Configure sonarqube ond coverage pipeline on inspec-4 branch (#6800)

Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>

.expeditor/buildkite/verify.sh

@@ -20,6 +20,18 @@ mount
 df /tmp
 echo ${TMPDIR:-unknown}
 
+# Fetch tokens from vault ASAP so that long-running tests don't cause our vault token to expire
+echo "--- installing vault"
+export VAULT_VERSION=1.13.0
+export VAULT_HOME=$HOME/vault
+curl --create-dirs -sSLo $VAULT_HOME/vault.zip https://releases.hashicorp.com/vault/$VAULT_VERSION/vault_${VAULT_VERSION}_linux_amd64.zip
+unzip -o $VAULT_HOME/vault.zip -d $VAULT_HOME
+
+if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then
+  echo "--- fetching Sonar token from vault"
+  export SONAR_TOKEN=$($VAULT_HOME/vault kv get -field token secret/inspec/sonar)
+fi
+
 echo "--- pull bundle cache"
 pull_bundle
 
@@ -37,3 +49,29 @@ echo "+++ bundle exec rake ${RAKE_TASK:-}"
 # su normal -c "bundle exec rake ${RAKE_TASK:-}"
 # shellcheck disable=SC2086
 bundle exec rake ${RAKE_TASK:-}
+RAKE_EXIT=$?
+
+# If coverage is enabled, then we need to pick up the coverage/coverage.json file
+if [ -n "${CI_ENABLE_COVERAGE:-}" ]; then
+  echo "--- installing sonarscanner"
+  export SONAR_SCANNER_VERSION=4.7.0.2747
+  export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
+  curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
+  unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
+  export PATH=$SONAR_SCANNER_HOME/bin:$PATH
+  export SONAR_SCANNER_OPTS="-server"
+
+  # Delete the vendor/ directory. I've tried to exclude it using sonar.exclusions,
+  # but that appears to get ignored, and we end up analyzing the gemfile install
+  # which blows our analysis.
+  echo "--- deleting installed gems"
+  rm -rf vendor/
+
+  # See sonar-project.properties for additional settings
+  echo "--- running sonarscanner"
+  sonar-scanner \
+  -Dsonar.sources=. \
+  -Dsonar.host.url=https://sonar.progress.com
+fi
+
+exit $RAKE_EXIT

.expeditor/config.yml

@@ -38,6 +38,17 @@ pipelines:
      - SLOW: 1
      - NO_AWS: 1
      - MT_CPU: 5
+ - coverage:
+    description: Unit test coverage
+    public: false
+    # Private due to use of tokens
+    trigger: pull_request
+    env:
+    - LANG: "C.UTF-8"
+    - SLOW: 1
+    - NO_AWS: 1
+    - MT_CPU: 5
+    - ARTIFACTORY_BASE_URL: https://artifactory-internal.ps.chef.co
 # This has been disabled because it regularly hits Docker API rate limits and fails
 #  - integration/resources:
 #     description: Test core resources with test-kitchen.

.expeditor/coverage.pipeline.yml

@@ -0,0 +1,19 @@
+---
+expeditor:
+  defaults:
+    buildkite:
+      timeout_in_minutes: 45
+      retry:
+        automatic:
+          limit: 1
+
+steps:
+
+  - label: coverage-ruby-3.0
+    command:
+      - CI_ENABLE_COVERAGE=1 RAKE_TASK=test:unit /workdir/.expeditor/buildkite/verify.sh
+    expeditor:
+      secrets: true
+      executor:
+        docker:
+          image: ruby:3.0

sonar-project.properties

@@ -0,0 +1,19 @@
+# must be unique in a given SonarQube instance
+sonar.projectKey=inspec_inspec_AYahEXtgJ4YHsO5MtHEr
+
+sonar.projectName=Chef-Inspec-inspec
+
+sonar.branch.name=inspec-4
+
+# path to test coverage report generated by simplecov
+sonar.ruby.coverage.reportPaths=coverage/coverage.json
+
+# exclude test directories from coverage
+sonar.coverage.exclusions=test/*,lib/plugins/*/test/*
+
+sonar.exclusions=**/*.java,**/*.js,vendor/*
+
+# skip C-language processor
+sonar.c.file.suffixes=-
+sonar.cpp.file.suffixes=-
+sonar.objc.file.suffixes=-