search

ploigos / ploigos-containers

Container image definitions for the Ploigos project.
GNU General Public License v3.0
6 stars 14 forks source link

Add node to sonar scanner #94

Closed kharyam closed 3 years ago

kharyam commented 3 years ago

Purpose

In order to perform SonarQube static code analysis on javascript-based projects, the ploigos-tool-sonar container must have access to the node command.

Breaking?

Yes. (Note - this update will not break any existing functionality)

Whats Breaking and why?

When scanning javascript based projects using nodejs, the sonar scanner client attempts to run the node command. If it is not available, the scan completes however no files are analyzed.

...
INFO: Sensor SonarCSS Rules [cssfamily]
        ERROR: CSS rules were not executed. Error when running: 'node -v'. Is Node.js available during analysis?
...
 INFO: Using TypeScript at: '/home/jenkins/agent/workspace/tform_nc-covidsafe-ui_...'
        ERROR: Error when running: 'node -v'. Is Node.js available during analysis?

Integration Testing

(Performed in private environment)

itewk commented 3 years ago

@kharyam the CI file needs to be updated to tel it that the sonar image now depends on the JS image both from a CI depend upon but also the FRoM is overwritten in the CI.

also I see yo I marked the change as breaking, but it doesn’t seem this would break any exiting scenarios right?

kharyam commented 3 years ago

@kharyam the CI file needs to be updated to tel it that the sonar image now depends on the JS image both from a CI depend upon but also the FRoM is overwritten in the CI. @itewk Very cool - updated.

also I see yo I marked the change as breaking, but it doesn’t seem this would break any exiting scenarios right? Correct, it won't break any existing scenarios (updated the PR description)

itewk commented 3 years ago

@kharyam thanks