#1320) * use sonar go in groovy * use SONAR_TOKEN * only use owner/repo if both are set * trim version to major version digit * fix code climate issues * remove Sonar defaults * use sonar go step * use SONAR_TOKEN * use certs from parameters * use docker workspace & options * add instance parameter * implement branchName * implement branchName * remove duplicate default * update docs * fix TODOs * remove merge mess * fix code climate issue * address comments * respect custom defaults and custom config file name * fix typo * remove obsolete test cases * disable CommonStepChecks * check step config instead of context config * remove TODOs * respect jenkins PR envvars * use value from stepConfig * Update vars/sonarExecuteScan.groovy * rename options to config * correct type for options * add test cases * log sonar.options in debug message Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-04-08 12:55:46 +02:00			`- name: instance`
			`type: string`
			`description: "Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use host parameter instead"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: 'SonarCloud'`
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`- name: host`
			`type: string`
			`description: The URL to the Sonar backend.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`aliases:`
			`- name: sonarServerUrl`
			`- name: token`
			`type: string`
			`description: Token used to authenticate with the Sonar Server.`
			`scope:`
			`- PARAMETERS`
Mask secrets (#1382) 2020-04-16 14:37:45 +02:00			`secret: true`
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`aliases:`
			`- name: sonarToken`
			`- name: organization`
			`type: string`
			`description: "SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io."`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: customTlsCertificateLinks`
			`type: string`
			`description: List of comma-separated download links to custom TLS certificates. This is required to ensure trusted connections to instances with custom certificates.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: sonarScannerDownloadUrl`
			`type: string`
			`description: "URL to the sonar-scanner-cli archive."`
			`default: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.3.0.2102-linux.zip`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: projectVersion`
			`type: string`
			`description:`
			`"The project version that is reported to SonarQube."`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: artifactVersion`
			`- name: options`
refactor(sonar): switch to Sonar scan in GO (#1320) * use sonar go in groovy * use SONAR_TOKEN * only use owner/repo if both are set * trim version to major version digit * fix code climate issues * remove Sonar defaults * use sonar go step * use SONAR_TOKEN * use certs from parameters * use docker workspace & options * add instance parameter * implement branchName * implement branchName * remove duplicate default * update docs * fix TODOs * remove merge mess * fix code climate issue * address comments * respect custom defaults and custom config file name * fix typo * remove obsolete test cases * disable CommonStepChecks * check step config instead of context config * remove TODOs * respect jenkins PR envvars * use value from stepConfig * Update vars/sonarExecuteScan.groovy * rename options to config * correct type for options * add test cases * log sonar.options in debug message Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-04-08 12:55:46 +02:00			`type: "[]string"`
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`description: A list of options which are passed to the sonar-scanner.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
refactor(sonar): switch to Sonar scan in GO (#1320) * use sonar go in groovy * use SONAR_TOKEN * only use owner/repo if both are set * trim version to major version digit * fix code climate issues * remove Sonar defaults * use sonar go step * use SONAR_TOKEN * use certs from parameters * use docker workspace & options * add instance parameter * implement branchName * implement branchName * remove duplicate default * update docs * fix TODOs * remove merge mess * fix code climate issue * address comments * respect custom defaults and custom config file name * fix typo * remove obsolete test cases * disable CommonStepChecks * check step config instead of context config * remove TODOs * respect jenkins PR envvars * use value from stepConfig * Update vars/sonarExecuteScan.groovy * rename options to config * correct type for options * add test cases * log sonar.options in debug message Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-04-08 12:55:46 +02:00			`# Parameters for non-PR scans`
			`- name: branchName`
			`type: string`
			`description: "Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to."`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`# Parameters for PR-Handling`
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`- name: changeId`
			`type: string`
			`description: "Pull-Request only: The id of the pull-request."`
			`scope:`
			`- PARAMETERS`
			`- name: changeBranch`
			`type: string`
			`description: "Pull-Request only: The name of the pull-request branch."`
			`scope:`
			`- PARAMETERS`
			`- name: changeTarget`
			`type: string`
			`description: "Pull-Request only: The name of the base branch."`
			`scope:`
			`- PARAMETERS`
			`- name: pullRequestProvider`
			`type: string`
			`description: "Pull-Request only: The scm provider."`
			`default: GitHub`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: owner`
			`type: string`
			`description: "Pull-Request only: The owner of the scm repository."`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`aliases:`
			`- name: githubOrg`
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: github/owner`
			`- name: repository`
			`type: string`
			`description: "Pull-Request only: The scm repository."`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`aliases:`
			`- name: githubRepo`
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: github/repository`
refactor(sonar): switch to Sonar scan in GO (#1320) * use sonar go in groovy * use SONAR_TOKEN * only use owner/repo if both are set * trim version to major version digit * fix code climate issues * remove Sonar defaults * use sonar go step * use SONAR_TOKEN * use certs from parameters * use docker workspace & options * add instance parameter * implement branchName * implement branchName * remove duplicate default * update docs * fix TODOs * remove merge mess * fix code climate issue * address comments * respect custom defaults and custom config file name * fix typo * remove obsolete test cases * disable CommonStepChecks * check step config instead of context config * remove TODOs * respect jenkins PR envvars * use value from stepConfig * Update vars/sonarExecuteScan.groovy * rename options to config * correct type for options * add test cases * log sonar.options in debug message Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-04-08 12:55:46 +02:00			`# Parameters for legacy PR-Handling`
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`- name: githubToken`
			`type: string`
			`description: "Pull-Request only: Token for Github to set status on the Pull-Request."`
			`scope:`
			`- PARAMETERS`
Mask secrets (#1382) 2020-04-16 14:37:45 +02:00			`secret: true`
refactor(sonar): implement Sonar step in GO (#1042) * refactor(sonar): add initial metadata file for GO-based sonar step * refactor(sonar): add initial generated files for GO-based sonar step * refactor(sonar): add initial step file for GO-based sonar step * refactor(sonar): add sonar cmd to executable * refactor(sonar): cleanup metadata file * fix(go): use capital TLS in golang names * add download of Sonar scanner cli * move download & unzip methods to FileUtils * download certificate files * use http.Downloader * update generated code * add slice prefix function * update sonar step * add test cases * update docs * use node:lts image * use latest sonar-scanner * add test cases * use latest sonar-scanner * fix test case * change things * return errors on functions * limit changeID visibility * use lowercase scm provider * add test case for legacy PRs * add test case * update docs * use local temp dir * extend parameter visibility to GENERAL * use SONAR_AUTH_TOKEN * remove comments * update generated code * Apply suggestions from code review * change to private fields * use setter for sonar options & environment * remove obsolete return statement * add comment about Downloader mock * add test case for custom options * handle custom options * refactor slice functions * fix go fmt * fix generated step code * update docs 2020-03-23 11:38:31 +02:00			`- name: disableInlineComments`
			`type: bool`
			`description: "Pull-Request only: Disables the pull-request decoration with inline comments. DEPRECATED: only supported in SonarQube < 7.2"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: legacyPRHandling`
			`type: bool`
			`description: "Pull-Request only: Activates the pull-request handling using the [GitHub Plugin](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin). DEPRECATED: only supported in SonarQube < 7.2"`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: githubApiUrl`
			`type: string`
			`description: "Pull-Request only: The URL to the Github API. see [GitHub plugin docs](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin#GitHubPlugin-Usage) DEPRECATED: only supported in SonarQube < 7.2"`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: https://api.github.com`
			`secrets:`
			`- name: sonarTokenCredentialsId`
			`type: jenkins`
			`description: Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Sonar Server.`
			`- name: githubTokenCredentialsId`
			`type: jenkins`
			`description: Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Github Server.`
			`containers:`
			`- name: sonar`
			`image: node:lts-stretch`