diff --git a/.expeditor/buildkite/coverage.sh b/.expeditor/buildkite/coverage.sh index f885cbfd..cb16f713 100755 --- a/.expeditor/buildkite/coverage.sh +++ b/.expeditor/buildkite/coverage.sh @@ -10,10 +10,45 @@ bundle --version echo "--- system environment" env +echo "--- installing vault" +export VAULT_VERSION=1.13.0 +export VAULT_HOME=$HOME/vault +curl --create-dirs -sSLo $VAULT_HOME/vault.zip https://releases.hashicorp.com/vault/$VAULT_VERSION/vault_${VAULT_VERSION}_linux_amd64.zip +unzip -o $VAULT_HOME/vault.zip -d $VAULT_HOME + +if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then + echo "--- fetching Sonar token from vault" + export SONAR_TOKEN=$($VAULT_HOME/vault kv get -field token secret/inspec/train) +fi + echo "--- bundle install" bundle config set --local without tools integration bundle install --jobs=7 --retry=3 echo "+++ bundle exec rake" -bundle exec rake +bundle exec rake ${RAKE_TASK:-} +RAKE_EXIT=$? + +if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then + echo "--- installing sonarscanner" + export SONAR_SCANNER_VERSION=4.7.0.2747 + export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux + curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + export PATH=$SONAR_SCANNER_HOME/bin:$PATH + export SONAR_SCANNER_OPTS="-server" + + # Delete the vendor/ directory. I've tried to exclude it using sonar.exclusions, + # but that appears to get ignored, and we end up analyzing the gemfile install + # which blows our analysis. + echo "--- deleting installed gems" + rm -rf vendor/ + + # See sonar-project.properties for additional settings + echo "--- running sonarscanner" + sonar-scanner \ + -Dsonar.sources=. \ + -Dsonar.host.url=https://sonar.progress.com +fi +exit $RAKE_EXIT diff --git a/.expeditor/coverage.pipeline.yml b/.expeditor/coverage.pipeline.yml index 4f616c04..cf159dae 100644 --- a/.expeditor/coverage.pipeline.yml +++ b/.expeditor/coverage.pipeline.yml @@ -1,28 +1,19 @@ --- -# TODO: Update pipeline when we introduce the coverage pipeline +expeditor: + defaults: + buildkite: + timeout_in_minutes: 45 + retry: + automatic: + limit: 1 steps: - - label: "placeholder-for-coverage-pipeline" + + - label: coverage + command: + - CI_ENABLE_COVERAGE=1 RAKE_TASK=test /workdir/.expeditor/buildkite/coverage.sh expeditor: + secrets: true executor: docker: - commands: - - "echo ## This pipeline does nothing. Implement the coverage pipeline in near future." - -# steps: -# - label: coverage -# commands: -# - /workdir/.expeditor/buildkite/coverage.sh -# expeditor: -# secrets: -# COVERALLS_REPO_TOKEN: -# path: secret/coveralls/inspec/train -# field: repo_token -# executor: -# docker: -# environment: -# - CI_ENABLE_COVERAGE=true -# - CI_NAME=Buildkite -# - CI_BUILD_NUMBER=$BUILDKITE_BUILD_NUMBER -# - CI_BUILD_URL=$BUILDKITE_BUILD_URL -# - CI_BRANCH=$BUILDKITE_BRANCH + image: ruby:3.0.6 diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000..670a671d --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,17 @@ +# must be unique in a given SonarQube instance +sonar.projectKey=inspec_train-k8s-container_AYvdJXl0G2RNgd1H9hTX + +sonar.projectName=Chef-Inspec-train-k8s-container + +# TODO: path to test coverage report generated by simplecov +#sonar.ruby.coverage.reportPaths=coverage/coverage.json + +# exclude test directories from coverage +sonar.coverage.exclusions=spec/* + +sonar.exclusions=**/*.java,**/*.js,vendor/* + +# skip C-language processor +sonar.c.file.suffixes=- +sonar.cpp.file.suffixes=- +sonar.objc.file.suffixes=- \ No newline at end of file