From 66edc4190672830143b18e94f801606cb68a808e Mon Sep 17 00:00:00 2001 From: Mihai Popescu Date: Fri, 18 Mar 2022 15:16:59 +0100 Subject: [PATCH 1/2] run SonarQube scanner on master branch (security) --- .gitignore | 1 + .yamato/sonarqube.yml | 33 +++++++++++++++++++++++++++++++++ sonar-project.properties | 8 ++++++++ 3 files changed, 42 insertions(+) create mode 100644 .yamato/sonarqube.yml create mode 100644 sonar-project.properties diff --git a/.gitignore b/.gitignore index a05e35344b..92bb100bcc 100644 --- a/.gitignore +++ b/.gitignore @@ -83,6 +83,7 @@ uncrustify-*-win32 .svn .* build* +!.yamato # backup files # texteditor (kate, etc.) diff --git a/.yamato/sonarqube.yml b/.yamato/sonarqube.yml new file mode 100644 index 0000000000..9e7d4f153a --- /dev/null +++ b/.yamato/sonarqube.yml @@ -0,0 +1,33 @@ +SonarQube: + name: "SonarQube scan" + agent: + type: Unity::VM + image: slough-ops/ubuntu-18.04-base:stable + flavor: b1.small + variables: + # SONAR_HOST_URL: https://sonarqube.internal.unity3d.com + SONAR_HOST_URL: https://sonar-testing.internal.unity3d.com + C_COMPILER: gcc-6 + CXX_COMPILER: g++-6 + commands: + - | + sudo apt-get update && sudo apt-get install make cmake gcc-6 g++-6 -y + # cleanup, only useful with yamato remote + # - | + # rm -f sonar-scanner-linux.zip + # rm -rf ~/sonar-scanner + # rm -f sonar-build-wrapper.linux.zip + # rm -rf ~/sonar-build-wrapper + - | + curl https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip -o sonar-scanner-linux.zip -L + unzip sonar-scanner-linux.zip -d ~/sonar-scanner + curl $SONAR_HOST_URL/static/cpp/build-wrapper-linux-x86.zip -o sonar-build-wrapper-linux.zip -L + unzip sonar-build-wrapper-linux.zip -d ~/sonar-build-wrapper + - | + mkdir build && cd build + cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=1 -DCMAKE_CXX_COMPILER=g++-6 .. + - | + cd build && ~/sonar-build-wrapper/build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir ../build_wrapper_output_directory cmake --build . + - ~/sonar-scanner/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner -Dsonar.login=$SONARQUBE_TESTING_ACCESS_TOKEN -Dsonar.host.url=$SONAR_HOST_URL + triggers: + expression: push.branch match "master" diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000000..524ec67457 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,8 @@ +sonar.links.scm=https://github.com/Unity-Technologies/uncrustify +sonar.projectKey=uncrustify +sonar.sources=src +sonar.cfamily.compile-commands=build/compile_commands.json +sonar.cfamily.cache.enabled=false +sonar.cfamily.threads=1 +sonar.cfamily.build-wrapper-output=build_wrapper_output_directory +sonar.sourceEncoding=UTF-8 From 2020e3d1477aa6c84741994e94df09e66e5f8b30 Mon Sep 17 00:00:00 2001 From: Mihai Popescu Date: Fri, 18 Mar 2022 20:43:18 +0100 Subject: [PATCH 2/2] switch to prod --- .yamato/sonarqube.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.yamato/sonarqube.yml b/.yamato/sonarqube.yml index 9e7d4f153a..08cd035b21 100644 --- a/.yamato/sonarqube.yml +++ b/.yamato/sonarqube.yml @@ -5,8 +5,7 @@ SonarQube: image: slough-ops/ubuntu-18.04-base:stable flavor: b1.small variables: - # SONAR_HOST_URL: https://sonarqube.internal.unity3d.com - SONAR_HOST_URL: https://sonar-testing.internal.unity3d.com + SONAR_HOST_URL: https://sonarqube.internal.unity3d.com C_COMPILER: gcc-6 CXX_COMPILER: g++-6 commands: @@ -28,6 +27,6 @@ SonarQube: cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=1 -DCMAKE_CXX_COMPILER=g++-6 .. - | cd build && ~/sonar-build-wrapper/build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir ../build_wrapper_output_directory cmake --build . - - ~/sonar-scanner/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner -Dsonar.login=$SONARQUBE_TESTING_ACCESS_TOKEN -Dsonar.host.url=$SONAR_HOST_URL + - ~/sonar-scanner/sonar-scanner-4.6.2.2472-linux/bin/sonar-scanner -Dsonar.login=$SONAR_TOKEN -Dsonar.host.url=$SONAR_HOST_URL triggers: expression: push.branch match "master"