1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
sap-jenkins-library/resources/metadata/sonar.yaml
Marc Bormeth 911d4bc770
feat(sonar): make step orchestrator-agnostic (#2874)
* Make sonarExecuteScan orchestrator-agnostic

* Increase coverage + support empty or false env vars

* Use cleared env for unit tests

* Refactor to standalone package

* Fix review findings

* Fix review findings

* Fix unit test

* Add logging

* Refactor

* Add to codeowners 😎

* Apply suggestions from code review

* Remove unreachable code

* no message

* fix typos

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-06-09 09:38:52 +02:00

298 lines
10 KiB
YAML

metadata:
name: sonarExecuteScan
description: Executes the Sonar scanner
longDescription: "The step executes the [sonar-scanner](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner)
cli command to scan the defined sources and publish the results to a SonarQube instance."
spec:
inputs:
secrets:
- name: sonarTokenCredentialsId
type: jenkins
description: "Jenkins 'Secret text' credentials ID containing the token used to authenticate
with the Sonar Server."
- name: githubTokenCredentialsId
type: jenkins
description: "Jenkins 'Secret text' credentials ID containing the token used to authenticate
with the Github Server."
params:
- name: instance
type: string
description: "Jenkins only: The name of the SonarQube instance defined in the Jenkins settings.
DEPRECATED: use serverUrl parameter instead"
scope:
- PARAMETERS
- STAGES
- STEPS
default: "SonarCloud"
- name: serverUrl
aliases:
- name: host
- name: sonarServerUrl
type: string
description: "The URL to the Sonar backend."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: token
type: string
description: "Token used to authenticate with the Sonar Server."
scope:
- PARAMETERS
secret: true
resourceRef:
- type: vaultSecret
paths:
- $(vaultPath)/sonar
- $(vaultBasePath)/$(vaultPipelineName)/sonar
- $(vaultBasePath)/GROUP-SECRETS/sonar
- name: sonarTokenCredentialsId
type: secret
aliases:
- name: sonarToken
- name: organization
type: string
description: "SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: customTlsCertificateLinks
type: "[]string"
description: "List of download links to custom TLS certificates.
This is required to ensure trusted connections to instances with custom certificates."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: sonarScannerDownloadUrl
type: string
description: "URL to the sonar-scanner-cli archive."
default: "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.5.0.2216-linux.zip"
scope:
- PARAMETERS
- STAGES
- STEPS
- name: versioningModel
type: string
description: "The versioning model used for the version when reporting the results for the project."
scope: [GENERAL, STAGES, STEPS, PARAMETERS]
default: "major"
possibleValues:
- major
- major-minor
- semantic
- full
- name: version
aliases:
- name: projectVersion
deprecated: true
type: string
description: "The project version that is reported to SonarQube."
scope:
- PARAMETERS
- STAGES
- STEPS
resourceRef:
- name: commonPipelineEnvironment
param: artifactVersion
- name: customScanVersion
type: string
description: "A custom version used along with the uploaded scan results."
longDescription: |-
Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
The parameter is also used by other scan steps (e.g. Detect, Fortify, WhiteSource) and thus allows a common custom version across scan tools.
scope: [GENERAL, STAGES, STEPS, PARAMETERS]
- name: projectKey
type: string
description: "The project key identifies the project in SonarQube."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: coverageExclusions
type: "[]string"
description: "A list of patterns that should be excluded from the coverage scan."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: inferJavaBinaries
type: bool
description: "Find the location of generated Java class files in all modules
and pass the option `sonar.java.binaries to the sonar tool."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: inferJavaLibraries
type: bool
description: "If the parameter `m2Path` is configured for the step `mavenExecute`
in the general section of the configuration, pass it as option `sonar.java.libraries`
to the sonar tool."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: options
type: "[]string"
description: "A list of options which are passed to the sonar-scanner."
scope:
- PARAMETERS
- STAGES
- STEPS
aliases:
- name: sonarProperties
deprecated: true
# Parameters for non-PR scans
- name: branchName
type: string
description: "Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to. Automatically inferred from environment variables on supported orchestrators if `inferBranchName` is set to true."
scope:
- PARAMETERS
- STAGES
- STEPS
- name: inferBranchName
type: bool
description: "Whether to infer the `branchName` parameter automatically based on the
orchestrator-specific environment variable in runs of the pipeline."
scope:
- PARAMETERS
- STAGES
- STEPS
# Parameters for PR-Handling
- name: changeId
type: string
description: "Pull-Request only: The id of the pull-request. Automatically inferred from environment variables on supported orchestrators."
scope:
- PARAMETERS
- name: changeBranch
type: string
description: "Pull-Request only: The name of the pull-request branch. Automatically inferred from environment variables on supported orchestrators."
scope:
- PARAMETERS
- name: changeTarget
type: string
description: "Pull-Request only: The name of the base branch. Automatically inferred from environment variables on supported orchestrators."
scope:
- PARAMETERS
- name: pullRequestProvider
type: string
description: "Pull-Request only: The scm provider."
default: GitHub
possibleValues:
- GitHub
scope:
- PARAMETERS
- STAGES
- STEPS
- name: owner
type: string
description: "Pull-Request only: The owner of the scm repository."
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
aliases:
- name: githubOrg
resourceRef:
- name: commonPipelineEnvironment
param: github/owner
- name: repository
type: string
description: "Pull-Request only: The scm repository."
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
aliases:
- name: githubRepo
resourceRef:
- name: commonPipelineEnvironment
param: github/repository
# Parameters for legacy PR-Handling
- name: githubToken
type: string
description: "Pull-Request only: Token for Github to set status on the Pull-Request."
scope:
- PARAMETERS
secret: true
aliases:
- name: access_token
resourceRef:
- name: githubTokenCredentialsId
type: secret
- type: vaultSecret
paths:
- $(vaultPath)/github
- $(vaultBasePath)/$(vaultPipelineName)/github
- $(vaultBasePath)/GROUP-SECRETS/github
- name: disableInlineComments
type: bool
description: "Pull-Request only: Disables the pull-request decoration with inline comments.
DEPRECATED: only supported in SonarQube < 7.2"
scope:
- PARAMETERS
- STAGES
- STEPS
- name: legacyPRHandling
type: bool
description: "Pull-Request only: Activates the pull-request handling using
the [GitHub Plugin](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin).
DEPRECATED: only supported in SonarQube < 7.2"
scope:
- PARAMETERS
- STAGES
- STEPS
- name: githubApiUrl
type: string
description: "Pull-Request only: The URL to the Github API.
See [GitHub plugin docs](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin#GitHubPlugin-Usage)
DEPRECATED: only supported in SonarQube < 7.2"
scope:
- GENERAL
- PARAMETERS
- STAGES
- STEPS
default: https://api.github.com
# Global maven settings, should be added to all maven steps
- name: m2Path
type: string
description: "Path to the location of the local repository that should be used."
scope:
- GENERAL
- STEPS
- STAGES
- PARAMETERS
aliases:
- name: maven/m2Path
outputs:
resources:
- name: influx
type: influx
params:
- name: step_data
fields:
- name: sonar
type: bool
- name: sonarqube_data
fields:
- name: blocker_issues
type: int
- name: critical_issues
type: int
- name: major_issues
type: int
- name: minor_issues
type: int
- name: info_issues
type: int
containers:
- name: sonar
image: sonarsource/sonar-scanner-cli:4.5