This builder allows you to run static code analysis using Sonarqube on your code.
Run the command below to build this builder
gcloud builds submit . --config=cloudbuild.yamlRun this command to build sonar-scanner image locally
docker build --build-arg SONARQUBE_SCANNER_CLI_VERSION=4.4.0.2170 -t <IMAGE-NAME-TO-GIVE> .e.g.
docker build --build-arg SONARQUBE_SCANNER_CLI_VERSION=4.4.0.2170 -t sonar-scanner .
-
Locally (enter into directory where you want to run sonar scan and execute below command)
docekr run -it <IMAGE-NAME-TO-GIVE> sonar-scanner \ -Dsonar.projectKey=<SONAR-PROJECT-KEY> \ -Dsonar.projectName=<SONAR-PROJECT-NAME> \ -Dsonar.host.url=https://<GIT-ORG-URL> \ -Dsonar.login=<SONAR-LOGIN> \ -Dsonar.sources=.
-
Cloud build
- id: Sonar Analysis name: 'gcr.io/$PROJECT_ID/sonar-scanner:latest' entrypoint: bash args: - '-c' - | sonar-scanner \ -Dsonar.projectKey=<SONAR-PROJECT-KEY> \ -Dsonar.projectName=<SONAR-PROJECT-NAME> \ -Dsonar.host.url=<SONAR-HOST-URL> \ -Dsonar.login=<SONAR-LOGIN> \ -Dsonar.sources=. \ -Dsonar.pullrequest.github.endpoint=https://<GIT-ORG-URL>/api/v3 \ -Dsonar.pullrequest.github.repository=<GIT-ORG-NAME-IF-ANY>/$REPO_NAME \ -Dsonar.pullrequest.key=$_PR_NUMBER \ -Dsonar.pullrequest.branch=$BRANCH_NAME \ -Dsonar.pullrequest.base=$_BASE_BRANCH \ -Dsonar.java.binaries=**/target/classes \ -Dsonar.java.source=1.8 \ -Dsonar.java.libraries=**/target/*.jar \ -Dsonar.javascript.lcov.reportPaths=**/coverage/lcov.info \ -Dsonar.exclusions=**/test/**,**/config/** \ -Dsonar.eslint.reportPaths=**/eslint-report.json