Integrate SonarQube analysis.

.gitignore

@@ -1,8 +1,8 @@
 *~
 *.pyc
-html/
-venv/
+venv*/
 .cache/
 .tox
-.coverage
-coverage.xml
+.coverage*
+reports/
+.scannerwork/

.travis.yml

@@ -3,49 +3,9 @@ sudo: false
 matrix:
   include:
     # (default)
-    - os: linux
-      python: 2.6
     - os: linux
       python: 2.7
-    - os: linux
-      python: 3.3
-    - os: linux
-      python: 3.4
-    - os: linux
-      python: 3.5
-    - os: linux
-      python: 3.6
-    - os: linux
-      python: pypy
-    - os: linux
-      python: pypy3
-    - os: linux
-      python: 3.7-dev
-    # Ubuntu 12.04
-    - os: linux
-      dist: precise
-      language: generic
-      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3 PY_ORIGIN=pyenv
-    # Ubuntu 14.04
-    - os: linux
-      dist: trusty
-      language: generic
-      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3 PY_ORIGIN=pyenv
-    # macOS 10.12 Sierra
-    - os: osx
-      osx_image: xcode8.3
-      language: generic
-      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3
-    # Mac OS X 10.11 El Capitan
-    - os: osx
-      osx_image: xcode7.3
-      language: generic
-      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3
-    # Mac OS X 10.10 Yosemite
-    - os: osx
-      osx_image: xcode6.4
-      language: generic
-      env: PY_VER=py26,py27,py33,py34,py35,py36,pypy,pypy3
+      env: SQ=1
   allow_failures:
     # PyPy3 on Travis CI is out of date
     - python: pypy3

test/tools/ci-linux.sh

@@ -2,7 +2,8 @@
 
 CI_VERBOSE=1
 
-ci_err() { [ $1 -ne 0 ] && echo "err: $2" >&2 && exit 1; }
+ci_err_msg() { echo "[ci] error: $1" >&2; }
+ci_err() { [ $1 -ne 0 ] && ci_err_msg "$2" && exit 1; }
 ci_is_osx() { [ X"$(uname -s)" == X"Darwin" ]; }
 
 ci_get_pypy_ver() {
@@ -166,6 +167,135 @@ ci_venv_use() {
 	return 0
 }
 
+ci_get_filedir() {
+	local _sdir=$(cd -- "$(dirname "$0")" && pwd)
+	local _pdir=$(pwd)
+	if [ -z "${_pdir##${_sdir}*}" ]; then
+		_sdir="${_pdir}"
+	fi
+	local _first=1
+	while [ X"${_sdir}" != X"/" ]; do
+		if [ ${_first} -eq 1 ]; then
+			_first=0
+			local _f=$(find "${_sdir}" -name "$1" | head -1)
+			if [ -n "${_f}" ]; then
+				echo $(dirname -- "${_f}")
+				return 0
+			fi
+		else
+			_f=$(find "${_sdir}" -mindepth 1 -maxdepth 1 -name "$1" | head -1)
+		fi
+		[ -n "${_f}" ] && echo "${_sdir}" && return 0
+		_sdir=$(cd -- "${_sdir}/.." && pwd)
+	done
+	return 1
+}
+
+ci_sq_ensure_java() {
+	type java >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+		ci_err_msg "java not found."
+		return 1
+	fi
+	return 0
+}
+
+ci_sq_ensure_scanner() {
+	local _cli_version="3.0.0.702"
+	local _cli_basedir="$HOME/.bin"
+	local _cli_postfix=""
+	case "$(uname -s)" in
+		Linux)
+			[ X"$(uname -m)" = X"x86_x64" ] && _cli_postfix="-linux"
+			[ X"$(uname -m)" = X"amd64" ] && _cli_postfix="-linux"
+			;;
+		Darwin) _cli_postfix="-macosx" ;;
+	esac
+	if [ X"${_cli_postfix}" = X"" ]; then
+		ci_sq_ensure_java || return 1
+	fi
+	if [ X"${SONAR_SCANNER_PATH}" != X"" ]; then
+		if [ -e "${SONAR_SCANNER_PATH}" ]; then
+			return 0
+		fi
+	fi
+	local _cli_fname="sonar-scanner-cli-${_cli_version}${_cli_postfix}"
+	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] ensure scanner ${_cli_fname}"
+	local _cli_dname="sonar-scanner-${_cli_version}${_cli_postfix}"
+	local _cli_archive="${_cli_basedir}/${_cli_fname}.zip"
+	local _cli_dir="${_cli_basedir}/${_cli_dname}"
+	local _cli_url="https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${_cli_fname}.zip"
+	if [ ! -e "${_cli_archive}" ]; then
+		mkdir -p -- "${_cli_basedir}" > /dev/null 2>&1
+		if [ $? -ne 0 ]; then
+			ci_err_msg "could not create ${_cli_basedir}"
+			return 1
+		fi
+		[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] downloading ${_cli_fname}"
+		curl -kL -o "${_cli_archive}" "${_cli_url}"
+		[ $? -ne 0 ] && ci_err_msg "download failed" && return 1
+		[ ! -e "${_cli_archive}" ] && ci_err_msg "download verify" && return 1
+	fi
+	if [ ! -d "${_cli_dir}" ]; then
+		[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] extracting ${_cli_fname}"
+		unzip -od "${_cli_basedir}" "${_cli_archive}"
+		[ $? -ne 0 ] && ci_err_msg "extract failed" && return 1
+		[ ! -d "${_cli_dir}" ] && ci_err_msg "extract verify" && return 1
+	fi
+	if [ ! -e "${_cli_dir}/bin/sonar-scanner" ]; then
+		ci_err_msg "sonar-scanner binary not found."
+		return 1
+	fi
+	SONAR_SCANNER_PATH="${_cli_dir}/bin/sonar-scanner"
+	return 0
+}
+
+ci_sq_run() {
+	if [ X"${SONAR_SCANNER_PATH}" = X"" ]; then
+		ci_err_msg "environment variable SONAR_SCANNER_PATH not set"
+		return 1
+	fi
+	if [ X"${SONAR_HOST_URL}" = X"" ]; then
+		ci_err_msg "environment variable SONAR_HOST_URL not set"
+		return 1
+	fi
+	if [ X"${SONAR_AUTH_TOKEN}" = X"" ]; then
+		ci_err_msg "environment variable SONAR_AUTH_TOKEN not set"
+		return 1
+	fi
+	local _branch=$(git name-rev --name-only HEAD | cut -d '~' -f 1)
+	case "${_branch}" in
+		master) ;;
+		develop) ;;
+		*) ci_err_msg "unknown branch: ${_branch}"; return 1 ;;
+	esac
+	local _pdir=$(ci_get_filedir "ssh-audit.py")
+	if [ -z "${_pdir}" ]; then
+		ci_err_msg "failed to find project directory"
+		return 1
+	fi
+	local _junit=$(cd -- "${_pdir}" && ls -1 reports/junit.*.xml | sort -r | head -1)
+	if [ X"${_junit}" = X"" ]; then
+		ci_err_msg "no junit.xml found"
+		return 1
+	fi
+	[ ${CI_VERBOSE} -gt 0 ] && echo "[ci] run sonar-scanner"
+	cd -- "${_pdir}"
+	"${SONAR_SCANNER_PATH}" -X \
+		-Dsonar.projectKey=arthepsy-github:ssh-audit \
+		-Dsonar.sources=ssh-audit.py \
+		-Dsonar.tests=test \
+		-Dsonar.test.inclusions=test/*.py \
+		-Dsonar.host.url="${SONAR_HOST_URL}" \
+		-Dsonar.projectName=ssh-audit \
+		-Dsonar.branch="${_branch}" \
+		-Dsonar.python.coverage.overallReportPath=reports/coverage.xml \
+		-Dsonar.python.xunit.reportPath="${_junit}" \
+		-Dsonar.organization=arthepsy-github \
+		-Dsonar.login="${SONAR_AUTH_TOKEN}"
+	return 0
+}
+
 ci_run_wrapped() {
 	local _versions=$(echo "${PY_VER}" | sed -e 's/,/ /g')
 	[ -z "${_versions}" ] && eval "$1"
@@ -247,6 +377,9 @@ ci_step_script_wrapped() {
 ci_step_success_wrapped() {
 	local _py_ver="$1"
 	local _py_ori="$2"
+	if [ X"${SQ}" = X"1" ]; then
+		ci_sq_ensure_scanner && ci_sq_run
+	fi
 	ci_venv_use "${_py_ver}" || return 1
 	coveralls
 	codecov

tox.ini

@@ -20,11 +20,12 @@ setenv =
 	SSHAUDIT = {toxinidir}/ssh-audit.py
 	test: COVERAGE_FILE = {toxinidir}/.coverage.{envname}
 	type,mypy: MYPYPATH = {toxinidir}/test/stubs
-	type,mypy: MYPYHTML = {toxinidir}/html/mypy
+	type,mypy: MYPYHTML = {toxinidir}/reports/html/mypy
 commands =
-	test: coverage run --source ssh-audit -m -- pytest -v {posargs:test}
+	test: coverage run --source ssh-audit -m -- \
+	test: pytest -v --junitxml={toxinidir}/reports/junit.{envname}.xml {posargs:test}
 	test: coverage report --show-missing
-	test: - coverage html -d {toxinidir}/html/coverage.{envname}
+	test: coverage html -d {toxinidir}/reports/html/coverage.{envname}
 	py{33,34,35,36,37}-{type,mypy}: {[testenv:mypy]commands}
 	py{27,py,py3,33,34,35,36,37}-{lint,pylint}: {[testenv:pylint]commands}
 	py{27,py,py3,33,34,35,36,37}-{lint,flake8}: {[testenv:flake8]commands}
@@ -42,7 +43,8 @@ commands =
 	coverage erase
 	coverage combine
 	coverage report --show-missing
-	- coverage html -d {toxinidir}/html/coverage
+	coverage xml -i -o {toxinidir}/reports/coverage.xml
+	coverage html -d {toxinidir}/reports/html/coverage
 
 [testenv:mypy]
 deps =