Commit d2c9df5e authored by Kiran Patel's avatar Kiran Patel Committed by Pierre Smeyers
Browse files

feat: add SonarQube job

parent fb3e4e32

README.md

+13 −0
Original line number Diff line number Diff line
@@ -104,6 +104,19 @@ The jacoco coverage display in gitlab uses the following variable 
| -------------------------- | --------------------------------------------------- | ---------------------- |

| `JACOCO_CSV_REPORT`    | Name of report                                          | `jacocoTestReport.csv` |



### `mvn-sonar` job — SonarQube analysis



This job is **disabled by default** and performs a SonarQube analysis of your code.



The job is bound to the `test` stage and uses the following variables:



| Name                     | description                            | default value     |

| ------------------------ | -------------------------------------- | ----------------- |

| `SONAR_HOST_URL`         | SonarQube server url                   | _none_ (disabled) |

| :lock: `SONAR_TOKEN`     | SonarQube authentication [token](https://docs.sonarqube.org/latest/user-guide/user-token/) | _none_ |

| `SONAR_BASE_ARGS`        | SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/) | `sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |

| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enable SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) verification.<br/>_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._ | _none_ (disabled) |



### Dependency-check



The Gradle template features a job `gradle-dependency-check` that performs a manual [Dependency-Check](https://jeremylong.github.io/DependencyCheck) analysis.

kicker.json

+29 −0
Original line number Diff line number Diff line
@@ -52,6 +52,35 @@ 
    }

  ],

  "features": [

    {

      "id": "sonar",

      "name": "SONAR",

      "description": "Code quality and security analysis with [SONARQube](https://www.sonarqube.org/)",

      "variables": [

        {

          "name": "SONAR_HOST_URL",

          "type": "url",

          "description": "SonarQube server url",

          "mandatory": true

        },

        {

          "name": "SONAR_TOKEN",

          "description": "SonarQube authentication [token](https://docs.sonarqube.org/latest/user-guide/user-token/)",

          "secret": true

        },

        {

          "name": "SONAR_BASE_ARGS",

          "description": "SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)",

          "default": "sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues",

          "advanced": true

        },

        {

          "name": "SONAR_QUALITY_GATE_ENABLED",

          "description": "Enables SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) verification.\n\n_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._",

          "type": "boolean"

        }

      ]

    },

    {

      "id": "dependency-check",

      "name": "Dependency Check",

templates/gitlab-ci-gradle.yml

+35 −0
Original line number Diff line number Diff line
@@ -56,6 +56,19 @@ variables: 
  GRADLE_PUBLISH_ARGS: "publish"

  GRADLE_DEPENDENCY_CHECK_TASK: "dependencyCheckAnalyze"



  # default production ref name (pattern)

  PROD_REF: '/^(master|main)$/'

  # default integration ref name (pattern)

  INTEG_REF: '/^develop$/'



  # Sonar base analysis default args

  # see: https://docs.sonarqube.org/latest/analysis/analysis-parameters/

  # default uses branch analysis: https://docs.sonarqube.org/latest/branches/overview/

  SONAR_BASE_ARGS: >-

    sonar 

    -Dsonar.links.homepage=${CI_PROJECT_URL}

    -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines

    -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues



stages:

  - build
@@ -338,6 +351,28 @@ gradle-build: 
    paths:

      - "$GRADLE_PROJECT_DIR/**/build/"



gradle-sonar:

  extends: .gradle-base

  stage: test

  variables:

    # see: https://docs.sonarqube.org/latest/analysis/gitlab-integration/#header-4

    SONAR_USER_HOME: "${CI_PROJECT_DIR}/${GRADLE_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache

    GIT_DEPTH: 0 # Tells git to fetch all the branches of the project, required by the analysis task

  cache:

    key: "$CI_COMMIT_REF_SLUG-gradle-sonar"

    paths:

      - "$GRADLE_PROJECT_DIR/.sonar/cache"

  script: 

    - >- 

      $GRADLE_CLI_BIN ${TRACE+-Dsonar.verbose=true} $GRADLE_CLI_OPTS 

      ${SONAR_QUALITY_GATE_ENABLED+-Dsonar.qualitygate.wait=$SONAR_QUALITY_GATE_ENABLED}

      $SONAR_BASE_ARGS

  rules:

    # exclude if $SONAR_HOST_URL not set

    - if: '$SONAR_HOST_URL == null || $SONAR_HOST_URL == ""'

      when: never

    - !reference [.test-policy, rules]



gradle-dependency-check:

  extends: .gradle-base

  stage: test