tekton-hub/tasks/sonarqube-analysis/taks.yaml

apiVersion: tekton.dev/v1
kind: Task
metadata:
  name: sonarqube-analysis
spec:
  params:
    - name: context
      type: string
      default: ""
      description: "소스코드가 있는 하위 디렉토리 (없을 경우 '')"
    - name: source
      type: string
      default: "source"
      description: |
        source directory (sub directory of context)

    - name: sonarqubeUrl
      type: string
      default: "https://sonarqube.unbox-x.net"
      description: SonarQube 서버 URL

    - name: projectKey
      type: string
      description: SonarQube 프로젝트 키

    - name: architecture
      type: string
      description: 프로젝트 언어: python | nodejs | typescript | rust

    - name: coverageEnabled
      type: string
      default: "true"
      description: "커버리지 수집 여부 (true | false)"

    - name: qualityGateEnabled
      type: string
      default: "false"
      description: "Quality Gate 후속 처리 활성화 여부 (예: Slack 알림 등)"

  workspaces:
    - name: base
      description: 소스코드가 위치한 Workspace (보통 git-clone 결과)

    - name: sonarqube-credentials
      description: SonarQube 인증용 토큰이 포함된 Workspace (파일명: token)

  steps:
    - name: prepare-and-analyze
      image: ubuntu:22.04
      workingDir: /workspace/base/$(params.context)
      env:
        - name: DEBIAN_FRONTEND
          value: noninteractive
      script: |
        #!/bin/bash
        set -e

        PROJECT_KEY=$(params.projectKey)
        ARCHITECTURE=$(params.architecture)
        SONARQUBE_URL=$(params.sonarqubeUrl)
        SONAR_TOKEN=$(cat /workspace/sonarqube-credentials/token)
        COVERAGE_ENABLED=$(params.coverageEnabled)
        QUALITY_GATE_ENABLED=$(params.qualityGateEnabled)

        echo "📦 Preparing for architecture: $ARCHITECTURE"
        echo "🛡️  Coverage enabled? $COVERAGE_ENABLED"
        echo "🎯 Quality Gate enabled? $QUALITY_GATE_ENABLED"

        COVERAGE_OPTION=""

        case "$ARCHITECTURE" in
          python)
            apt update && apt install -y python3-pip curl unzip python3-venv
            pip install --upgrade pip

            # 설치 방식 결정: pyproject.toml + poetry.lock → poetry / requirements.txt → pip
            if [ -f "pyproject.toml" ] && [ -f "poetry.lock" ]; then
              # Poetry 설치 (선택적)
              pip install poetry --root-user-action=ignore

              echo "📦 Using Poetry for dependency management"
              poetry lock
              poetry install --with dev
    
              if [ "$COVERAGE_ENABLED" = "true" ]; then
                echo "🧪 Running pytest with coverage (Poetry)"
                poetry run pytest --cov=. --cov-report=xml
                COVERAGE_OPTION="-Dsonar.python.coverage.reportPaths=coverage.xml"
              fi

            elif [ -f "requirements.txt" ]; then
              echo "📦 Using pip + venv for dependency management"
              python3 -m venv venv
              source venv/bin/activate
              pip install -r requirements.txt --root-user-action=ignore
              pip install pytest pytest-cov

              if [ "$COVERAGE_ENABLED" = "true" ]; then
                echo "🧪 Running pytest with coverage (pip)"
                pytest --cov=. --cov-report=xml
                COVERAGE_OPTION="-Dsonar.python.coverage.reportPaths=coverage.xml"
              fi

            else
              echo "❌ Python project must contain either pyproject.toml+poetry.lock or requirements.txt"
              exit 1
            fi
            ;;

          nodejs|typescript)
            curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
            apt install -y nodejs curl unzip
            npm install
            if [ "$COVERAGE_ENABLED" = "true" ]; then
              echo "🧪 Running npm test with coverage"
              npm run test -- --coverage
              COVERAGE_OPTION="-Dsonar.javascript.lcov.reportPaths=coverage/lcov.info"
            fi
            ;;
          rust)
            apt update && apt install -y curl unzip pkg-config libssl-dev
            curl https://sh.rustup.rs -sSf | bash -s -- -y
            source $HOME/.cargo/env
            cargo install cargo-tarpaulin
            if [ "$COVERAGE_ENABLED" = "true" ]; then
              echo "🧪 Running cargo tarpaulin"
              cargo tarpaulin --out Xml
              # Rust는 coverage 연동이 공식적으로 어려워 생략
              COVERAGE_OPTION=""
            fi
            ;;
          *)
            echo "❌ 지원하지 않는 아키텍처입니다: $ARCHITECTURE"
            exit 1
            ;;
        esac

        echo "⬇️ Installing SonarScanner"
        curl -sSLo sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-7.1.0.4889-linux-x64.zip
        unzip sonar-scanner.zip
        export PATH="$PWD/sonar-scanner-cli-7.1.0.4889-linux-x64/bin:$PATH"

        echo "📡 Running SonarQube analysis on project: $PROJECT_KEY"

        sonar-scanner \
          -Dsonar.projectKey=$PROJECT_KEY \
          -Dsonar.projectName=$PROJECT_KEY \
          -Dsonar.sources=. \
          -Dsonar.host.url=$SONARQUBE_URL \
          -Dsonar.login=$SONAR_TOKEN \
          $COVERAGE_OPTION

        if [ "$QUALITY_GATE_ENABLED" = "true" ]; then
          echo "🔍 Quality Gate 후속 처리를 위한 Hook 실행 가능 (Slack, Webhook 등)"
          # 여기에 Slack 연동, ArgoCD 알림, 등 후속 로직 연동 가능
        fi