feat:#35 added sonarqube

2025-07-16 09:38:49 +02:00 · 2024-06-13 14:29:55 +02:00
parent 0a508e104d
commit 259282ed85
2 changed files with 44 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -18,6 +18,8 @@ stages:
  - lint
  - build
  - test
+  - sonarqube-check
+  - sonarqube-vulnerability-report
  - oci-build
  - deploy
  - deploy-dev  # New stage for development deployment
@ -61,6 +63,46 @@ build-backend:
      - backend/go.sum
      - backend/go.mod

+sonarqube-check-backend:
+  stage: sonarqube-check
+  image:
+    name: sonarsource/sonar-scanner-cli:5.0
+    entrypoint: [""]
+  variables:
+    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
+    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
+  cache:
+    key: "${CI_JOB_NAME}"
+    paths:
+      - .sonar/cache
+  script:
+    - cd backend
+    - sonar-scanner
+  allow_failure: true
+  only:
+    - merge_requests
+    - master
+    - main
+    - develop
+
+sonarqube-vulnerability-report-backend:
+  stage: sonarqube-vulnerability-report
+  script:
+    - cd backend
+    - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=HTWKalender&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
+  allow_failure: true
+  only:
+    - merge_requests
+    - master
+    - main
+    - develop
+  artifacts:
+    expire_in: 1 day
+    reports:
+      sast: gl-sast-sonar-report.json
+  dependencies:
+    - sonarqube-check
+
 build-frontend:
    image: node:lts
    stage: build