diff --git a/.expeditor/buildkite/verify.sh b/.expeditor/buildkite/verify.sh index d1098456e..01f5675b7 100755 --- a/.expeditor/buildkite/verify.sh +++ b/.expeditor/buildkite/verify.sh @@ -37,3 +37,33 @@ echo "+++ bundle exec rake ${RAKE_TASK:-}" # su normal -c "bundle exec rake ${RAKE_TASK:-}" # shellcheck disable=SC2086 bundle exec rake ${RAKE_TASK:-} +RAKE_EXIT=$? + +# If coverage is enabled, then we need to pick up the coverage/coverage.json file +if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then + echo "--- installing sonarscanner" + export SONAR_SCANNER_VERSION=4.6.2.2472 + export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux + curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + export PATH=$SONAR_SCANNER_HOME/bin:$PATH + export SONAR_SCANNER_OPTS="-server" + + echo "--- installing vault" + export VAULT_VERSION=1.9.3 + export VAULT_HOME=$HOME/vault + curl --create-dirs -sSLo $VAULT_HOME/vault.zip https://releases.hashicorp.com/vault/$VAULT_VERSION/vault_${VAULT_VERSION}_linux_amd64.zip + unzip -o $VAULT_HOME/vault.zip -d $VAULT_HOME + + echo "--- fetching Sonar token from vault" + export SONAR_TOKEN=$($VAULT_HOME/vault kv get -field token secret/inspec/sonar) + + echo "--- running sonarscanner" + sonar-scanner \ + -Dsonar.organization=inspec \ + -Dsonar.projectKey=inspec_inspec \ + -Dsonar.sources=. \ + -Dsonar.host.url=https://sonarcloud.io +fi + +exit $RAKE_EXIT diff --git a/.expeditor/config.yml b/.expeditor/config.yml index 6216d709e..dc96dd2bc 100644 --- a/.expeditor/config.yml +++ b/.expeditor/config.yml @@ -25,7 +25,6 @@ pipelines: - ADHOC: true - verify: description: Pull Request validation tests - public: true env: - LANG: "C.UTF-8" - SLOW: 1 diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml index 23ed3fef3..60baff675 100644 --- a/.expeditor/verify.pipeline.yml +++ b/.expeditor/verify.pipeline.yml @@ -29,6 +29,7 @@ steps: command: - /workdir/.expeditor/buildkite/verify.sh expeditor: + secrets: true executor: docker: image: ruby:3.0