Skip to content
Snippets Groups Projects

Add Sonarcloud support to CI build

Merged Add Sonarcloud support to CI build
malowe/eclipsefdn-api-common:malowe/main/sonar-ci into main
2 unresolved threads
Merged Martin Lowe requested to merge malowe/eclipsefdn-api-common:malowe/main/sonar-ci into main
2 unresolved threads
Compare
and
2 files
+ 99
52
Compare changes
  • Side-by-side
  • Inline
Files
2
Jenkinsfile
+ 96
52
@@ -3,73 +3,77 @@
pipeline {
agent {
kubernetes {
label 'buildpack-agent'
label 'buildenv-agent'
yaml '''
apiVersion: v1
kind: Pod
spec:
containers:
- name: buildpack
image: buildpack-deps:stable
- name: buildcontainer
image: eclipsefdn/stack-build-agent:h111.3-n18.16-jdk11
imagePullPolicy: Always
command:
- cat
env:
- name: "MAVEN_OPTS"
value: "-Duser.home=/home/jenkins"
tty: true
resources:
limits:
memory: "2Gi"
cpu: "1"
requests:
memory: "2Gi"
cpu: "1"
volumeMounts:
- name: tmp
mountPath: /tmp
- name: jnlp
resources:
memory: "4Gi"
limits:
memory: "2Gi"
cpu: "1"
requests:
memory: "2Gi"
cpu: "1"
cpu: "2"
memory: "4Gi"
env:
- name: "HOME"
value: "/home/jenkins"
- name: "MAVEN_OPTS"
value: "-Duser.home=/home/jenkins"
volumeMounts:
- name: tools
mountPath: /opt/tools
- name: m2-repo
mountPath: /home/jenkins/.m2/repository
- name: settings-xml
- name: m2-secret-dir
mountPath: /home/jenkins/.m2/settings.xml
subPath: settings.xml
readOnly: true
- name: settings-security-xml
mountPath: /home/jenkins/.m2/settings-security.xml
subPath: settings-security.xml
- mountPath: "/home/jenkins/.m2/settings-security.xml"
name: "m2-secret-dir"
readOnly: true
subPath: "settings-security.xml"
- mountPath: "/home/jenkins/.mavenrc"
name: "m2-dir"
readOnly: true
- name: tmp
mountPath: /tmp
subPath: ".mavenrc"
- mountPath: "/home/jenkins/.m2/wrapper"
name: "m2-wrapper"
readOnly: false
- mountPath: "/home/jenkins/.cache"
name: "yarn-cache"
readOnly: false
- mountPath: "/home/jenkins/.sonar"
name: "sonar-cache"
readOnly: false
- name: jnlp
resources:
requests:
memory: "1024Mi"
cpu: "500m"
limits:
memory: "1024Mi"
cpu: "1000m"
volumes:
- name: tools
persistentVolumeClaim:
claimName: tools-claim-jiro-webdev
- name: "m2-dir"
configMap:
name: "m2-dir"
- name: m2-secret-dir
secret:
secretName: m2-secret-dir
- name: m2-repo
emptyDir: {}
- name: tmp
- name: m2-wrapper
emptyDir: {}
- name: yarn-cache
emptyDir: {}
- name: sonar-cache
emptyDir: {}
- name: settings-xml
secret:
secretName: m2-secret-dir
items:
- key: settings.xml
path: settings.xml
- name: settings-security-xml
secret:
secretName: m2-secret-dir
items:
- key: settings-security.xml
path: settings-security.xml
'''
}
}
@@ -103,22 +107,60 @@
timeout(time: 30, unit: 'MINUTES')
}
tools {
maven 'apache-maven-latest'
jdk 'adoptopenjdk-hotspot-jdk11-latest'
}
triggers {
// build once a week to keep up with parents images updates
cron('H H * * H')
}
stages {
stage('Build Java code') {
stage('Build Java code (with sonar)') {
when {
steps {
sh 'mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B package'
container('buildcontainer') {
readTrusted 'pom.xml'
sh 'mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B package'
withCredentials([string(credentialsId: 'sonarcloud-token-eclipsefdn-api-common', variable: 'SONAR_TOKEN')]) {
sh 'mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=${SONAR_TOKEN} -Dmaven.test.skip=true'
}
    • Comment on lines +121 to +124
      Frederic Gurr
      Frederic Gurr @fgurr ·
      Maintainer

      I would recommend doing it like this:

      sh 'make generate-spec'
withCredentials([string(credentialsId: 'sonarcloud-token-eclipsefdn-api-common', variable: 'SONAR_TOKEN')]) {
  sh 'mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -B -Dsonar.login=${SONAR_TOKEN}'
}
Please register or sign in to reply
}
}
}
stage('Build with Sonarcloud scan') {
when {
branch 'main'
}
steps {
container('buildcontainer') {
readTrusted 'pom.xml'
withCredentials([string(credentialsId: 'sonarcloud-token-eclipsefdn-api-common', variable: 'SONAR_TOKEN')]) {
sh 'mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=${SONAR_TOKEN}'
}
}
}
}
stage('Build without Sonarcloud scan') {
when {
not {
branch 'main'
}
}
steps {
container('buildcontainer') {
readTrusted 'pom.xml'
sh 'mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B package'
// only no-scan builds can be deployed as we don't deploy main
stash includes: 'target/', name: 'target'
}
}
}
stage('Push package image to Nexus') {
when {
@@ -127,7 +169,9 @@
}
}
steps {
sh 'mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B clean deploy'
unstash 'target'
sh 'mvn -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -B deploy'
}
}
}

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent