Adding builder for Sonarqube analysis

sonarqube/Dockerfile

@@ -0,0 +1,31 @@
+FROM alpine:latest
+
+LABEL maintainer "Ram Gopinathan"
+
+ARG SONARQUBE_SCANNER_CLI_VERSION="3.2.0.1227"
+
+ENV SONARQUBE_SCANNER_HOME /opt/sonar-scanner-${SONARQUBE_SCANNER_CLI_VERSION}-linux
+ENV SONARQUBE_SCANNER_BIN ${SONARQUBE_SCANNER_HOME}/bin
+ENV SONAR_SCANNER_CLI_DOWNLOAD_URL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONARQUBE_SCANNER_CLI_VERSION}-linux.zip"
+
+RUN apk update \
+	&& apk upgrade \
+	&& apk add ca-certificates \
+	&& update-ca-certificates \
+	&& apk add --update openjdk8-jre tzdata curl unzip bash \
+	&& rm -rf /var/cache/apk/* \
+    && mkdir -p /tmp/sonar-scanner  \
+	&& curl -L --silent ${SONAR_SCANNER_CLI_DOWNLOAD_URL} >  /tmp/sonar-scanner/sonar-scanner-cli-${SONARQUBE_SCANNER_CLI_VERSION}-linux.zip  \
+    && mkdir -p /opt  \
+	&& unzip /tmp/sonar-scanner/sonar-scanner-cli-${SONARQUBE_SCANNER_CLI_VERSION}-linux.zip -d /opt  \
+	&& rm -rf /tmp/sonar-scanner
+
+
+ENV PATH $PATH:$SONARQUBE_SCANNER_BIN
+RUN echo $PATH
+
+COPY launch.sh /
+
+WORKDIR ${SONARQUBE_SCANNER_HOME}
+
+ENTRYPOINT ["/launch.sh"]

sonarqube/README.md

@@ -0,0 +1,26 @@
+# Sonarqube Scanning
+This builder allows you to run static code analysis using Sonarqube on your code.
+
+## Building this builder
+Run the command below to build this builder
+
+```
+gcloud builds submit . --config=cloudbuild.yaml
+```
+
+## Testing the example
+Before you can run the example. Perform following steps
+* Login to https://sonarcloud.io with your github account
+* Create a token by navigating to Account page then click on security tab
+* Next we need to use "Analyze New Project" option to set up project in sonarcloud. > Use setup manually option
+* Note down the token you created, project key and the organization name
+* Specify those values in the cloudbuild.yaml in examples
+
+## Running the analysis
+To perform the static code analysis on the example go project, run the command below
+
+```
+gcloud builds submit . --config=cloudbuild.yaml
+```
+
+This builder should work with other Sonarqune servers. If you decide to use this with a different sonar server rather than the sonarcloud, just specify sonar.host.URL arg along with login and password to authenticate with the sonar server if you are not using token based auth. 

sonarqube/cloudbuild.yaml

@@ -0,0 +1,16 @@
+steps:
+- name: 'gcr.io/cloud-builders/docker'
+  args: 
+  - 'build'
+  - '--build-arg'
+  - 'SONARQUBE_SCANNER_CLI_VERSION=3.2.0.1227'
+  - '-t'
+  - 'gcr.io/$PROJECT_ID/sonar-scanner:latest'
+  - '-t'
+  - 'gcr.io/$PROJECT_ID/sonar-scanner:3.2.0.1227'
+  - '.'
+
+images: 
+- 'gcr.io/$PROJECT_ID/sonar-scanner:latest'
+- 'gcr.io/$PROJECT_ID/sonar-scanner:3.2.0.1227'
+

sonarqube/examples/cloudbuild.yaml

@@ -0,0 +1,8 @@
+steps:
+  - name: 'gcr.io/$PROJECT_ID/sonar-scanner:latest'
+    args:
+    - '-Dsonar.host.url=https://sonarcloud.io'
+    - '-Dsonar.login={specify}'
+    - '-Dsonar.projectKey={specify}'
+    - '-Dsonar.organization={specify}'
+    - '-Dsonar.sources=.'

sonarqube/examples/main.go

@@ -0,0 +1,12 @@
+package main
+
+import (
+	log "github.com/sirupsen/logrus"
+)
+
+func init() {
+	log.Info("Init: Example go project")
+}
+func main() {
+	log.Info("Main: Example go project")
+}

sonarqube/launch.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+echo "START: Running sonar-scanner-cli on `date`"
+
+sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' $SONARQUBE_SCANNER_BIN/sonar-scanner
+
+sonar-scanner $@
+echo "END: Running sonar-scanner-cli on `date`"