Skip to content

Latest commit

 

History

History
280 lines (208 loc) · 11.2 KB

README.md

File metadata and controls

280 lines (208 loc) · 11.2 KB

CNES sonar-scanner-catlab image

CI badge CD badge

Docker environment containing open source code analysis tools configured by CNES and dedicated to Continuous Integration.

This image is a pre-configured sonar-scanner image derived from Docker-CAT. It contains the same tools for code analysis and it is available on Docker Hub at lequal/sonar-scanner.

SonarQube itself is an opensource project on GitHub: SonarSource/sonarqube.

For versions and changelog: GitHub Releases.

ℹ️ If you only need a containerized sonar-scanner, you better use the official image from SonarSource available on Docker Hub: sonarsource/sonar-scanner-cli. The official image is smaller because it does not embed any other tool.

Features

Compared to the official sonarsource/sonar-scanner-cli image, this image provides additional features.

Additional features are:

This image is made to be used in conjunction with a pre-configured SonarQube server image that embeds all necessary plugins and configuration: cnescatlab/sonarqube. It is, however, not mandatory to use it.

User guide

  1. Write a sonar-project.properties at the root of your project

  2. Execute the sonar-scanner on the project by running this image from the root of the project

    $ docker run \
            --rm \
            -u "$(id -u):$(id -g)" \
            -e SONAR_HOST_URL="url of your SonarQube instance" \
            -v "$(pwd):/usr/src" \
            lequal/sonar-scanner

    This docker command is equivalent to sonar-scanner -Dsonar.host.url="url of your SonarQube instance".

    • If the SonarQube server is running in a container on the same computer, you will need to connect both containers (server and client) to the same bridge so that they can communicate. To do so:

      $ docker network create -d bridge sonarbridge
      $ docker network connect sonarbridge "name of your sonarqube container"
      # add the following option to the command line when running the lequal/sonar-scanner
      --net sonarbridge

This image suffers from the same limitations as the official SonarQube sonarsource/sonar-scanner-cli image.

  • If you need to analyze .NET projects, you must use the SonarScanner for MSBuild.
  • If you want to save the sonar-scanner cache, you must create the directory to bind mount in the container before running it. For more information, see SonarQube documentation.

How to use embedded tools

Not only does this image provide a sonar-scanner, but also a set of open source code analysis tools. All available tools are listed below. They can be used from the image by changing the arguments of the container when running one.

# Example with shellcheck
$ docker run \
        --rm \
        -u "$(id -u):$(id -g)" \
        -v "$(pwd):/usr/src" \
        lequal/sonar-scanner \
        shellcheck --color always -s bash -f checkstyle my-script.bash
# where my-script.bash is a file in the current working directory

For information on how to use these tools, refer to their official documentation.

How to use embedded CNES pylintrc

There are 3 pylintrc embedded in the image under /opt/python:

  • pylintrc_RNC2015_A_B
  • pylintrc_RNC2015_C
  • pylintrc_RNC2015_D

To use one of these files when running pylint from within the container:

# pylint with a CNES pylintrc
$ docker run \
        --rm \
        -u "$(id -u):$(id -g)" \
        -v "$(pwd):/usr/src" \
        lequal/sonar-scanner \
        pylint --rcfile=/opt/python/pylintrc_RNC2015_A_B my-script.py
# where my-script.py is a python module in the current working directory

To import pylint results in SonarQube see the official documentation. (Summed up: Run pylint with the following template: pylint <module_or_package> --rcfile=<pylintrc> -r n --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" > pylint-report.txt. Activate at least one pylint rule in the Quality Profile the project uses for Python.)

How to use other pylintrcs

You may want to use the embedded pylint with a pylintrc of yours . In this case, the easiest way to do so is to put a pylintrc file along with the sources.

To then use it:

# pylint with a custom pylintrc
$ docker run \
        --rm \
        -u "$(id -u):$(id -g)" \
        -v "$(pwd):/usr/src" \
        lequal/sonar-scanner \
        pylint --rcfile=/usr/src/custom_pylintrc my-script.py
# where my-script.py is a python module in the current working directory
# and custom_pylintrc is a pylintrc in the current working directory

On the other hand, if you want to use a CNES pylintrc for your project you can download it directly from github. They are stored on this repository under pylintrc.d.

Examples usage in CI

This image was made for CI, hence here are some examples. Make sur to use the right URL for your SonarQube instance instead of my-sonarqube.com.

These examples still need to be tested.

Jenkins

Here are 2 examples of a declarative Jenkinsfile and a scripted Jenkinsfile that call this image in a stage to analyze a project.

// Declarative pipeline
def sonarqubeURL = 'https://my-sonarqube.com'

pipeline {
    agent any

    stages {
        stage('Sonar scan') {
            steps {
                sh  """
                    docker run --rm \
                        -u "\$(id -u):\$(id -g)" \
                        -e SONAR_HOST_URL="${sonarqubeURL}" \
                        -v "\$(pwd):/usr/src" \
                        lequal/sonar-scanner
                    """
            }
        }
    }
}
// Scripted pipeline
def sonarqubeURL = 'https://my-sonarqube.com'

node {
    checkout scm

    stage('Sonar scan') {
        sh  """
            docker run --rm \
                  -u "\$(id -u):\$(id -g)" \
                  -e SONAR_HOST_URL="${sonarqubeURL}" \
                  -v "\$(pwd):/usr/src" \
                  lequal/sonar-scanner
            """
    }
}

GitHub Actions

Here is a GitHub Actions job of a GitHub Actions workflow that call this image to analyze a project.

jobs:
  sonar-scanning:
    name: Run CNES sonar-scanner
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Cache sonar-scanner data
        uses: actions/cache@v2
        with:
          path: .sonarcache
          key: sonar-scanner-cache
      - run: |
          mkdir -p .sonarcache
          docker run --rm \
                    -u "$(id -u):$(id -g)" \
                    -e SONAR_HOST_URL="https://my-sonarqube.com" \
                    -v "$(pwd):/usr/src" \
                    -v ".sonarcache:/opt/sonar-scanner/.sonar/cache" \
                    lequal/sonar-scanner

Travis CI

Here is a Travis CI script step, in a .travis.yml, to analyze a project with this image.

cache:
  directories:
    - /home/travis/.sonarcache

script:
  - mkdir -p /home/travis/.sonarcache
  - docker run --rm \
    -u "$(id -u):$(id -g)" \
    -e SONAR_HOST_URL="https://my-sonarqube.com" \
    -v "$(pwd):/usr/src" \
    -v "/home/travis/.sonarcache:/opt/sonar-scanner/.sonar/cache" \
    lequal/sonar-scanner

GitLab-CI

Here is GitLab-CI job, in a .gitlab-ci.yml, to analyze a project with this image.

sonar-scanning:
  stage: test
  cache:
    key: sonar-scanner-job
    paths:
      - .sonarcache
  script:
    - mkdir -p .sonarcache
    - docker run --rm \
      -u "$(id -u):$(id -g)" \
      -e SONAR_HOST_URL="https://my-sonarqube.com" \
      -v "$(pwd):/usr/src" \
      -v ".sonarcache:/opt/sonar-scanner/.sonar/cache" \
      lequal/sonar-scanner

Analysis tools included

Tool Version Default report file
sonar-scanner 6.0.0.4432
ShellCheck 0.8.0
pylint 3.1.0 pylint-report.txt
CNES pylint extension 7.0.0
CppCheck 2.14.1 cppcheck-report.xml
Hadolint 2.12.0

Developer's guide

Note about branch naming: if a new feature needs modifications to be made both on the server image and this one, it is strongly advised to give the same name to the branches on both repositories because the CI workflow of this image will try to use the server image built from the same branch.

How to build the image

It is a normal docker image. Thus, it can be built with the following commands.

# from the root of the project
$ docker build -t lequal/sonar-scanner .

To then run a container with this image see the user guide.

To run the tests and create your own ones see the test documentation.

How to contribute

If you experienced a problem with the image please open an issue. Inside this issue please explain us how to reproduce this issue and paste the log.

If you want to do a PR, please put inside of it the reason of this pull request. If this pull request fixes an issue please insert the number of the issue or explain inside of the PR how to reproduce this issue.

All details are available in CONTRIBUTING.

Bugs and feature requests: issues

To contribute to the project, read this about CATLab's workflows for Docker images.

License

Licensed under the GNU General Public License, Version 3.0

This project is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.