Docker environment containing open source code analysis tools configured by CNES and dedicated to Continuous Integration.
This image is a pre-configured sonar-scanner image derived from Docker-CAT. It contains the same tools for code analysis and it is available on Docker Hub at lequal/sonar-scanner.
SonarQube itself is an opensource project on GitHub: SonarSource/sonarqube.
For versions and changelog: GitHub Releases.
ℹ️ If you only need a containerized sonar-scanner, you better use the official image from SonarSource available on Docker Hub: sonarsource/sonar-scanner-cli. The official image is smaller because it does not embed any other tool.
Compared to the official sonarsource/sonar-scanner-cli image, this image provides additional features.
Additional features are:
This image is made to be used in conjunction with a pre-configured SonarQube server image that embeds all necessary plugins and configuration: cnescatlab/sonarqube. It is, however, not mandatory to use it.
- Write a
sonar-project.propertiesat the root of your project- For information on what to write in it, see the official SonarQube documentation
- Execute the sonar-scanner on the project by running this image from the root of the project
This docker command is equivalent to
$ docker run \ --rm \ -u "$(id -u):$(id -g)" \ -e SONAR_HOST_URL="url of your SonarQube instance" \ -v "$(pwd):/usr/src" \ lequal/sonar-scannersonar-scanner -Dsonar.host.url="url of your SonarQube instance".- If the SonarQube server is running in a container on the same computer, you will need to connect both containers (server and client) to the same bridge so that they can communicate. To do so:
$ docker network create -d bridge sonarbridge $ docker network connect sonarbridge "name of your sonarqube container" # add the following option to the command line when running the lequal/sonar-scanner --net sonarbridge
- If the SonarQube server is running in a container on the same computer, you will need to connect both containers (server and client) to the same bridge so that they can communicate. To do so:
This image suffers from the same limitations as the official SonarQube sonarsource/sonar-scanner-cli image.
- If you need to analyze .NET projects, you must use the SonarScanner for MSBuild.
- If you want to save the sonar-scanner cache, you must create the directory to bind mount in the container before running it. For more information, see SonarQube documentation.
Not only does this image provide a sonar-scanner, but also a set of open source code analysis tools. All available tools are listed below. They can be used from the image by changing the arguments of the container when running one.
# Example with shellcheck
$ docker run \
--rm \
-u "$(id -u):$(id -g)" \
-v "$(pwd):/usr/src" \
lequal/sonar-scanner \
shellcheck --color always -s bash -f checkstyle my-script.bash
# where my-script.bash is a file in the current working directoryFor information on how to use these tools, refer to their official documentation.
There are 3 pylintrc embedded in the image under /opt/python:
pylintrc_RNC2015_A_Bpylintrc_RNC2015_Cpylintrc_RNC2015_D
To use one of these files when running pylint from within the container:
# pylint with a CNES pylintrc
$ docker run \
--rm \
-u "$(id -u):$(id -g)" \
-v "$(pwd):/usr/src" \
lequal/sonar-scanner \
pylint --rcfile=/opt/python/pylintrc_RNC2015_A_B my-script.py
# where my-script.py is a python module in the current working directoryTo import pylint results in SonarQube see the official documentation. (Summed up: Run pylint with the following template: pylint <module_or_package> --rcfile=<pylintrc> -r n --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" > pylint-report.txt. Activate at least one pylint rule in the Quality Profile the project uses for Python.)
You may want to use the embedded pylint with a pylintrc of yours . In this case, the easiest way to do so is to put a pylintrc file along with the sources.
To then use it:
# pylint with a custom pylintrc
$ docker run \
--rm \
-u "$(id -u):$(id -g)" \
-v "$(pwd):/usr/src" \
lequal/sonar-scanner \
pylint --rcfile=/usr/src/custom_pylintrc my-script.py
# where my-script.py is a python module in the current working directory
# and custom_pylintrc is a pylintrc in the current working directoryOn the other hand, if you want to use a CNES pylintrc for your project you can download it directly from github. They are stored on this repository under pylintrc.d.
This image was made for CI, hence here are some examples. Make sur to use the right URL for your SonarQube instance instead of my-sonarqube.com.
These examples still need to be tested.
Here are 2 examples of a declarative Jenkinsfile and a scripted Jenkinsfile that call this image in a stage to analyze a project.
// Declarative pipeline
def sonarqubeURL = 'https://my-sonarqube.com'
pipeline {
agent any
stages {
stage('Sonar scan') {
steps {
sh """
docker run --rm \
-u "\$(id -u):\$(id -g)" \
-e SONAR_HOST_URL="${sonarqubeURL}" \
-v "\$(pwd):/usr/src" \
lequal/sonar-scanner
"""
}
}
}
}// Scripted pipeline
def sonarqubeURL = 'https://my-sonarqube.com'
node {
checkout scm
stage('Sonar scan') {
sh """
docker run --rm \
-u "\$(id -u):\$(id -g)" \
-e SONAR_HOST_URL="${sonarqubeURL}" \
-v "\$(pwd):/usr/src" \
lequal/sonar-scanner
"""
}
}Here is a GitHub Actions job of a GitHub Actions workflow that call this image to analyze a project.
jobs:
sonar-scanning:
name: Run CNES sonar-scanner
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Cache sonar-scanner data
uses: actions/cache@v2
with:
path: .sonarcache
key: sonar-scanner-cache
- run: |
mkdir -p .sonarcache
docker run --rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v ".sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scannerHere is a Travis CI script step, in a .travis.yml, to analyze a project with this image.
cache:
directories:
- /home/travis/.sonarcache
script:
- mkdir -p /home/travis/.sonarcache
- docker run --rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v "/home/travis/.sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scannerHere is GitLab-CI job, in a .gitlab-ci.yml, to analyze a project with this image.
sonar-scanning:
stage: test
cache:
key: sonar-scanner-job
paths:
- .sonarcache
script:
- mkdir -p .sonarcache
- docker run --rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v ".sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scanner| Tool | Version | Default report file |
|---|---|---|
| sonar-scanner | 5.0.1.3006 | |
| ShellCheck | 0.8.0 | |
| pylint | 3.1.0 | pylint-report.txt |
| CNES pylint extension | 7.0.0 | |
| CppCheck | 2.14.0 | cppcheck-report.xml |
| Infer | 1.1.0 |
Note about branch naming: if a new feature needs modifications to be made both on the server image and this one, it is strongly advised to give the same name to the branches on both repositories because the CI workflow of this image will try to use the server image built from the same branch.
It is a normal docker image. Thus, it can be built with the following commands.
# from the root of the project
$ docker build -t lequal/sonar-scanner .To then run a container with this image see the user guide.
To run the tests and create your own ones see the test documentation.
If you experienced a problem with the image please open an issue. Inside this issue please explain us how to reproduce this issue and paste the log.
If you want to do a PR, please put inside of it the reason of this pull request. If this pull request fixes an issue please insert the number of the issue or explain inside of the PR how to reproduce this issue.
All details are available in CONTRIBUTING.
Bugs and feature requests: issues
To contribute to the project, read this about CATLab's workflows for Docker images.
Licensed under the GNU General Public License, Version 3.0
This project is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.