Skip to content

Commit

Permalink
Remove vera tool
Browse files Browse the repository at this point in the history
  • Loading branch information
@diegorodriguez31
diegorodriguez31 committed Jul 29, 2023
1 parent 4fefef8 commit e08dca0
Show file tree
Hide file tree
Showing 2 changed files with 117 additions and 120 deletions.
140 changes: 69 additions & 71 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,22 +5,22 @@ FROM debian:11-slim AS builder
RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >> /etc/apt/sources.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
curl=7.74.0-* \
# for C/C++ tools
make=4.3-* \
g\+\+=4:10.2.1-* \
python3=3.9.2-* \
libpcre3-dev=2:8.39-* \
unzip=6.0-* \
xz-utils=5.2.5-* \
# for Frama-C
opam=2.0.8-* \
m4=1.4.18-* \
ocaml-findlib=1.8.1-* \
libfindlib-ocaml-dev=1.8.1-* \
libocamlgraph-ocaml-dev=1.8.8-* \
menhir=20201216-* \
ca-certificates
curl=7.74.0-* \
# for C/C++ tools
make=4.3-* \
g\+\+=4:10.2.1-* \
python3=3.9.2-* \
libpcre3-dev=2:8.39-* \
unzip=6.0-* \
xz-utils=5.2.5-* \
# for Frama-C
opam=2.0.8-* \
m4=1.4.18-* \
ocaml-findlib=1.8.1-* \
libfindlib-ocaml-dev=1.8.1-* \
libocamlgraph-ocaml-dev=1.8.8-* \
menhir=20201216-* \
ca-certificates

# Configure Opam for Frama-C
RUN opam init -y --disable-sandboxing \
Expand All @@ -39,14 +39,14 @@ RUN curl -ksSLO https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/
RUN curl -ksSLO https://github.com/danmar/cppcheck/archive/refs/tags/2.10.tar.gz \
&& tar -zxvf 2.10.tar.gz \
&& make -C cppcheck-2.10/ install \
MATCHCOMPILER="yes" \
FILESDIR="/usr/share/cppcheck" \
HAVE_RULES="yes" \
CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations"
MATCHCOMPILER="yes" \
FILESDIR="/usr/share/cppcheck" \
HAVE_RULES="yes" \
CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations"

# RATS (and expat)
RUN curl -ksSLO https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/rough-auditing-tool-for-security/rats-2.4.tgz \
&& curl -ksSLO https://github.com/libexpat/libexpat/releases/download/R_2_0_1/expat-2.0.1.tar.gz \
RUN curl -ksSLO https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/rough-auditing-tool-for-security/rats-2.4.tgz
RUN curl -ksSLO https://github.com/libexpat/libexpat/releases/download/R_2_0_1/expat-2.0.1.tar.gz \
&& tar -xvzf expat-2.0.1.tar.gz \
&& cd expat-2.0.1 \
&& ./configure \
Expand Down Expand Up @@ -91,25 +91,25 @@ WORKDIR ${SRC_DIR}
# Add an unprivileged user
RUN addgroup sonar-scanner \
&& adduser \
--home "$SONAR_SCANNER_HOME" \
--ingroup sonar-scanner \
--disabled-password \
--gecos "" \
sonar-scanner \
--home "$SONAR_SCANNER_HOME" \
--ingroup sonar-scanner \
--disabled-password \
--gecos "" \
sonar-scanner \
&& mkdir -p "$SONAR_SCANNER_HOME/bin" \
"$SONAR_SCANNER_HOME/lib" \
"$SONAR_SCANNER_HOME/conf" \
"$SONAR_SCANNER_HOME/.sonar/cache" \
"$SONAR_SCANNER_HOME/.pylint.d" \
"$SONAR_SCANNER_HOME/lib" \
"$SONAR_SCANNER_HOME/conf" \
"$SONAR_SCANNER_HOME/.sonar/cache" \
"$SONAR_SCANNER_HOME/.pylint.d" \
&& chown -R sonar-scanner:sonar-scanner \
"$SONAR_SCANNER_HOME" \
"$SONAR_SCANNER_HOME/.sonar" \
"$SONAR_SCANNER_HOME/.pylint.d" \
"$SRC_DIR" \
"$SONAR_SCANNER_HOME" \
"$SONAR_SCANNER_HOME/.sonar" \
"$SONAR_SCANNER_HOME/.pylint.d" \
"$SRC_DIR" \
&& chmod -R 777 \
"$SONAR_SCANNER_HOME/.sonar" \
"$SONAR_SCANNER_HOME/.pylint.d" \
"$SRC_DIR"
"$SONAR_SCANNER_HOME/.sonar" \
"$SONAR_SCANNER_HOME/.pylint.d" \
"$SRC_DIR"

# Add sonar-scanner from builder
COPY --from=builder /sonar-scanner/bin/sonar-scanner \
Expand Down Expand Up @@ -143,29 +143,27 @@ RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >
&& apt-get update \
&& mkdir -p /usr/share/man/man1 \
&& apt-get install -y --no-install-recommends \
# Needed by sonar-scanner
openjdk-11-jre-headless=11.0.16* \
# Needed by Pylint
python3=3.9.2-* \
python3-pip=20.3.4-* \
# Vera++
vera\+\+=1.2.1-* \
# Shellcheck
shellcheck=0.7.1-* \
# Needed by Frama-C
ocaml-findlib=1.8.1-* \
libocamlgraph-ocaml-dev=1.8.8-* \
libzarith-ocaml=1.11-* \
libyojson-ocaml=1.7.0-* \
# Needed by Infer
libsqlite3-0=3.34.1-* \
libtinfo5=6.2* \
python2.7=2.7.18-* \
# Compilation tools needed by Infer
gcc=4:10.2.1-* \
g\+\+=4:10.2.1-* \
clang=1:11.0-* \
make=4.3-* \
# Needed by sonar-scanner
openjdk-11-jre-headless=11.0.16* \
# Needed by Pylint
python3=3.9.2-* \
python3-pip=20.3.4-* \
# Shellcheck
shellcheck=0.7.1-* \
# Needed by Frama-C
ocaml-findlib=1.8.1-* \
libocamlgraph-ocaml-dev=1.8.8-* \
libzarith-ocaml=1.11-* \
libyojson-ocaml=1.7.0-* \
# Needed by Infer
libsqlite3-0=3.34.1-* \
libtinfo5=6.2* \
python2.7=2.7.18-* \
# Compilation tools needed by Infer
gcc=4:10.2.1-* \
g\+\+=4:10.2.1-* \
clang=1:11.0-* \
make=4.3-* \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /usr/local/man \
# Install pylint and CNES pylint extension
Expand All @@ -174,16 +172,16 @@ RUN echo 'deb http://ftp.fr.debian.org/debian/ bullseye main contrib non-free' >
&& mv /tmp/python/cnes-pylint-extension-6.0.0/checkers /opt/python/cnes-pylint-extension-6.0.0/ \
&& rm -rf /tmp/python \
&& pip install --no-cache-dir \
setuptools-scm==7.1.0 \
pytest-runner==6.0.0 \
wrapt==1.15.0 \
six==1.16.0 \
lazy-object-proxy==1.9.0 \
mccabe==0.7.0 \
isort==5.12.0 \
typed-ast==1.5.4 \
astroid==2.15.2 \
pylint==2.17.2 \
setuptools-scm==7.1.0 \
pytest-runner==6.0.0 \
wrapt==1.15.0 \
six==1.16.0 \
lazy-object-proxy==1.9.0 \
mccabe==0.7.0 \
isort==5.12.0 \
typed-ast==1.5.4 \
astroid==2.15.2 \
pylint==2.17.2 \
# Infer
&& ln -s "/opt/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer

Expand Down
97 changes: 48 additions & 49 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

![](https://github.com/cnescatlab/sonar-scanner/workflows/CI/badge.svg)
![](https://github.com/cnescatlab/sonar-scanner/workflows/CD/badge.svg)
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/f5f71dea84ce4020ab15a99fc841a696)](https://www.codacy.com/gh/cnescatlab/sonar-scanner?utm_source=github.com&utm_medium=referral&utm_content=lequal/sonar-scanner&utm_campaign=Badge_Grade)
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/f5f71dea84ce4020ab15a99fc841a696)](https://www.codacy.com/gh/cnescatlab/sonar-scanner?utm_source=github.com&utm_medium=referral&utm_content=lequal/sonar-scanner&utm_campaign=Badge_Grade)

> Docker environment containing open source code analysis tools configured by CNES and dedicated to Continuous Integration.
Expand All @@ -20,39 +20,39 @@ Compared to the official [sonarsource/sonar-scanner-cli](https://hub.docker.com/

Additional features are:

* Embedded tools
* see the [list](#analysis-tools-included)
* Configuration files
* [pylintrc](#how-to-use-embedded-CNES-pylintrc)
- Embedded tools
- see the [list](#analysis-tools-included)
- Configuration files
- [pylintrc](#how-to-use-embedded-CNES-pylintrc)

_This image is made to be used in conjunction with a pre-configured SonarQube server image that embeds all necessary plugins and configuration: [cnescatlab/sonarqube](https://github.com/cnescatlab/sonarqube). It is, however, not mandatory to use it._

## User guide

1. Write a `sonar-project.properties` at the root of your project
* For information on what to write in it, see the [official SonarQube documentation](https://docs.sonarqube.org/7.9/analysis/analysis-parameters/)
- For information on what to write in it, see the [official SonarQube documentation](https://docs.sonarqube.org/7.9/analysis/analysis-parameters/)
1. Execute the sonar-scanner on the project by running this image from the root of the project
```sh
$ docker run \
--rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="url of your SonarQube instance" \
-v "$(pwd):/usr/src" \
lequal/sonar-scanner
```
This docker command is equivalent to `sonar-scanner -Dsonar.host.url="url of your SonarQube instance"`.
* If the SonarQube server is running in a container on the same computer, you will need to connect both containers (server and client) to the same bridge so that they can communicate. To do so:
```sh
$ docker network create -d bridge sonarbridge
$ docker network connect sonarbridge "name of your sonarqube container"
# add the following option to the command line when running the lequal/sonar-scanner
--net sonarbridge
```
```sh
$ docker run \
--rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="url of your SonarQube instance" \
-v "$(pwd):/usr/src" \
lequal/sonar-scanner
```
This docker command is equivalent to `sonar-scanner -Dsonar.host.url="url of your SonarQube instance"`.
- If the SonarQube server is running in a container on the same computer, you will need to connect both containers (server and client) to the same bridge so that they can communicate. To do so:
```sh
$ docker network create -d bridge sonarbridge
$ docker network connect sonarbridge "name of your sonarqube container"
# add the following option to the command line when running the lequal/sonar-scanner
--net sonarbridge
```

This image suffers from the same limitations as the official SonarQube [sonarsource/sonar-scanner-cli](https://hub.docker.com/r/sonarsource/sonar-scanner-cli) image.

* If you need to analyze .NET projects, you must use the SonarScanner for MSBuild.
* If you want to save the sonar-scanner cache, you must create the directory to bind mount in the container before running it. For more information, see [SonarQube documentation](https://docs.sonarqube.org/8.4/analysis/scan/sonarscanner/#header-6).
- If you need to analyze .NET projects, you must use the SonarScanner for MSBuild.
- If you want to save the sonar-scanner cache, you must create the directory to bind mount in the container before running it. For more information, see [SonarQube documentation](https://docs.sonarqube.org/8.4/analysis/scan/sonarscanner/#header-6).

### How to use embedded tools

Expand All @@ -75,9 +75,9 @@ For information on how to use these tools, refer to their official documentation

There are 3 _pylintrc_ embedded in the image under `/opt/python`:

* `pylintrc_RNC_sonar_2017_A_B`
* `pylintrc_RNC_sonar_2017_C`
* `pylintrc_RNC_sonar_2017_D`
- `pylintrc_RNC_sonar_2017_A_B`
- `pylintrc_RNC_sonar_2017_C`
- `pylintrc_RNC_sonar_2017_D`

To use one of these files when running `pylint` from within the container:

Expand Down Expand Up @@ -204,11 +204,11 @@ cache:
script:
- mkdir -p /home/travis/.sonarcache
- docker run --rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v "/home/travis/.sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scanner
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v "/home/travis/.sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scanner
```

#### GitLab-CI
Expand All @@ -225,26 +225,25 @@ sonar-scanning:
script:
- mkdir -p .sonarcache
- docker run --rm \
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v ".sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scanner
-u "$(id -u):$(id -g)" \
-e SONAR_HOST_URL="https://my-sonarqube.com" \
-v "$(pwd):/usr/src" \
-v ".sonarcache:/opt/sonar-scanner/.sonar/cache" \
lequal/sonar-scanner
```

## Analysis tools included

| Tool | Version | Default report file |
|--------------------------------------------------------------------------------|---------------|---------------------|
| [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | 4.8.0.2856 | |
| [ShellCheck](https://github.com/koalaman/shellcheck) | 0.7.1 | |
| [pylint](http://pylint.pycqa.org/en/latest/user_guide/index.html) | 2.17.2 | pylint-report.txt |
| [CNES pylint extension](https://github.com/cnescatlab/cnes-pylint-extension) | 6.0.0 | |
| [CppCheck](https://github.com/danmar/cppcheck) | 2.10 | cppcheck-report.xml |
| [Vera++](https://bitbucket.org/verateam/vera/wiki/Home) | 1.2.1 | vera-report.xml |
| [RATS](https://code.google.com/archive/p/rough-auditing-tool-for-security/) | 2.4 | rats-report.xml |
| [Frama-C](https://frama-c.com/index.html) | 26.1-Iron | |
| [Infer](https://fbinfer.com/) | 1.1.0 | |
| Tool | Version | Default report file |
| ------------------------------------------------------------------------------ | ---------- | ------------------- |
| [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | 4.8.0.2856 | |
| [ShellCheck](https://github.com/koalaman/shellcheck) | 0.7.1 | |
| [pylint](http://pylint.pycqa.org/en/latest/user_guide/index.html) | 2.17.2 | pylint-report.txt |
| [CNES pylint extension](https://github.com/cnescatlab/cnes-pylint-extension) | 6.0.0 | |
| [CppCheck](https://github.com/danmar/cppcheck) | 2.10 | cppcheck-report.xml |
| [RATS](https://code.google.com/archive/p/rough-auditing-tool-for-security/) | 2.4 | rats-report.xml |
| [Frama-C](https://frama-c.com/index.html) | 26.1-Iron | |
| [Infer](https://fbinfer.com/) | 1.1.0 | |

## Developer's guide

Expand All @@ -265,7 +264,7 @@ To run the tests and create your own ones see the [test documentation](https://g

## How to contribute

If you experienced a problem with the image please open an issue. Inside this issue please explain us how to reproduce this issue and paste the log.
If you experienced a problem with the image please open an issue. Inside this issue please explain us how to reproduce this issue and paste the log.

If you want to do a PR, please put inside of it the reason of this pull request. If this pull request fixes an issue please insert the number of the issue or explain inside of the PR how to reproduce this issue.

Expand Down

0 comments on commit e08dca0

Please sign in to comment.