Code Monkey home page Code Monkey logo

bitrise-step-sonarqube-scanner's Introduction

bitrise-step-sonarqube-scanner

Step for running SonarQube Scanner CLI.

License

Step is licensed under MIT license. SonarQube Scanner CLI sources are available in SonarSource/sonar-scanner-cli repository.

How to use this Step

Can be run directly with the bitrise CLI, just git clone this repository, cd into it's folder in your Terminal/Command Line and call bitrise run test.

Check the bitrise.yml file for required inputs which have to be added to your .bitrise.secrets.yml file!

Step by step:

  1. Open up your Terminal / Command Line
  2. git clone the repository
  3. cd into the directory of the step (the one you just git cloned)
  4. Create a .bitrise.secrets.yml file in the same directory of bitrise.yml - the .bitrise.secrets.yml is a git ignored file, you can store your secrets in
  5. Check the bitrise.yml file for any secret you should set in .bitrise.secrets.yml
  • Best practice is to mark these options with something like # define these in your .bitrise.secrets.yml, in the app:envs section.
  1. Once you have all the required secret parameters in your .bitrise.secrets.yml you can just run this step with the bitrise CLI: bitrise run test

An example .bitrise.secrets.yml file:

envs:
- A_SECRET_PARAM_ONE: the value for secret one
- A_SECRET_PARAM_TWO: the value for secret two

How to create your own step

  1. Create a new git repository for your step (don't fork the step template, create a new repository)
  2. Copy the step template files into your repository
  3. Fill the step.sh with your functionality
  4. Wire out your inputs to step.yml (inputs section)
  5. Fill out the other parts of the step.yml too
  6. Provide test values for the inputs in the bitrise.yml
  7. Run your step with bitrise run test - if it works, you're ready

For Step development guidelines & best practices check this documentation: https://github.com/bitrise-io/bitrise/blob/master/_docs/step-development-guideline.md.

NOTE:

If you want to use your step in your project's bitrise.yml:

  1. git push the step into it's repository
  2. reference it in your bitrise.yml with the git::PUBLIC-GIT-CLONE-URL@BRANCH step reference style:
- git::https://github.com/user/my-step.git@branch:
   title: My step
   inputs:
   - my_input_1: "my value 1"
   - my_input_2: "my value 2"

You can find more examples of step reference styles in the bitrise CLI repository.

How to contribute to this Step

  1. Fork this repository
  2. git clone it
  3. Create a branch you'll work on
  4. To use/test the step just follow the How to use this Step section
  5. Do the changes you want to
  6. Run/test the step before sending your contribution
  • You can also test the step in your bitrise project, either on your Mac or on bitrise.io
  • You just have to replace the step ID in your project's bitrise.yml with either a relative path, or with a git URL format
  • (relative) path format: instead of - original-step-id: use - path::./relative/path/of/script/on/your/Mac:
  • direct git URL format: instead of - original-step-id: use - git::https://github.com/user/step.git@branch:
  • You can find more example of alternative step referencing at: https://github.com/bitrise-io/bitrise/blob/master/_examples/tutorials/steps-and-workflows/bitrise.yml
  1. Once you're done just commit your changes & create a Pull Request

Share your own Step

You can share your Step or step version with the bitrise CLI. If you use the bitrise.yml included in this repository, all you have to do is:

  1. In your Terminal / Command Line cd into this directory (where the bitrise.yml of the step is located)
  2. Run: bitrise run test to test the step
  3. Run: bitrise run audit-this-step to audit the step.yml
  4. Check the share-this-step workflow in the bitrise.yml, and fill out the envs if you haven't done so already (don't forget to bump the version number if this is an update of your step!)
  5. Then run: bitrise run share-this-step to share the step (version) you specified in the envs
  6. Send the Pull Request, as described in the logs of bitrise run share-this-step

That's all ;)

bitrise-step-sonarqube-scanner's People

Contributors

days avatar koral-- avatar lpusok avatar romulovitoi avatar zoltan-baba avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

nahidsiddiqui lucianopalmeida silvrwolfboy lpusok tsainte romulovitoi abonham nicholausadi keithcml roinuj39 days eliappexpertdevelops ec-mobile alwpnewbie zoltan-baba 0s9605 damienbitrise tamasbazs

bitrise-step-sonarqube-scanner's Issues

Fix scanner base URL

SonarSource have changed scanner URL to:
https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$version.zip

Not Authorized warning sometimes, though creds have been confirmed correct

Hi, we've been experiencing issues with the SQ bitrise step scan on our iOS and Android builds with intermittent error message:

ERROR: Not authorized. Analyzing this project requires authentication. Please provide a user token in sonar.login or other credentials in sonar.login and sonar.password.

Sometimes it has completed with success, though others with this failure. The large majority of scans are failing in this way now.

We have checked the credentials and even updated them with new ones to make sure. We are not aware of any call limits either and on these occasions when it fails nothing has been changed that we are aware of compared to the succeeded scans.

After opening a ticket with Bitrise support they advised I reach out directly here, any guidance here appreciated
Thanks

sonarqube-scanner getting stuck macOS 11.4 (Big Sur)

Hi,
This step is getting stuck on Big Sur and working fine for Catalina. What can be the issue? I am trying to push my test coverage report from Xcode to SonarCloud.

sonarqube-scanner version = 1.0.9
Xcode version = 13.0
OS = macOS 11.4 (Big Sur)

Screenshot 2021-10-22 at 3 32 21 PM

Help needed

Sorry but I am new to Bitrise and when I tried to integrate your step, I got the error SonarQube server [http://localhost:9000/] can not be reached. Now I probably missed something, your guide says "Local server can be spawned in previous script step" but I don't know exactly how to do that, can you please help me out?

Any way we can cache this with the bitrie cache step

The step works but it takes 3 minutes to wget and setup, is it possible to cache it ?, for larger apps is a pain

if [${TEMP_DIR}/sonar-scanner-folder] 
then
     ${TEMP_DIR}/sonar-scanner-${scanner_version}/bin/sonar-scanner $debug_flag
else 
    wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${scanner_version}.zip
    unzip sonar-scanner-cli-${scanner_version}.zip
fi

Something like that, I could do it on my workflow script step, but I'd rather have it on this repo.

Little security concern (maybe?)

I was just wondering if it really is a good idea to just push all the parameters into the sonar-project.properties file.
As also stuff like "sonar.login=" will end up there, in plain text.

Maybe using command line arguments instead would solve this?
e.g. -Dsonar.login=<token>

At least Bitrise "redacts" stuff coming from "Secrets" in the build logs.

But as I'm not an info sec pro, I'm not quite sure if that solution is really secure in the end either.

Anyway as a reminder: One should definitely use access tokens that only have the minimum amount of permissions (only "perform analysis" I would ay) and the token should be stored in Bitrise "Secrets".

Use both sonar-project.properties and scanner-properties provided by Bitrise

I think I would be nice to be able to use both sonar-project.properties and the scanner-properties provided by Bitrise.

I want to be able to use Bitrise properties, for example the Sonarqube server URL and login, but also let the project properties near the project itself, in sonar-scanner.properties.

This could be done by appending scanner-properties to the sonar-scanner.properties file, for example echo -n "${scanner_properties}" >> sonar-project.properties.

Timeout on Xcode 12.5.x stack

Latest Xcode builds seem to just hang at this stage until it times out and doesn't actually run the scan.
I have no idea where to begin, but the same build runs without the Sonar step just fine.

+ wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472.zip
--2021-05-12 13:39:01--  https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472.zip
Resolving binaries.sonarsource.com (binaries.sonarsource.com)... 91.134.125.245
Connecting to binaries.sonarsource.com (binaries.sonarsource.com)|91.134.125.245|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 589299 (575K) [application/zip]
Saving to: ‘sonar-scanner-cli-4.6.2.2472.zip’
     0K .......... .......... .......... .......... ..........  8%  169K 3s
    50K .......... .......... .......... .......... .......... 17%  342K 2s
   100K .......... .......... .......... .......... .......... 26% 40.6M 1s
   150K .......... .......... .......... .......... .......... 34%  342K 1s
   200K .......... .......... .......... .......... .......... 43% 32.2M 1s
   250K .......... .......... .......... .......... .......... 52% 22.4M 1s
   300K .......... .......... .......... .......... .......... 60% 5.95M 0s
   350K .......... .......... .......... .......... .......... 69% 13.3M 0s
   400K .......... .......... .......... .......... .......... 78%  334K 0s
   450K .......... .......... .......... .......... .......... 86% 4.70M 0s
   500K .......... .......... .......... .......... .......... 95% 4.30M 0s
   550K .......... .......... .....                           100% 8.37M=0.8s
2021-05-12 13:39:03 (739 KB/s) - ‘sonar-scanner-cli-4.6.2.2472.zip’ saved [589299/589299]
+ unzip sonar-scanner-cli-4.6.2.2472.zip
Archive:  sonar-scanner-cli-4.6.2.2472.zip
   creating: sonar-scanner-4.6.2.2472/
   creating: sonar-scanner-4.6.2.2472/bin/
   creating: sonar-scanner-4.6.2.2472/conf/
   creating: sonar-scanner-4.6.2.2472/lib/
  inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner.bat  
  inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner-debug.bat  
  inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner-debug  
  inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner  
  inflating: sonar-scanner-4.6.2.2472/conf/sonar-scanner.properties  
  inflating: sonar-scanner-4.6.2.2472/lib/sonar-scanner-cli-4.6.2.2472.jar  
++ pwd
+ TEMP_DIR=/var/folders/6q/wgy6jtp12w5gzgm9lzcglpqw0000gn/T/tmp.IawPVMxk
+ popd
~/git
+ [[ true == \t\r\u\e ]]
+ debug_flag=-X
+ /var/folders/6q/wgy6jtp12w5gzgm9lzcglpqw0000gn/T/tmp.IawPVMxk/sonar-scanner-4.6.2.2472/bin/sonar-scanner -X
timeout after 5400 seconds

Exception in thread "main" - Xcode 12.5.x - jdk8 and jdk11 tested

This error just started for us this morning.
I've tried updating to jdk11, same error. Any ideas?
Was working fine on:

Sonar Scanner 4.3.0.2102.
Xcode 12.5.x

id: sonarqube-scanner |
| version: 1.0.8 |
| collection: https://github.com/bitrise-io/bitrise-steplib.git |
| toolkit: bash |
| time: 2021-09-01T17:02:03Z |
+------------------------------------------------------------------------------+
| |
INFO[17:02:03] * [OK] Step dependency (unzip) installed, available.
INFO[17:02:03] * [OK] Step dependency (wget) installed, available.
INFO[17:02:03] * [OK] Step dependency (curl) installed, available.
\e[93mSonar Scanner CLI "4.6.2.2472" requires JRE or JDK version 11 or newer. Version "8" has been detected, CLI may not work properly.\e[0m
/var/folders/g2/xnd8hpjs50v433gfrybz2nxh0000gn/T/tmp.qwAKyVV6 ~/git
--2021-09-01 17:02:05-- https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472.zip
Resolving binaries.sonarsource.com (binaries.sonarsource.com)... 91.134.125.245
Connecting to binaries.sonarsource.com (binaries.sonarsource.com)|91.134.125.245|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 589299 (575K) [application/zip]
Saving to: ‘sonar-scanner-cli-4.6.2.2472.zip’
0K .......... .......... .......... .......... .......... 8% 153K 3s
50K .......... .......... .......... .......... .......... 17% 307K 2s
100K .......... .......... .......... .......... .......... 26% 67.1M 1s
150K .......... .......... .......... .......... .......... 34% 307K 1s
200K .......... .......... .......... .......... .......... 43% 37.2M 1s
250K .......... .......... .......... .......... .......... 52% 54.3M 1s
300K .......... .......... .......... .......... .......... 60% 68.5M 0s
350K .......... .......... .......... .......... .......... 69% 68.8M 0s
400K .......... .......... .......... .......... .......... 78% 312K 0s
450K .......... .......... .......... .......... .......... 86% 115M 0s
500K .......... .......... .......... .......... .......... 95% 53.9M 0s
550K .......... .......... ..... 100% 57.1M=0.8s
2021-09-01 17:02:07 (703 KB/s) - ‘sonar-scanner-cli-4.6.2.2472.zip’ saved [589299/589299]
Archive: sonar-scanner-cli-4.6.2.2472.zip
creating: sonar-scanner-4.6.2.2472/
creating: sonar-scanner-4.6.2.2472/bin/
creating: sonar-scanner-4.6.2.2472/conf/
creating: sonar-scanner-4.6.2.2472/lib/
inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner.bat
inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner-debug.bat
inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner-debug
inflating: sonar-scanner-4.6.2.2472/bin/sonar-scanner
inflating: sonar-scanner-4.6.2.2472/conf/sonar-scanner.properties
inflating: sonar-scanner-4.6.2.2472/lib/sonar-scanner-cli-4.6.2.2472.jar
~/git
Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.lang.String.charAt(String.java:658)
at org.sonarsource.scanner.cli.Cli.processNextArg(Cli.java:76)
at org.sonarsource.scanner.cli.Cli.parse(Cli.java:68)
at org.sonarsource.scanner.cli.Main.main(Main.java:59)
|

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.