Add swift and bump plugins

ICTU · Nov 3, 2023 · 6810de9 · 6810de9
1 parent d486b30
commit 6810de9
Show file tree

Hide file tree

Showing 7 changed files with 171 additions and 95 deletions.
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Verify the Docker image
         # profile for language 'web' is the last; assume everything is working if we got this far
         run: docker logs -f ci |& sed '/Current profile for language web is Sonar way/ q'
-        timeout-minutes: 3
+        timeout-minutes: 5
 
       - name: Stop the Docker image
         run: docker stop ci
diff --git a/Dockerfile b/Dockerfile
@@ -1,20 +1,39 @@
 ARG IMAGE_NAME=sonarqube
 ARG IMAGE_VERSION=10.1.0
 ARG IMAGE_EDITION=community
+
 FROM $IMAGE_NAME:$IMAGE_VERSION-$IMAGE_EDITION
+
+LABEL org.opencontainers.image.authors="[email protected]"
+LABEL org.opencontainers.image.url="https://github.com/ICTU/sonar"
+LABEL org.opencontainers.image.documentation="https://raw.githubusercontent.com/ICTU/sonar/master/README.md"
+LABEL org.opencontainers.image.source="https://raw.githubusercontent.com/ICTU/sonar/master/Dockerfile"
+LABEL org.opencontainers.image.vendor="ICTU"
+LABEL org.opencontainers.image.title="ICTU SonarQube"
+LABEL org.opencontainers.image.description="A SonarQube image containing plugins, profiles and config used at ICTU"
+
 USER root
-RUN apt-get update && apt-get install -y wget curl ca-certificates-java jq postgresql-client \
+
+RUN apt-get update \
+    && apt-get install -y wget curl ca-certificates-java jq postgresql-client \
     && rm -rf /var/lib/apt/lists/*
+
 ADD ./plugins /tmp/plugins
 RUN rm -rf ./extensions/plugins/* && \
     cat /tmp/plugins/plugin-list && \
+    ls -l /tmp/plugins && \
     chmod +x /tmp/plugins/install-plugins.sh && \
-    ls /tmp/plugins -l && \
     /tmp/plugins/install-plugins.sh
+
 WORKDIR /opt/sonarqube
+
 COPY ./start-with-profile.sh .
 ADD ./rules /tmp/rules
 ADD sonar.properties /opt/sonarqube/conf/sonar.properties
-RUN chown -R sonarqube:sonarqube . && chmod +x start-with-profile.sh
+
+RUN chown -R sonarqube:sonarqube . \
+    && chmod +x start-with-profile.sh
+
 USER sonarqube
+
 CMD ["./start-with-profile.sh"]
diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml
@@ -0,0 +1,17 @@
+---
+version: "3.7"
+
+services:
+  www:
+    build:
+      args:
+        IMAGE_EDITION: "developer"
+    environment:
+      SONAR_JDBC_USERNAME: "sonar_user"
+      SONAR_JDBC_PASSWORD: "sonar_pass"
+      SONARQUBE_PASSWORD: "admin123"
+
+  db:
+    environment:
+      POSTGRES_USER: "sonar_user"
+      POSTGRES_PASSWORD: "sonar_pass"
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -0,0 +1,32 @@
+---
+version: "3.7"
+
+services:
+  www:
+    build:
+      context: ..
+    environment:
+      SONAR_JDBC_URL: "jdbc:postgresql://db:5432/sonar"
+    ports:
+      - mode: ingress
+        target: 9000
+        published: 9001
+    volumes:
+      - type: "volume"
+        source: "plugins"
+        target: "/opt/sonarqube/extensions/plugins"
+    depends_on:
+      - db
+
+  db:
+    image: postgres:16.0-alpine3.18
+    environment:
+      POSTGRES_DB: "sonar"
+      POSTGRES_HOST_AUTH_METHOD: "scram-sha-256"
+      POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
+    volumes:
+      - "dbdata:/var/lib/postgresql/data:rw"
+
+volumes:
+  dbdata:
+  plugins:
diff --git a/plugins/plugin-list b/plugins/plugin-list
@@ -1,7 +1,7 @@
 https://github.com/checkstyle/sonar-checkstyle/releases/download/10.12.3/checkstyle-sonar-plugin-10.12.3.jar
 https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/4.0.0/sonar-dependency-check-plugin-4.0.0.jar
 https://github.com/jborgers/sonar-pmd/releases/download/3.4.0/sonar-pmd-plugin-3.4.0.jar
+https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-plugin-2.5.1.jar
 https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar
-https://github.com/spotbugs/sonar-findbugs/releases/download/4.2.3/sonar-findbugs-plugin-4.2.3.jar
+https://github.com/spotbugs/sonar-findbugs/releases/download/4.2.4/sonar-findbugs-plugin-4.2.4.jar
 https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar
-https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-plugin-2.5.1.jar
diff --git a/rules/swift.txt b/rules/swift.txt
@@ -0,0 +1,7 @@
++types=SECURITY_HOTSPOT,VULNERABILITY  # Enable these types by default
++swift:S1541|Threshold=10              # Used by Quality-time (https://github.com/ICTU/quality-time/blob/master/docs/METRICS_AND_SOURCES.md#complex-units-from-sonarqube)
++swift:S1067                           # Expression too complex; NOT used by Quality-time
++swift:S138|max=20                     # Methods with too many lines; used by Quality-time (https://github.com/ICTU/quality-time/blob/master/docs/METRICS_AND_SOURCES.md#long-units-from-sonarqube)
++swift:S107|functionMax=5              # Too many parameters; used by Quality-time (https://github.com/ICTU/quality-time/blob/master/docs/METRICS_AND_SOURCES.md#many-parameters-from-sonarqube)
++swift:S125                            # Used by Quality-time (https://github.com/ICTU/quality-time/blob/master/docs/METRICS_AND_SOURCES.md#commented-out-code-from-sonarqube)
+#end please ensure every rule ends with a new line character