Skip to content

Latest commit

 

History

History
65 lines (41 loc) · 3.65 KB

README.md

File metadata and controls

65 lines (41 loc) · 3.65 KB

Sonarqube Scan Task example usage

The sample sub-directory contains an event-listener-container-registry EventListener definition that you can include in your tekton pipeline configuration to run an example usage of the sonarqube-run-scan.

Note: this sample also relies on the git-clone-repo, doi-publish-buildrecord, toolchain-build and doi-evaluate-gate tasks to clone the application, perform a build script, push the appropriate information to DevOps Insights and use the DevOps insights gate for evaluation.

  1. Create or update a toolchain to include:

    • the git repository containing the source to scan - that will be git clone, which can be private - for instance https://github.com/open-toolchain/hello-containers.git
    • the git repository containing this tekton task
    • a DevOps Insights integration
    • a SonarQube integration
    • a Tekton pipeline definition

    Toolchain overview

  2. Define a policy in DevOps Insights that will be evaluated - It only need to have one rule related to sonarqube test result in it.

    • Click on the DevOps Insights card
    • Create a policy with a name Create Policy
    • Add a new rule to include SonarQube Data set Add Rule

  3. Add the tekton definitions in the tekton pipeline:

    • for the git-clone-repo task (git path)
    • for the DevOps Insights tasks doi-publish-buildrecord and doi-evaluate-gate (devops-insights path)
    • for the toolchain-build task (toolchain path)
    • for this task and the sample (sonarqube and sonarqube/sample paths)

    Tekton pipeline definitions

  4. Choose a Worker for the pipeline - Select one of the IBM Managed workers

  5. Add the environment properties:

    • app-name the name of the application
    • doi-policy to indicate the name of DevOps Insoghts Policy you have created in previous step
    • toolchain-apikey to provide an API key used for the ibmcloud login/access
    • repository to indicate the git repository url to clone (correspoding to the one integrated in the toolchain)

    Tekton pipeline environment properties

  6. Create a manual trigger to start the default EventListener

    Tekton pipeline sample trigger

    If your sample code is a maven project then you can select the alternate maven EventListener that will define the appropriate command and target mvn sonar:sonar to perform the sonarqube scan

  7. Run the pipeline using the manual trigger created

    When pipeline-run is started (or terminated) you can click on it to open the pipelinerun dashboard

    Pipeline runs

    You can then see the detail of the pipeline execution and especially the sonarqube scan task

    SonarQube sample pipeline run

  8. If you navigate to the sonarqube server, the sonarqube project will have been created and scanned

    SonarQube project overview

  9. The DevOps insights dashboard shows also the SonarQube scan result

    DevOps Insights Quality Dashboard