8000 Added hadolint + new cnes-scan version by Topin2001 · Pull Request #92 · cnescatlab/docker-cat · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
< 8000 div hidden="hidden" data-view-component="true" class="js-stale-session-flash stale-session-flash flash flash-warn flash-full"> Dismiss alert

Added hadolint + new cnes-scan version #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 5, 2024
Merged

Added hadolint + new cnes-scan version #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 21 additions & 15 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,16 @@ USER root
ADD https://github.com/cnescatlab/i-CodeCNES/releases/download/5.0.0/icode-5.0.0.zip \
https://github.com/danmar/cppcheck/archive/refs/tags/2.14.2.tar.gz \
https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006.zip \
https://github.com/cnescatlab/sonar-cnes-scan-plugin/releases/download/2.0.0/sonar-cnes-scan-plugin-2.0.jar \
https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 \
https://github.com/cnescatlab/sonar-cnes-scan-plugin/releases/download/2.1.0/sonar-cnes-scan-plugin-2.1.0.jar \
/tmp/

# Add CNES pylintrc A_B, C, D
COPY pylintrc.d/ /opt/python/

#Add CNES hadolint config
COPY hadolint.d/ /opt/hadolint/

## ====================== INSTALL DEPENDENCIES ===============================

ENV PATH=/usr/local/bin:${PATH}
Expand All @@ -31,7 +35,7 @@ RUN apt-get update -y \
&& rm -rf /var/lib/apt/lists/*

RUN apt-get update -y \
&& apt-get install -y \
&& apt-get install -y --no-install-recommends \
unzip=6.0-* \
python3=3.10.6-* \
python3-pip=22.0.2* \
Expand All @@ -55,10 +59,14 @@ RUN apt-get update -y \
## Install Sonar Scanner
&& unzip /tmp/sonar-scanner-cli-5.0.1.3006.zip -d /opt/ \
&& mv /opt/sonar-scanner-5.0.1.3006 /opt/sonar-scanner \
&& rm -rf /tmp/sonar-scanner-cli-5.0.1.3006.zip \
&& rm -rf /tmp/sonar-scanner-cli-5.0.1.3006.zip\
## Install Hadolint
&& mv /tmp/hadolint-Linux-x86_64 /usr/bin/hadolint \
&& chown sonarqube:sonarqube /usr/bin/hadolint \
&& chmod +x /usr/bin/hadolint \
## Install Cnes Scan Plugin
&& mv /tmp/sonar-cnes-scan-plugin-2.0.jar /opt/sonarqube/extensions/plugins/ \
&& chown sonarqube:sonarqube /opt/sonarqube/extensions/plugins/sonar-cnes-scan-plugin-2.0.jar
&& mv /tmp/sonar-cnes-scan-plugin-2.1.0.jar /opt/sonarqube/extensions/plugins/ \
&& chown sonarqube:sonarqube /opt/sonarqube/extensions/plugins/sonar-cnes-scan-plugin-2.1.0.jar


## Python, Pylint & CNES Pylint setup
Expand All @@ -71,24 +79,25 @@ RUN pip install --no-cache-dir \
mccabe==0.7.0 \
isort==5.13.2 \
typed-ast==1.5.5 \
astroid==3.2.3 \
pylint==3.2.5 \
astroid==3.2.4 \
pylint==3.2.6 \
pylint_sonarjson_catlab==2.0.0 \
cnes-pylint-extension==7.0.0

## C and C++ tools installation
RUN cd /tmp \
&& tar -zxvf 2.14.2.tar.gz \
WORKDIR /tmp

RUN tar -zxvf 2.14.2.tar.gz \
&& make -C cppcheck-2.14.2/ install MATCHCOMPILER="yes" FILESDIR="/usr/share/cppcheck" HAVE_RULES="yes" CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function -Wno-deprecated-declarations" \
&& cd .. \
&& rm -rf ./2.14.2.tar.gz ./cppcheck-2.14.2/ \
&& rm -rf /2.14.2.tar.gz /cppcheck-2.14.2/ \
&& chown sonarqube:sonarqube -R /opt \
&& chown sonarqube:sonarqube -R /home \
&& apt-get autoremove -y \
make \
g\+\+ \
libpcre3-dev

WORKDIR /opt/sonarqube

## ====================== CONFIGURATION ===============================

Expand All @@ -97,14 +106,11 @@ COPY configure-cat.bash \
init.bash \
/tmp/


# Make sonarqube owner of it's installation directories
RUN chmod 750 /tmp/init.bash \
###### Disable telemetry
&& sed -i 's/#sonar\.telemetry\.enable=true/sonar\.telemetry\.enable=false/' /opt/sonarqube/conf/sonar.properties \
###### Set default report path for Cppcheck
&& echo 'sonar.cxx.cppcheck.reportPaths=cppcheck-report.xml' >> /opt/sonar-scanner/conf/sonar-scanner.properties \
###### Set default report path for Pylint
&& echo 'sonar.python.pylint.reportPaths=pylint-report.txt' >> /opt/sonar-scanner/conf/sonar-scanner.properties \
#### Set list of patterns matching Dockerfiles
&& echo 'sonar.lang.patterns.dockerfile=Dockerfile,Dockerfile.*' >> /opt/sonarqube/conf/sonar-scanner.properties \
###### Solve following error: https://github.com/cnescatlab/docker-cat/issues/30
Expand Down
44 changes: 44 additions & 0 deletions hadolint.d/hadolint_RNC_A_B_C_D.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@

format: sonarqube # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
ignored: # list of rules
- DL3012
- DL3045
- DL3047
- DL3049
- DL3050
- DL3051
- DL3052
- DL3053
- DL3054
- DL3055
- DL3056
- DL3057
- DL3058
- SC1000
- SC1001
- SC1010
- SC1018
- SC1045
- SC1065
- SC1066
- SC1077
- SC1078
- SC1079
- SC1081
- SC1083
- SC1086
- SC1087
- SC1097
- SC1098
- SC2002
- SC2026
- SC2028
- SC2035
- SC2046
- SC2086
- SC2140
- SC2154
- SC2155
- SC2164


3 changes: 2 additions & 1 deletion tests/c_cpp/sonar-project.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ sonar.projectKey=c-dummy-project
sonar.projectName=C Dummy Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.cxx.file.suffixes=.cxx,.cpp,.cc,.c,.hxx,.hpp,.hh,.h
sonar.cxx.file.suffixes=.cxx,.cpp,.cc,.c,.hxx,.hpp,.hh,.h
sonar.cxx.cppcheck.reportPaths=cppcheck-report.xml
132 changes: 132 additions & 0 deletions tests/docker/hadolint-report.json
View file
Open in desktop
2E18
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
{
"issues": [
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "Always tag the version of an image explicitly",
"textRange": {
"endColumn": 1,
"endLine": 4,
"startColumn": 0,
"startLine": 4
}
},
"ruleId": "DL3006",
"severity": "MAJOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "Avoid additional packages by specifying `--no-install-recommends`",
"textRange": {
"endColumn": 1,
"endLine": 6,
"startColumn": 0,
"startLine": 6
}
},
"ruleId": "DL3015",
"severity": "MINOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "Delete the apt-get lists after installing something",
"textRange": {
"endColumn": 1,
"endLine": 6,
"startColumn": 0,
"startLine": 6
}
},
"ruleId": "DL3009",
"severity": "MINOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "node_verion is referenced but not assigned (did you mean 'node_version'?).",
"textRange": {
"endColumn": 1,
"endLine": 6,
"startColumn": 0,
"startLine": 6
}
},
"ruleId": "SC2154",
"severity": "MAJOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "`COPY` to a relative destination without `WORKDIR` set.",
"textRange": {
"endColumn": 1,
"endLine": 9,
"startColumn": 0,
"startLine": 9
}
},
"ruleId": "DL3045",
"severity": "MAJOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "Use WORKDIR to switch to a directory",
"textRange": {
"endColumn": 1,
"endLine": 11,
"startColumn": 0,
"startLine": 11
}
},
"ruleId": "DL3003",
"severity": "MAJOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`",
"textRange": {
"endColumn": 1,
"endLine": 11,
"startColumn": 0,
"startLine": 11
}
},
"ruleId": "DL3016",
"severity": "MAJOR",
"type": "CODE_SMELL"
},
{
"engineId": "Hadolint",
"primaryLocation": {
"filePath": "src/Dockerfile",
"message": "Valid UNIX ports range from 0 to 65535",
"textRange": {
"endColumn": 1,
"endLine": 14,
"startColumn": 0,
"startLine": 14
}
},
"ruleId": "DL3011",
"severity": "CRITICAL",
"type": "BUG"
}
]
}
1 change: 1 addition & 0 deletions tests/docker/reference-hadolint-results.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"issues":[{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Always tag the version of an image explicitly","textRange":{"endColumn":1,"endLine":4,"startColumn":0,"startLine":4}},"ruleId":"DL3006","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Avoid additional packages by specifying `--no-install-recommends`","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"DL3015","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Delete the apt-get lists after installing something","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"DL3009","severity":"MINOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"node_verion is referenced but not assigned (did you mean 'node_version'?).","textRange":{"endColumn":1,"endLine":6,"startColumn":0,"startLine":6}},"ruleId":"SC2154","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"`COPY` to a relative destination without `WORKDIR` set.","textRange":{"endColumn":1,"endLine":9,"startColumn":0,"startLine":9}},"ruleId":"DL3045","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Use WORKDIR to switch to a directory","textRange":{"endColumn":1,"endLine":11,"startColumn":0,"startLine":11}},"ruleId":"DL3003","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Pin versions in npm. Instead of `npm install <package>` use `npm install <package>@<version>`","textRange":{"endColumn":1,"endLine":11,"startColumn":0,"startLine":11}},"ruleId":"DL3016","severity":"MAJOR","type":"CODE_SMELL"},{"engineId":"Hadolint","primaryLocation":{"filePath":"tests/docker/src/Dockerfile","message":"Valid UNIX ports range from 0 to 65535","textRange":{"endColumn":1,"endLine":14,"startColumn":0,"startLine":14}},"ruleId":"DL3011","severity":"CRITICAL","type":"BUG"}]}
6 changes: 6 additions & 0 deletions tests/docker/sonar-project.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#SonarQube Properties
sonar.projectKey=hadolint-dummy-project
sonar.projectName=Hadolint Dummy Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.externalIssuesReportPaths=hadolint-report.json
15 changes: 15 additions & 0 deletions tests/docker/src/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Example from Hadlint website
# https://hadolint.github.io/hadolint/

FROM debian

RUN export node_version="0.10" \
&& apt-get update && apt-get -y install nodejs="$node_verion"

COPY package.json usr/src/app

RUN cd /usr/src/app \
&& npm install node-static

EXPOSE 80000
CMD ["npm", "start"]
1 change: 1 addition & 0 deletions tests/python/sonar-project.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ sonar.projectKey=python-dummy-project
sonar.projectName=Python Dummy Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.python.pylint.reportPaths=pylint-report.txt
37 changes: 29 additions & 8 deletions tests/test_docker_cat.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,6 +307,7 @@ def import_analysis_results(cls, project_name: str, project_key: str,
-Dsonar.projectVersion=1.0 -Dsonar.sources={source_folder} \
-Dsonar.login={cls._SONARQUBE_TOKEN}",
workdir=f"/media/sf_Shared/{language_folder}").output.decode("utf-8")
print(analysis_output)
for line in (expected_sensor, expected_import):
# Hint: if this test fails, the sensor for the tool or for the importation was not launched
assert line in analysis_output
Expand All @@ -319,9 +320,9 @@ def import_analysis_results(cls, project_name: str, project_key: str,
# Hint: an issue must be raised by the rule violated
assert nb_issues == 1
# Delete the project
requests.post(f"{cls.CAT_URL}/api/projects/delete",
auth=("admin", cls.SONARQUBE_ADMIN_PASSWORD),
data={"project": project_key})
# requests.post(f"{cls.CAT_URL}/api/projects/delete",
# auth=("admin", cls.SONARQUBE_ADMIN_PASSWORD),
# data={"project": project_key})
if activate_rule:
# Deactivate the rule in the Quality Profile
requests.post(f"{cls.CAT_URL}/api/qualityprofiles/deactivate_rule",
Expand Down Expand Up @@ -487,6 +488,15 @@ def test_tool_shellcheck(self):
"""
cmd = "bash -c 'shellcheck -s sh -f checkstyle tests/shell/src/script.sh || true'"
self.analysis_tool("shellcheck", cmd, "tests/shell/reference-shellcheck-results.xml", "tests/shell/tmp-shellcheck-results.xml")

def test_tool_hadolint(self):
"""
As a user of this image, I want to run hadolint from within a container
so that it produces a report.
"""
cmd = "hadolint -f sonarqube --no-fail tests/docker/src/Dockerfile"
self.analysis_tool("hadolint", cmd, "tests/docker/reference-hadolint-results.json", "tests/docker/tmp-hadolint-results.json")


# Test importation of analysis results
def test_import_cppcheck_results(self):
Expand All @@ -495,8 +505,8 @@ def test_import_cppcheck_results(self):
of a CppCheck analysis to SonarQube.
"""
rule_violated = "cppcheck:arrayIndexOutOfBounds"
expected_sensor = "INFO: Sensor CXX [cxx]"
expected_import = "INFO: Sensor CXX Cppcheck report import"
expected_sensor = "INFO: Sensor CXX Cppcheck report import [cxx]"
expected_import = "INFO: Sensor CXX Cppcheck report import [cxx] (done)"
self.import_analysis_results("CppCheck Dummy Project", "cppcheck-dummy-project",
"RNC CPP A", "cxx", "tests/c_cpp", "cppcheck", rule_violated, expected_sensor, expected_import)

Expand All @@ -506,7 +516,18 @@ def test_import_pylint_results(self):
of a pylint analysis to SonarQube.
"""
rule_violated = "external_pylint:C0326"
expected_sensor = "INFO: Sensor Python Sensor [python]"
expected_import = "INFO: Sensor Import of Pylint issues [python]"
expected_sensor = "INFO: Sensor Import of Pylint issues [python]"
expected_import = "INFO: Sensor Import of Pylint issues [python] (done)"
self.import_analysis_results("Pylint Dummy Project", "pylint-dummy-project",
"Sonar way", "py", "tests/python", "src", rule_violated, expected_sensor, expected_import)
"Sonar way", "py", "tests/python", "src", rule_violated, expected_sensor, expected_import)

def test_import_hadolint_results(self):
"""
As a user of this image, I want to be able to import the results
of a hadolint analysis to SonarQube.
"""
rule_violated = "external_Hadolint:DL3003"
expected_sensor = "INFO: Sensor Import external issues report"
expected_import = "INFO: Sensor Import external issues report (done)"
self.import_analysis_results("Hadolint Dummy Project", "hadolint-dummy-project",
"Sonar way", "docker", "tests/docker", "src", rule_violated, expected_sensor, expected_import)
0