mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-12 10:55:20 +02:00
317 lines
11 KiB
YAML
317 lines
11 KiB
YAML
metadata:
|
|
name: sonarExecuteScan
|
|
description: Executes the Sonar scanner
|
|
longDescription: "The step executes the [sonar-scanner](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner)
|
|
cli command to scan the defined sources and publish the results to a SonarQube instance."
|
|
spec:
|
|
inputs:
|
|
secrets:
|
|
- name: sonarTokenCredentialsId
|
|
type: jenkins
|
|
description: "Jenkins 'Secret text' credentials ID containing the token used to authenticate
|
|
with the Sonar Server."
|
|
- name: githubTokenCredentialsId
|
|
type: jenkins
|
|
description: "Jenkins 'Secret text' credentials ID containing the token used to authenticate
|
|
with the Github Server."
|
|
params:
|
|
- name: instance
|
|
type: string
|
|
description: "Jenkins only: The name of the SonarQube instance defined in the Jenkins settings.
|
|
DEPRECATED: use serverUrl parameter instead"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: proxy
|
|
type: string
|
|
description: Proxy URL to be used for communication with the SonarQube instance.
|
|
scope:
|
|
- PARAMETERS
|
|
- STEPS
|
|
- STAGES
|
|
- name: serverUrl
|
|
aliases:
|
|
- name: host
|
|
- name: sonarServerUrl
|
|
type: string
|
|
description: "The URL to the Sonar backend."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: token
|
|
type: string
|
|
description: "Token used to authenticate with the Sonar Server."
|
|
scope:
|
|
- PARAMETERS
|
|
secret: true
|
|
resourceRef:
|
|
- type: vaultSecret
|
|
name: sonarVaultSecretName
|
|
default: sonar
|
|
- name: sonarTokenCredentialsId
|
|
type: secret
|
|
aliases:
|
|
- name: sonarToken
|
|
- name: organization
|
|
type: string
|
|
description: "SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: customTlsCertificateLinks
|
|
type: "[]string"
|
|
description: "List of download links to custom TLS certificates.
|
|
This is required to ensure trusted connections to instances with custom certificates."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: sonarScannerDownloadUrl
|
|
type: string
|
|
description: "URL to the sonar-scanner-cli archive."
|
|
default: "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: versioningModel
|
|
type: string
|
|
description: "The versioning model used for the version when reporting the results for the project."
|
|
scope: [GENERAL, STAGES, STEPS, PARAMETERS]
|
|
default: "major"
|
|
possibleValues:
|
|
- major
|
|
- major-minor
|
|
- semantic
|
|
- full
|
|
- name: version
|
|
aliases:
|
|
- name: projectVersion
|
|
deprecated: true
|
|
type: string
|
|
description: "The project version that is reported to SonarQube."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: artifactVersion
|
|
- name: customScanVersion
|
|
type: string
|
|
description: "A custom version used along with the uploaded scan results."
|
|
longDescription: |-
|
|
Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
|
|
It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
|
|
The parameter is also used by other scan steps (e.g. Detect, Fortify, WhiteSource) and thus allows a common custom version across scan tools.
|
|
scope: [GENERAL, STAGES, STEPS, PARAMETERS]
|
|
- name: projectKey
|
|
type: string
|
|
description: "The project key identifies the project in SonarQube."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: coverageExclusions
|
|
type: "[]string"
|
|
description: "A list of patterns that should be excluded from the coverage scan."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: inferJavaBinaries
|
|
type: bool
|
|
description: "Find the location of generated Java class files in all modules
|
|
and pass the option `sonar.java.binaries to the sonar tool."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: inferJavaLibraries
|
|
type: bool
|
|
description: "If the parameter `m2Path` is configured for the step `mavenExecute`
|
|
in the general section of the configuration, pass it as option `sonar.java.libraries`
|
|
to the sonar tool."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: options
|
|
type: "[]string"
|
|
description: "A list of options which are passed to the sonar-scanner."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
aliases:
|
|
- name: sonarProperties
|
|
deprecated: true
|
|
- name: waitForQualityGate
|
|
type: bool
|
|
description: "Whether the scan should wait for and consider the result of the quality gate."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
# Parameters for non-PR scans
|
|
- name: branchName
|
|
type: string
|
|
description: "Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to. Automatically inferred from environment variables on supported orchestrators if `inferBranchName` is set to true."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: inferBranchName
|
|
type: bool
|
|
description: "Whether to infer the `branchName` parameter automatically based on the
|
|
orchestrator-specific environment variable in runs of the pipeline."
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
# Parameters for PR-Handling
|
|
- name: changeId
|
|
type: string
|
|
description: "Pull-Request only: The id of the pull-request. Automatically inferred from environment variables on supported orchestrators."
|
|
scope:
|
|
- PARAMETERS
|
|
- name: changeBranch
|
|
type: string
|
|
description: "Pull-Request only: The name of the pull-request branch. Automatically inferred from environment variables on supported orchestrators."
|
|
scope:
|
|
- PARAMETERS
|
|
- name: changeTarget
|
|
type: string
|
|
description: "Pull-Request only: The name of the base branch. Automatically inferred from environment variables on supported orchestrators."
|
|
scope:
|
|
- PARAMETERS
|
|
- name: pullRequestProvider
|
|
type: string
|
|
description: "Pull-Request only: The scm provider."
|
|
default: GitHub
|
|
possibleValues:
|
|
- GitHub
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: owner
|
|
type: string
|
|
description: "Pull-Request only: The owner of the scm repository."
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
aliases:
|
|
- name: githubOrg
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: github/owner
|
|
- name: repository
|
|
type: string
|
|
description: "Pull-Request only: The scm repository."
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
aliases:
|
|
- name: githubRepo
|
|
resourceRef:
|
|
- name: commonPipelineEnvironment
|
|
param: github/repository
|
|
# Parameters for legacy PR-Handling
|
|
- name: githubToken
|
|
type: string
|
|
description: "Pull-Request only: Token for Github to set status on the Pull-Request."
|
|
scope:
|
|
- PARAMETERS
|
|
secret: true
|
|
aliases:
|
|
- name: access_token
|
|
resourceRef:
|
|
- name: githubTokenCredentialsId
|
|
type: secret
|
|
- type: vaultSecret
|
|
name: githubVaultSecretName
|
|
default: github
|
|
- name: disableInlineComments
|
|
type: bool
|
|
description: "Pull-Request only: Disables the pull-request decoration with inline comments.
|
|
DEPRECATED: only supported in SonarQube < 7.2"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: legacyPRHandling
|
|
type: bool
|
|
description: "Pull-Request only: Activates the pull-request handling using
|
|
the [GitHub Plugin](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin).
|
|
DEPRECATED: only supported in SonarQube < 7.2"
|
|
scope:
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
- name: githubApiUrl
|
|
type: string
|
|
description: "Pull-Request only: The URL to the Github API.
|
|
See [GitHub plugin docs](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin#GitHubPlugin-Usage)
|
|
DEPRECATED: only supported in SonarQube < 7.2"
|
|
scope:
|
|
- GENERAL
|
|
- PARAMETERS
|
|
- STAGES
|
|
- STEPS
|
|
default: https://api.github.com
|
|
|
|
# Global maven settings, should be added to all maven steps
|
|
- name: m2Path
|
|
type: string
|
|
description: "Path to the location of the local repository that should be used."
|
|
scope:
|
|
- GENERAL
|
|
- STEPS
|
|
- STAGES
|
|
- PARAMETERS
|
|
aliases:
|
|
- name: maven/m2Path
|
|
|
|
outputs:
|
|
resources:
|
|
- name: reports
|
|
type: reports
|
|
params:
|
|
- filePattern: "**/sonarscan.json"
|
|
type: sonarqube
|
|
- filePattern: "**/sonarscan-result.json"
|
|
type: sonarqube
|
|
- name: influx
|
|
type: influx
|
|
params:
|
|
- name: step_data
|
|
fields:
|
|
- name: sonar
|
|
type: bool
|
|
- name: sonarqube_data
|
|
fields:
|
|
- name: blocker_issues
|
|
type: int
|
|
- name: critical_issues
|
|
type: int
|
|
- name: major_issues
|
|
type: int
|
|
- name: minor_issues
|
|
type: int
|
|
- name: info_issues
|
|
type: int
|
|
containers:
|
|
- name: sonar
|
|
image: sonarsource/sonar-scanner-cli:4.8
|
|
options:
|
|
- name: -u
|
|
value: "0"
|