Feature/upgrade plugin

it/Dockerfile-auditor

@@ -1,4 +1,38 @@
-ARG JDK_VERSION=8
-FROM openjdk:${JDK_VERSION}
-COPY it /usr/src/myapp/it
+ARG SCANNER_VERSION=latest
+FROM sonarsource/sonar-scanner-cli:${SCANNER_VERSION} AS builder
+
+FROM eclipse-temurin:21-jre-alpine
+
+ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
+ENV HOME=/tmp \
+    SONAR_SCANNER_HOME=${SONAR_SCANNER_HOME} \
+    XDG_CONFIG_HOME=/tmp \
+    SONAR_USER_HOME=${SONAR_SCANNER_HOME}/.sonar \
+    PATH=${SONAR_SCANNER_HOME}/bin:${PATH} \
+    SRC_PATH=/usr/src \
+    SCANNER_WORKDIR_PATH=/tmp/.scannerwork \
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    PYTHONUNBUFFERED=1
+
 WORKDIR /usr/src/myapp/it
+
+USER root
+# Copy Scanner installation from builder image
+COPY --from=builder /opt/sonar-scanner /opt/sonar-scanner
+
+
+RUN apk update --no-cache && \
+    apk add --update --no-cache -q curl gcc jq libffi-dev musl-dev openssl-dev python3 py3-requests shellcheck
+
+RUN set -eux && \
+    addgroup --gid 1000 scanner-cli && \
+    adduser --uid 1000 --ingroup scanner-cli --disabled-password --no-create-home --gecos "" scanner-cli && \
+    chown -R scanner-cli:scanner-cli "${SONAR_SCANNER_HOME}" "${SRC_PATH}" && \
+    mkdir -p "${SRC_PATH}" "${SONAR_USER_HOME}" "${SONAR_USER_HOME}/cache" "${SCANNER_WORKDIR_PATH}" && \
+    chown -R scanner-cli:scanner-cli "${SONAR_SCANNER_HOME}" "${SRC_PATH}" "${SCANNER_WORKDIR_PATH}" && \
+    chmod -R 555 "${SONAR_SCANNER_HOME}" && \
+    chmod -R 754 "${SRC_PATH}" "${SONAR_USER_HOME}" "${SCANNER_WORKDIR_PATH}"
+
+USER scanner-cli
+COPY it /usr/src/myapp/it

it/audit.sh

@@ -1,26 +1,12 @@
-#!/bin/bash -e
-
-# Install requirements
-echo "Installing ShellCheck..."
-if grep -q Debian /etc/issue
-then
-    apt-get -qq update
-    apt-get -qq install -y shellcheck > /dev/null
-else
-    apk update
-    apk add -q shellcheck
-fi
-
-# Install sonar-runner
-echo "Installing Sonar scanner..."
-cd /tmp
-wget -q https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SCANNER_VERSION.zip
-unzip -q sonar-scanner-cli-$SCANNER_VERSION.zip
-export PATH=/tmp/sonar-scanner-$SCANNER_VERSION/bin:$PATH
+#!/bin/sh -e
 
 # Configure sonar-runner
-echo "sonar.host.url=http://sonarqube:9000" > /tmp/sonar-scanner-$SCANNER_VERSION/conf/sonar-scanner.properties
+export SONAR_HOST_URL="http://sonarqube:9000"
 
+# Generate Analysis token
+echo "Generating analysis token..."
+export SONAR_TOKEN=$(curl -su "admin:admin" -XPOST "$SONAR_HOST_URL/api/user_tokens/generate?name=analysis_token&type=GLOBAL_ANALYSIS_TOKEN" | jq -r '.token')
+echo $SONAR_TOKEN
 # Audit code
 echo "Launching scanner..."
 cd /usr/src/myapp/it
@@ -43,20 +29,14 @@ sleep 10
 
 # Check audit result
 echo "Checking result..."
-if grep -q Debian /etc/issue
-then
-    apt-get -qq install -y python3-pip > /dev/null
-else
-    apk add -q curl gcc musl-dev libffi-dev openssl-dev py3 py3-dev
-fi
-pip3 install -q requests
 python3 << EOF
 from __future__ import print_function
 import requests
 import sys
 
-r = requests.get('http://sonarqube:9000/api/measures/component?component=my:project&metricKeys=ncloc,comment_lines,lines,files,directories,violations', auth=('admin', 'admin'))
+r = requests.get('http://sonarqube:9000/api/measures/component?component=my:project&metricKeys=ncloc,comment_lines,lines,files,violations', auth=('admin', 'admin'))
 if r.status_code != 200:
+    print('Invalid server response: ' + str(r.status_code), file=sys.stderr)
     sys.exit(1)
 
 data = r.json()
@@ -70,20 +50,15 @@ for measure in data['component']['measures']:
     if measure['metric'] == 'lines' and measure['value'] == '8':
         print('lines metrics OK')
         lines = True
-#    if measure['metric'] == 'ncloc' and measure['value'] == '87':
-#        print('ncloc metrics OK')
-#        ncloc = True
-    ncloc = True
+    if measure['metric'] == 'ncloc' and measure['value'] == '3':
+        print('ncloc metrics OK')
+        ncloc = True
     if measure['metric'] == 'files' and measure['value'] == '1':
         print('files metrics OK')
         files = True
-    if measure['metric'] == 'directories' and measure['value'] == '1':
-        print('directories metrics OK')
-        directories = True
-#    if measure['metric'] == 'comment_lines' and measure['value'] == '1':
-#        print('comment_lines metrics OK')
-#        comment_lines = True
-    comment_lines = True
+    if measure['metric'] == 'comment_lines' and measure['value'] == '1':
+        print('comment_lines metrics OK')
+        comment_lines = True
     if measure['metric'] == 'violations' and measure['value'] == '3':
         print('violations metrics OK')
         violations = True

it/docker-compose.yml

@@ -1,23 +1,22 @@
 ---
-version: '2.2'
 services:
   sonarqube:
-    image: sonarqube:${SONARQUBE_VERSION:-6.6}
+    image: sonarqube:${SONARQUBE_VERSION:-community}
     ports:
       - "9000:9000"
     environment:
       ES_JAVA_OPTS: "-Xms750m -Xmx750m"
     security_opt:
       - seccomp:unconfined
   auditor:
-    image: auditor:${SCANNER_VERSION}-jdk${JAVA_VERSION:-8}
+    image: auditor:${SCANNER_VERSION:-latest}
     build:
       context: ..
       dockerfile: it/Dockerfile-auditor
       args:
-        JDK_VERSION: ${JAVA_VERSION:-8}
+        SCANNER_VERSION: ${SCANNER_VERSION:-latest}
     links:
       - sonarqube
-    command: /bin/bash -e /usr/src/myapp/it/audit.sh
+    command: /bin/sh -e /usr/src/myapp/it/audit.sh
     environment:
-      SCANNER_VERSION:
+      SCANNER_VERSION: ${SCANNER_VERSION:-latest}

it/it.sh

@@ -1,13 +1,39 @@
 #!/bin/bash
 
-export SONARQUBE_VERSION="$1"
-export SCANNER_VERSION="$2"
-export JAVA_VERSION="$3"
-if [ -z "$SCANNER_VERSION" ]
-then
-    echo "Missing parameters: <SonarQube version> <scanner version>" >&2
-    exit 1
-fi
+usage(){
+    echo -e "\nUsage: $0 [sSh] \n"
+    echo "-h : Display help"
+    echo "-s [SONAR-SCANNER] : Take Sonar-scanner tag image from https://hub.docker.com/r/sonarsource/sonar-scanner-cli"
+    echo "-S [SONARQUBE] : Take SonarQube tag image from https://hub.docker.com/_/sonarqube"
+}
+
+OPTSTRING=":s:S:h"
+
+while getopts ${OPTSTRING} opt; do
+  case ${opt} in
+    s)
+      export SCANNER_VERSION=$OPTARG
+      ;;
+    S)
+      export SONARQUBE_VERSION=$OPTARG
+      ;;
+    h)
+      usage
+      exit 0
+      ;;
+    :)
+      echo "Option -${OPTARG} requires an argument."
+      usage
+      exit 1
+      ;;
+    ?)
+      echo "Invalid option: -${OPTARG}."
+      usage
+      exit 1
+      ;;
+  esac
+done
+
 
 export SCRIPT_DIR=`dirname $0`
 
@@ -18,9 +44,9 @@ docker-compose -f $SCRIPT_DIR/docker-compose.yml down
 # Start containers
 echo "Starting SonarQube..."
 docker-compose -f $SCRIPT_DIR/docker-compose.yml up -d sonarqube
-CONTAINER_NAME=$(docker ps --format "{{.Names}}" | grep 'it_sonarqube_1.*' | head -1)
+CONTAINER_NAME=$(docker ps --format "{{.Names}}" | grep 'it-sonarqube-1.*' | head -1)
 # Wait for SonarQube to be up
-grep -q "SonarQube is up" <(docker logs --follow --tail 0 $CONTAINER_NAME)
+grep -q "SonarQube is operational" <(docker logs --follow --tail 0 $CONTAINER_NAME)
 echo "SonarQube started!"
 
 # Copy the plugin
@@ -30,7 +56,7 @@ docker cp $SCRIPT_DIR/../target/sonar-shellcheck-plugin-$MAVEN_VERSION.jar $CONT
 # Restart SonarQube
 docker-compose -f $SCRIPT_DIR/docker-compose.yml restart sonarqube
 # Wait for SonarQube to be up
-grep -q "SonarQube is up" <(docker logs --follow --tail 0 $CONTAINER_NAME)
+grep -q "SonarQube is operational" <(docker logs --follow --tail 0 $CONTAINER_NAME)
 # Check plug-in installation
 docker exec -u root $CONTAINER_NAME bash -c "if grep -q Alpine /etc/issue; then apk update && apk add -q curl; fi"
 if ! docker exec $CONTAINER_NAME curl -su admin:admin http://localhost:9000/api/plugins/installed | python -c '

it/sonar-project.properties

@@ -3,5 +3,3 @@ sonar.projectName=ShellCheck
 sonar.projectVersion=1.0
 sonar.sources=src
 sonar.scm.disabled=True
-sonar.login=admin
-sonar.password=admin