Merge pull request #726 from opendevstack/task/sonar-fixes-and-scanner-updates

Task/sonar fixes and scanner updates

Author: Michael Sauter

CHANGELOG.md

@@ -17,6 +17,12 @@ listed in the changelog.
 
 - sonar-scanner invocations stderr not captured ([#719](https://github.com/opendevstack/ods-pipeline/issues/719))
 
+- sonar-scanner does not start properly: java is lacking tzdb.dat ([#723](https://github.com/opendevstack/ods-pipeline/issues/723))
+
+- update sonar-scanner and cnes-report ([#725](https://github.com/opendevstack/ods-pipeline/issues/725))
+
+- SonarQube doesn't scan FE-related code ([#716](https://github.com/opendevstack/ods-pipeline/issues/716))
+
 ## [0.13.2] - 2023-07-18
 
 ### Fixed

build/package/Dockerfile.sonar

@@ -4,8 +4,8 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 USER root
 WORKDIR /usr/src/app
 
-ENV SONAR_SCANNER_VERSION=4.6.2.2472 \
-    CNES_REPORT_VERSION=4.0.0
+ENV SONAR_SCANNER_VERSION=4.8.0.2856 \
+    CNES_REPORT_VERSION=4.2.0
 
 # Build Go binary.
 COPY go.mod .
@@ -31,12 +31,25 @@ RUN cd /tmp \
     && chmod +x /usr/local/cnes/cnesreport.jar
 
 # Final image
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.4
+FROM registry.access.redhat.com/ubi8/nodejs-18:1
+
+ENV NPM_CONFIG_PREFIX=$HOME/.npm-global \
+    LANG=en_US.UTF-8 \
+    LC_ALL=en_US.UTF-8
+
+RUN echo id: $(id) && \
+    echo node version: $(node --version) && \
+    echo npm version: $(npm --version) && \
+    echo npx version: $(npx --version)
 
 ENV SONAR_EDITION="community" \
     JAVA_HOME=/usr/lib/jvm/jre-11
 
-RUN microdnf install --nodocs java-11-openjdk-headless which && microdnf clean all
+USER root
+RUN INSTALL_PKGS="java-11-openjdk-headless which" && \
+    yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    rpm -V $INSTALL_PKGS && \
+    yum -y clean all --enablerepo='*'
 
 COPY --from=builder /usr/local/bin/sonar /usr/local/bin/sonar
 COPY --from=builder /usr/local/sonar-scanner-cli /usr/local/sonar-scanner-cli

docs/design/software-design-specification.adoc

@@ -28,7 +28,7 @@ As described in the architecture, the system is installed into local namespaces.
 |===
 | SDS-SHARED-1
 | `ods-sonar` container image
-| Container image for SQ scanning. Based on `ubi8/ubi-minimal` (SDS-EXT-2), includes software to analyze source code statically (SDS-SHARED-2, SDS-EXT-7, SDS-EXT-8 and SDS-EXT-30).
+| Container image for SQ scanning. Based on `ubi8/nodejs-18` (SDS-EXT-32), includes software to analyze source code statically (SDS-SHARED-2, SDS-EXT-7, SDS-EXT-8 and SDS-EXT-30).
 
 | SDS-SHARED-2
 | `sonar` binary
@@ -380,7 +380,7 @@ If the Aqua scanner is installed in the base image, the pushed image shall be sc
 
 Processes tags specified in the `extra-tags` parameter to add tags to the image in the target registry:
 
-* If an artifact for the tagged image exists, the tag is not further processed. 
+* If an artifact for the tagged image exists, the tag is not further processed.
 * If there is no artifact for the tagged image:
     * Adds the tag using skopeo (SDS-EXT-17) to the image in the target registry.
     * The resulting tagged image artifact is placed into `.ods/artifacts`.
@@ -557,13 +557,13 @@ a| The script installs the Helm chart located in `deploy/ods-pipeline`. Further,
 
 | SDS-EXT-7
 | sonar-scanner
-| 4.6
+| 4.8
 | General purpose SonarQube scanner
 | https://github.com/SonarSource/sonar-scanner-cli
 
 | SDS-EXT-8
 | cnes-report
-| 4.0
+| 4.2
 | Exports code analysis from a SonarQube server in various file formats.
 | https://github.com/cnescatlab/sonar-cnes-report