apiVersion: tekton.dev/v1 kind: Task metadata: name: sonarqube-analysis spec: params: - name: context type: string default: "" description: "소스코드가 있는 하위 디렉토리 (없을 경우 '')" - name: sonarqubeUrl type: string default: "https://sonarqube.unbox-x.net" description: SonarQube 서버 URL - name: projectKey type: string description: SonarQube 프로젝트 키 - name: architecture type: string description: 프로젝트 언어: python | nodejs | typescript | rust - name: coverageEnabled type: string default: "true" description: "커버리지 수집 여부 (true | false)" - name: qualityGateEnabled type: string default: "false" description: "Quality Gate 후속 처리 활성화 여부 (예: Slack 알림 등)" workspaces: - name: base description: 소스코드가 위치한 Workspace (보통 git-clone 결과) - name: sonarqube-credentials description: SonarQube 인증용 토큰이 포함된 Workspace (파일명: token) steps: - name: prepare-and-analyze image: ubuntu:22.04 workingDir: /workspace/base/$(params.context) env: - name: DEBIAN_FRONTEND value: noninteractive script: | #!/bin/bash set -e PROJECT_KEY=$(params.projectKey) ARCHITECTURE=$(params.architecture) SONARQUBE_URL=$(params.sonarqubeUrl) SONAR_TOKEN=$(cat /workspace/sonarqube-credentials/token) COVERAGE_ENABLED=$(params.coverageEnabled) QUALITY_GATE_ENABLED=$(params.qualityGateEnabled) echo "📦 Preparing for architecture: $ARCHITECTURE" echo "🛡️ Coverage enabled? $COVERAGE_ENABLED" echo "🎯 Quality Gate enabled? $QUALITY_GATE_ENABLED" COVERAGE_OPTION="" case "$ARCHITECTURE" in python) apt update && apt install -y python3-pip curl unzip python3-venv pip install --upgrade pip # 설치 방식 결정: pyproject.toml + poetry.lock → poetry / requirements.txt → pip if [ -f "pyproject.toml" ] && [ -f "poetry.lock" ]; then # Poetry 설치 (선택적) pip install poetry --root-user-action=ignore echo "📦 Using Poetry for dependency management" poetry lock poetry install --with dev if [ "$COVERAGE_ENABLED" = "true" ]; then echo "🧪 Running pytest with coverage (Poetry)" poetry run pytest --cov=. --cov-report=xml COVERAGE_OPTION="-Dsonar.python.coverage.reportPaths=coverage.xml" fi elif [ -f "requirements.txt" ]; then echo "📦 Using pip + venv for dependency management" python3 -m venv venv source venv/bin/activate pip install -r requirements.txt --root-user-action=ignore pip install pytest pytest-cov if [ "$COVERAGE_ENABLED" = "true" ]; then echo "🧪 Running pytest with coverage (pip)" pytest --cov=. --cov-report=xml COVERAGE_OPTION="-Dsonar.python.coverage.reportPaths=coverage.xml" fi else echo "❌ Python project must contain either pyproject.toml+poetry.lock or requirements.txt" exit 1 fi ;; nodejs|typescript) curl -fsSL https://deb.nodesource.com/setup_20.x | bash - apt install -y nodejs curl unzip npm install if [ "$COVERAGE_ENABLED" = "true" ]; then echo "🧪 Running npm test with coverage" npm run test -- --coverage COVERAGE_OPTION="-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info" fi ;; rust) apt update && apt install -y curl unzip pkg-config libssl-dev curl https://sh.rustup.rs -sSf | bash -s -- -y source $HOME/.cargo/env cargo install cargo-tarpaulin if [ "$COVERAGE_ENABLED" = "true" ]; then echo "🧪 Running cargo tarpaulin" cargo tarpaulin --out Xml # Rust는 coverage 연동이 공식적으로 어려워 생략 COVERAGE_OPTION="" fi ;; *) echo "❌ 지원하지 않는 아키텍처입니다: $ARCHITECTURE" exit 1 ;; esac echo "⬇️ Installing SonarScanner" curl -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip unzip sonar-scanner.zip export PATH="$PWD/sonar-scanner-cli-7.1.0.4889-linux-x64/bin:$PATH" echo "📡 Running SonarQube analysis on project: $PROJECT_KEY" sonar-scanner \ -Dsonar.projectKey=$PROJECT_KEY \ -Dsonar.projectName=$PROJECT_KEY \ -Dsonar.sources=. \ -Dsonar.host.url=$SONARQUBE_URL \ -Dsonar.login=$SONAR_TOKEN \ $COVERAGE_OPTION if [ "$QUALITY_GATE_ENABLED" = "true" ]; then echo "🔍 Quality Gate 후속 처리를 위한 Hook 실행 가능 (Slack, Webhook 등)" # 여기에 Slack 연동, ArgoCD 알림, 등 후속 로직 연동 가능 fi