diff --git a/.expeditor/buildkite/verify.sh b/.expeditor/buildkite/verify.sh index afd16b7..420648c 100755 --- a/.expeditor/buildkite/verify.sh +++ b/.expeditor/buildkite/verify.sh @@ -7,9 +7,48 @@ uname -a ruby -v bundle --version +# Fetch tokens from vault ASAP so that long-running tests don't cause our vault token to expire +echo "--- installing vault" +export VAULT_VERSION=1.13.0 +export VAULT_HOME=$HOME/vault +curl --create-dirs -sSLo $VAULT_HOME/vault.zip https://releases.hashicorp.com/vault/$VAULT_VERSION/vault_${VAULT_VERSION}_linux_amd64.zip +unzip -o $VAULT_HOME/vault.zip -d $VAULT_HOME + +if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then + echo "--- fetching Sonar token from vault" + export SONAR_TOKEN=$($VAULT_HOME/vault kv get -field token secret/inspec/train-aws/sonar) + + if [ -n "${SONAR_TOKEN:-}" ]; then + echo " ++ SONAR_TOKEN set successfully" + else + echo " !! SONAR_TOKEN not set - exiting " + exit 1 # TODO: Remove this line if we wish not to exit + fi +fi + echo "--- bundle install" bundle config set --local without tools maintenance deploy bundle install --jobs=7 --retry=3 echo "+++ bundle exec rake" bundle exec rake +RAKE_EXIT=$? + +# If coverage is enabled, then we need to pick up the coverage/coverage.json file +if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then + echo "--- installing sonarscanner" + export SONAR_SCANNER_VERSION=4.7.0.2747 + export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux + curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + export PATH=$SONAR_SCANNER_HOME/bin:$PATH + export SONAR_SCANNER_OPTS="-server" + + # See sonar-project.properties for additional settings + echo "--- running sonarscanner" + sonar-scanner \ + -Dsonar.sources=. \ + -Dsonar.host.url=https://sonar.progress.com +fi + +exit $RAKE_EXIT diff --git a/.expeditor/config.yml b/.expeditor/config.yml index 23b357e..0b7ab69 100644 --- a/.expeditor/config.yml +++ b/.expeditor/config.yml @@ -50,3 +50,7 @@ pipelines: - verify: description: Pull Request validation tests public: true + - coverage: + description: Unit test coverage + public: false + trigger: pull_request \ No newline at end of file diff --git a/.expeditor/coverage.pipeline.yml b/.expeditor/coverage.pipeline.yml new file mode 100644 index 0000000..4358467 --- /dev/null +++ b/.expeditor/coverage.pipeline.yml @@ -0,0 +1,19 @@ +--- +expeditor: + defaults: + buildkite: + timeout_in_minutes: 45 + retry: + automatic: + limit: 1 + +steps: + + - label: coverage-ruby-3.0 + command: + - CI_ENABLE_COVERAGE=1 RAKE_TASK=default /workdir/.expeditor/buildkite/verify.sh + expeditor: + secrets: true + executor: + docker: + image: ruby:3.0 diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..2091008 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,17 @@ +# must be unique in a given SonarQube instance +sonar.projectKey=inspec_train-aws_AYzKoFDLhXuvzhhRmL9- + +sonar.projectName=Chef-Inspec-train-aws + +# TODO: provide path to test coverage report generated by simplecov or any other code coverage tool +#sonar.ruby.coverage.reportPaths=coverage/coverage.json + +# exclude test directories from coverage +sonar.coverage.exclusions=test/* + +sonar.exclusions=**/*.java,**/*.js,vendor/* + +# skip C-language processor +sonar.c.file.suffixes=- +sonar.cpp.file.suffixes=- +sonar.objc.file.suffixes=- \ No newline at end of file