Setup sonarscanner

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

.expeditor/buildkite/verify.sh

@@ -37,3 +37,33 @@ echo "+++ bundle exec rake ${RAKE_TASK:-}"
 # su normal -c "bundle exec rake ${RAKE_TASK:-}"
 # shellcheck disable=SC2086
 bundle exec rake ${RAKE_TASK:-}
+RAKE_EXIT=$?
+
+# If coverage is enabled, then we need to pick up the coverage/coverage.json file
+if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then
+  echo "--- installing sonarscanner"
+  export SONAR_SCANNER_VERSION=4.6.2.2472
+  export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
+  curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
+  unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
+  export PATH=$SONAR_SCANNER_HOME/bin:$PATH
+  export SONAR_SCANNER_OPTS="-server"
+
+  echo "--- installing vault"
+  export VAULT_VERSION=1.9.3
+  export VAULT_HOME=$HOME/vault
+  curl --create-dirs -sSLo $VAULT_HOME/vault.zip https://releases.hashicorp.com/vault/$VAULT_VERSION/vault_${VAULT_VERSION}_linux_amd64.zip
+  unzip -o $VAULT_HOME/vault.zip -d $VAULT_HOME
+
+  echo "--- fetching Sonar token from vault"
+  export SONAR_TOKEN=$($VAULT_HOME/vault kv get -field token secret/inspec/sonar)
+
+  echo "--- running sonarscanner"
+  sonar-scanner \
+  -Dsonar.organization=inspec \
+  -Dsonar.projectKey=inspec_inspec \
+  -Dsonar.sources=. \
+  -Dsonar.host.url=https://sonarcloud.io
+fi
+
+exit $RAKE_EXIT

.expeditor/config.yml

@@ -25,7 +25,6 @@ pipelines:
      - ADHOC: true
  - verify:
     description: Pull Request validation tests
-    public: true
     env:
      - LANG: "C.UTF-8"
      - SLOW: 1

.expeditor/verify.pipeline.yml

@@ -29,6 +29,7 @@ steps:
     command:
       - /workdir/.expeditor/buildkite/verify.sh
     expeditor:
+      secrets: true
       executor:
         docker:
           image: ruby:3.0