# KollectAI CI - SonarQube Runner Image # # Extends ci/java-builder with the standalone sonar-scanner CLI baked # in. Used by KollectAI-ETL's sonar.yml workflow so the scan job goes # straight from `mvn compile` to `sonar-scanner` with no runtime # install or cache restore. # # Single-purpose image — sonar-scanner is only used by this one # workflow, so we don't bake it into the shared java-builder. # # Build: # docker build -t 192.168.1.72/kollect-tools/ci/sonar-runner:latest ci/sonar-runner/ # # Build prerequisite: java-builder:latest must exist in the registry # (this image FROMs it). Run `build-and-push.ps1 -Image ci/java-builder` # before this one if java-builder has changed. # # Usage in CI: # container: # image: 192.168.1.72/kollect-tools/ci/sonar-runner:latest ARG REGISTRY=192.168.1.72 ARG JAVA_BUILDER_TAG=latest FROM ${REGISTRY}/kollect-tools/ci/java-builder:${JAVA_BUILDER_TAG} # Sonar-scanner version. Bump in lockstep with KollectAI-ETL's # .gitea/workflows/sonar.yml SONAR_SCANNER_VERSION env. ARG SONAR_SCANNER_VERSION=6.2.1.4610 # ───────────────────────────────────────────────────────────────────── # sonar-scanner CLI # # Installed under /opt/sonar-scanner with its bin/ on PATH so workflows # can call `sonar-scanner` directly. The standalone CLI bundles its own # JRE and analyser binaries — Java 25 from java-builder is only used # when sonar-scanner shells out to javac for project compilation. # ───────────────────────────────────────────────────────────────────── RUN curl -fsSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" \ -o /tmp/sonar-scanner.zip \ && unzip -q /tmp/sonar-scanner.zip -d /opt \ && mv "/opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux-x64" /opt/sonar-scanner \ && rm /tmp/sonar-scanner.zip ENV PATH="/opt/sonar-scanner/bin:${PATH}" # Verify installation (also re-runs java-builder's verify chain to fail # fast if the parent image broke). RUN java -version \ && mvn -version \ && sonar-scanner --version