51 lines
2.3 KiB
Docker
51 lines
2.3 KiB
Docker
# KollectAI CI - SonarQube Runner Image
|
|
#
|
|
# Extends ci/java-builder with the standalone sonar-scanner CLI baked
|
|
# in. Used by KollectAI-ETL's sonar.yml workflow so the scan job goes
|
|
# straight from `mvn compile` to `sonar-scanner` with no runtime
|
|
# install or cache restore.
|
|
#
|
|
# Single-purpose image — sonar-scanner is only used by this one
|
|
# workflow, so we don't bake it into the shared java-builder.
|
|
#
|
|
# Build:
|
|
# docker build -t kcr.kollect.biz/kollect-tools/ci/sonar-runner:latest ci/sonar-runner/
|
|
#
|
|
# Build prerequisite: java-builder:latest must exist in the registry
|
|
# (this image FROMs it). Run `build-and-push.ps1 -Image ci/java-builder`
|
|
# before this one if java-builder has changed.
|
|
#
|
|
# Usage in CI:
|
|
# container:
|
|
# image: kcr.kollect.biz/kollect-tools/ci/sonar-runner:latest
|
|
|
|
ARG REGISTRY=kcr.kollect.biz
|
|
ARG JAVA_BUILDER_TAG=latest
|
|
FROM ${REGISTRY}/kollect-tools/ci/java-builder:${JAVA_BUILDER_TAG}
|
|
|
|
# Sonar-scanner version. Bump in lockstep with KollectAI-ETL's
|
|
# .gitea/workflows/sonar.yml SONAR_SCANNER_VERSION env.
|
|
ARG SONAR_SCANNER_VERSION=8.1.0.6389
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# sonar-scanner CLI
|
|
#
|
|
# Installed under /opt/sonar-scanner with its bin/ on PATH so workflows
|
|
# can call `sonar-scanner` directly. The standalone CLI bundles its own
|
|
# JRE and analyser binaries — Java 25 from java-builder is only used
|
|
# when sonar-scanner shells out to javac for project compilation.
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN curl -fsSL "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux-x64.zip" \
|
|
-o /tmp/sonar-scanner.zip \
|
|
&& unzip -q /tmp/sonar-scanner.zip -d /opt \
|
|
&& mv "/opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux-x64" /opt/sonar-scanner \
|
|
&& rm /tmp/sonar-scanner.zip
|
|
|
|
ENV PATH="/opt/sonar-scanner/bin:${PATH}"
|
|
|
|
# Verify installation (also re-runs java-builder's verify chain to fail
|
|
# fast if the parent image broke).
|
|
RUN java -version \
|
|
&& mvn -version \
|
|
&& sonar-scanner --version
|