Configures sonarqube for code coverage analysis

Signed-off-by: Vasu1105 <[email protected]>
inspec · Jan 5, 2024 · e082bb1 · e082bb1
1 parent 1df3143
commit e082bb1
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 0 deletions.
diff --git a/.expeditor/buildkite/verify.sh b/.expeditor/buildkite/verify.sh
@@ -7,6 +7,25 @@ uname -a
 ruby -v
 bundle --version
 
+# Fetch tokens from vault ASAP so that long-running tests don't cause our vault token to expire
+echo "--- installing vault"
+export VAULT_VERSION=1.13.0
+export VAULT_HOME=$HOME/vault
+curl --create-dirs -sSLo $VAULT_HOME/vault.zip https://releases.hashicorp.com/vault/$VAULT_VERSION/vault_${VAULT_VERSION}_linux_amd64.zip
+unzip -o $VAULT_HOME/vault.zip -d $VAULT_HOME
+
+if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then
+  echo "--- fetching Sonar token from vault"
+  export SONAR_TOKEN=$($VAULT_HOME/vault kv get -field token secret/inspec/train-winrm/sonar)
+
+  if [ -n "${SONAR_TOKEN:-}" ]; then
+    echo "  ++ SONAR_TOKEN set successfully"
+  else
+    echo "  !! SONAR_TOKEN not set - exiting "
+    exit 1 # TODO: Remove this line if we wish not to exit
+  fi
+fi
+
 echo "--- bundle install"
 bundle config set --local without tools maintenance deploy
 bundle install --jobs=7 --retry=3
@@ -16,3 +35,23 @@ bundle exec rake lint
 
 echo "+++ bundle exec rake"
 bundle exec rake
+RAKE_EXIT=$?
+
+#TODO: If coverage is enabled, then we need to pick up the coverage/coverage.json file
+if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then
+  echo "--- installing sonarscanner"
+  export SONAR_SCANNER_VERSION=4.7.0.2747
+  export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
+  curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
+  unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
+  export PATH=$SONAR_SCANNER_HOME/bin:$PATH
+  export SONAR_SCANNER_OPTS="-server"
+
+  # See sonar-project.properties for additional settings
+  echo "--- running sonarscanner"
+  sonar-scanner \
+  -Dsonar.sources=. \
+  -Dsonar.host.url=https://sonar.progress.com
+fi
+
+exit $RAKE_EXIT
diff --git a/.expeditor/config.yml b/.expeditor/config.yml
@@ -5,6 +5,10 @@ pipelines:
  - verify:
     description: Pull Request validation tests
     public: true
+ - coverage:
+    description: Unit test coverage
+    public: false
+    trigger: pull_request
 
 slack:
  notify_channel: inspec-notify

diff --git a/.expeditor/coverage.pipeline.yml b/.expeditor/coverage.pipeline.yml
@@ -0,0 +1,19 @@
+---
+expeditor:
+  defaults:
+    buildkite:
+      timeout_in_minutes: 45
+      retry:
+        automatic:
+          limit: 1
+
+steps:
+
+  - label: coverage-ruby-3.0
+    command:
+      - CI_ENABLE_COVERAGE=1 /workdir/.expeditor/buildkite/verify.sh
+    expeditor:
+      secrets: true
+      executor:
+        docker:
+          image: ruby:3.0
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,17 @@
+# must be unique in a given SonarQube instance
+sonar.projectKey=inspec_train-winrm_AYzOHo0HhXuvzhhRmMB3
+
+sonar.projectName=Chef-Inspec-train-winrm
+
+# TODO: provide path to test coverage report generated by simplecov or any other code coverage tool
+#sonar.ruby.coverage.reportPaths=coverage/coverage.json
+
+# exclude test directories from coverage
+sonar.coverage.exclusions=test/*
+
+sonar.exclusions=**/*.java,**/*.js,vendor/*
+
+# skip C-language processor
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-