├── .ansible-lint ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── documentation_report.md │ └── feature_request.md ├── dependabot.yml ├── pull_request_template.md └── workflows │ ├── build.yml │ └── release.yml ├── .gitignore ├── .gitmodules ├── .yamllint ├── LICENSE ├── README.md ├── Vagrantfile ├── defaults └── main.yml ├── files ├── example_pipeline.groovy └── example_profile.xml ├── handlers └── main.yml ├── meta └── main.yml ├── molecule ├── base │ ├── converge.yml │ └── molecule.yml ├── default │ ├── converge.yml │ └── molecule.yml ├── java11 │ ├── converge.yml │ └── molecule.yml └── resources │ ├── prepare.yml │ ├── prepare_java11.yml │ └── prepare_vagrant.yml ├── requirements.yml ├── sonar-project.properties ├── tasks ├── main.yml └── system │ ├── Linux.yml │ └── jenkins.yml ├── templates ├── nginx.sonar.conf.j2 ├── sonar.properties.j2 └── sonarqube.service.j2 └── vars └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | exclude_paths: 2 | - ./molecule/ 3 | rulesdir: 4 | - ~/ansible-lint-rules/rules/ 5 | use_default_rules: true 6 | verbosity: 1 -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # yaml, yml, sh and py files will be always coverted to LF EOL 2 | *.yml text eol=lf 3 | *.py text eol=lf 4 | *.sh text eol=lf -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 🐛 Bug report 3 | about: Create a report to help us improve 4 | 5 | --- 6 | 7 | 13 | 14 | ##### SUMMARY 15 | 16 | 17 | ##### ISSUE TYPE 18 | - Bug Report 19 | 20 | ##### COMPONENT NAME 21 | 23 | 24 | ##### ANSIBLE VERSION 25 | 26 | ``` 27 | 28 | ``` 29 | 30 | ##### CONFIGURATION 31 | 34 | 35 | ##### OS / ENVIRONMENT 36 | 40 | 41 | ##### STEPS TO REPRODUCE 42 | 44 | 45 | 46 | ```yaml 47 | 48 | ``` 49 | 50 | 51 | 52 | ##### EXPECTED RESULTS 53 | 54 | 55 | ##### ACTUAL RESULTS 56 | 57 | 58 | 59 | ``` 60 | 61 | ``` 62 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/documentation_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 📝 Documentation Report 3 | about: Ask us about docs 4 | 5 | --- 6 | 7 | 13 | 14 | ##### SUMMARY 15 | 16 | 17 | ##### ISSUE TYPE 18 | - Documentation Report 19 | 20 | ##### COMPONENT NAME 21 | 23 | 24 | ##### ANSIBLE VERSION 25 | 26 | ``` 27 | 28 | ``` 29 | 30 | ##### CONFIGURATION 31 | 34 | 35 | ##### OS / ENVIRONMENT 36 | 40 | 41 | ##### STEPS TO REPRODUCE 42 | 44 | 45 | 46 | ```yaml 47 | 48 | ``` 49 | 50 | 51 | 52 | ##### EXPECTED RESULTS 53 | 54 | 55 | ##### ACTUAL RESULTS 56 | 57 | 58 | 59 | ``` 60 | 61 | ``` 62 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: ✨ Feature request 3 | about: Suggest an idea for this project 4 | 5 | --- 6 | 7 | 13 | 14 | ##### SUMMARY 15 | 16 | 17 | ##### ISSUE TYPE 18 | - Feature Idea 19 | 20 | ##### COMPONENT NAME 21 | 23 | 24 | ##### ANSIBLE VERSION 25 | 26 | ``` 27 | 28 | ``` 29 | 30 | ##### CONFIGURATION 31 | 34 | 35 | ##### OS / ENVIRONMENT 36 | 40 | 41 | ##### STEPS TO REPRODUCE 42 | 44 | 45 | 46 | ```yaml 47 | 48 | ``` 49 | 50 | 51 | 52 | ##### EXPECTED RESULTS 53 | 54 | 55 | ##### ACTUAL RESULTS 56 | 57 | 58 | 59 | ``` 60 | 61 | ``` 62 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: gitsubmodule 4 | directory: "/" 5 | schedule: 6 | interval: daily 7 | open-pull-requests-limit: 20 8 | - package-ecosystem: github-actions 9 | directory: "/.github" 10 | schedule: 11 | interval: daily 12 | open-pull-requests-limit: 10 13 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | # Pull Request Template 2 | 3 | ## Description 4 | 5 | Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. 6 | 7 | Fixes # (issue) 8 | 9 | ## Type of change 10 | 11 | Please delete options that are not relevant. 12 | 13 | - [ ] Bug fix (non-breaking change which fixes an issue) 14 | - [ ] New feature (non-breaking change which adds functionality) 15 | - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) 16 | - [ ] This change requires a documentation update 17 | 18 | ## Reviews 19 | 20 | Please identify developer to review this change 21 | 22 | - [ ] @developer 23 | 24 | ## Checklist: 25 | 26 | - [ ] I have performed a self-review of my own code 27 | - [ ] I have made corresponding changes to the documentation 28 | - [ ] My changes generate no new warnings 29 | - [ ] I have added tests that prove my fix is effective or that my feature works 30 | - [ ] New and existing tests pass with my changes 31 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: CI 3 | on: 4 | push: 5 | branches: 6 | - master 7 | pull_request: 8 | types: [opened, synchronize, reopened] 9 | env: 10 | PY_COLORS: 1 11 | ANSIBLE_FORCE_COLOR: 1 12 | ANSIBLE_STDOUT_CALLBACK: yaml 13 | jobs: 14 | lint: 15 | if: ${{ !contains(github.head.ref, 'dependabot') }} 16 | runs-on: ubuntu-latest 17 | container: leandelivery/docker-ansible-ci:ansible-7 18 | steps: 19 | - name: Checkout 20 | uses: actions/checkout@v2 21 | with: 22 | fetch-depth: 0 23 | - name: Lints 24 | run: | 25 | git clone https://github.com/lean-delivery/ansible-lint-rules.git ~/ansible-lint-rules 26 | yamllint . -c .yamllint 27 | # ansible-lint . -c .ansible-lint # https://github.com/lean-delivery/ansible-role-sonarqube/issues/3023 28 | sonarcloud: 29 | name: SonarCloud 30 | runs-on: ubuntu-latest 31 | steps: 32 | - uses: actions/checkout@v2 33 | with: 34 | fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis 35 | - name: SonarCloud Scan 36 | uses: SonarSource/sonarcloud-github-action@master 37 | env: 38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any 39 | SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} 40 | all-sonar-latest: 41 | needs: lint 42 | runs-on: ubuntu-latest 43 | timeout-minutes: 30 44 | container: leandelivery/docker-ansible-ci:ansible-7 45 | steps: 46 | - name: Checkout 47 | uses: actions/checkout@v2 48 | with: 49 | fetch-depth: 0 50 | - name: Prepare 51 | run: | 52 | ansible --version 53 | ansible-lint --version 54 | molecule --version 55 | rm -rf molecule/resources/provisioning 56 | git clone https://github.com/lean-delivery/ansible-molecule-drivers.git molecule/resources/provisioning 57 | - name: Molecule 58 | run: molecule test -s default 59 | 60 | ubuntu1804-sonar: 61 | needs: lint 62 | strategy: 63 | matrix: 64 | sonar_version: 65 | - '25.3.0.104237' 66 | - '25.2.0.102705' 67 | - '25.1.0.102122' 68 | - '24.12.0.100206' 69 | - '10.7.0.96327' 70 | - '9.9.8.100196' 71 | - '8.9.10.61524' 72 | fail-fast: false 73 | runs-on: ubuntu-latest 74 | timeout-minutes: 30 75 | container: leandelivery/docker-ansible-ci:ansible-7 76 | steps: 77 | - name: Checkout 78 | uses: actions/checkout@v2 79 | with: 80 | fetch-depth: 0 81 | - name: Prepare 82 | run: | 83 | ansible --version 84 | ansible-lint --version 85 | molecule --version 86 | rm -rf molecule/resources/provisioning 87 | git clone https://github.com/lean-delivery/ansible-molecule-drivers.git molecule/resources/provisioning 88 | - name: Molecule 89 | run: molecule test -s base 90 | env: 91 | SONAR_VERSION: ${{ matrix.sonar_version }} 92 | 93 | ubuntu1804-sonar-7: 94 | needs: lint 95 | strategy: 96 | matrix: 97 | sonar_version: 98 | - '7.9.6' 99 | fail-fast: false 100 | runs-on: ubuntu-latest 101 | timeout-minutes: 30 102 | container: leandelivery/docker-ansible-ci:ansible-7 103 | steps: 104 | - name: Checkout 105 | uses: actions/checkout@v2 106 | with: 107 | fetch-depth: 0 108 | - name: Prepare 109 | run: | 110 | ansible --version 111 | ansible-lint --version 112 | molecule --version 113 | rm -rf molecule/resources/provisioning 114 | git clone https://github.com/lean-delivery/ansible-molecule-drivers.git molecule/resources/provisioning 115 | - name: Molecule 116 | run: molecule test -s java11 117 | env: 118 | SONAR_VERSION: ${{ matrix.sonar_version }} 119 | 120 | ubuntu1804-ansible: 121 | needs: lint 122 | strategy: 123 | matrix: 124 | ansible_version: 125 | - 6 126 | fail-fast: false 127 | runs-on: ubuntu-latest 128 | timeout-minutes: 30 129 | container: leandelivery/docker-ansible-ci:ansible-${{ matrix.ansible_version }} 130 | steps: 131 | - name: Checkout 132 | uses: actions/checkout@v2 133 | with: 134 | fetch-depth: 0 135 | - name: Prepare 136 | run: | 137 | ansible --version 138 | ansible-lint --version 139 | molecule --version 140 | rm -rf molecule/resources/provisioning 141 | git clone https://github.com/lean-delivery/ansible-molecule-drivers.git molecule/resources/provisioning 142 | - name: Molecule 143 | run: molecule test -s default 144 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Release 3 | 4 | on: 5 | push: 6 | tags: 7 | - "*" 8 | 9 | jobs: 10 | release: 11 | name: Release 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout 15 | uses: actions/checkout@v2 16 | with: 17 | fetch-depth: 0 18 | 19 | - name: Set up Python 20 | uses: actions/setup-python@v2 21 | with: 22 | python-version: "3.x" 23 | 24 | - name: Install Ansible 25 | run: pip3 install ansible-base 26 | 27 | - name: Import role to Ansible Galaxy 28 | run: | 29 | sed -i "s//${{ secrets.GALAXY_API_KEY }}/" ansible.cfg 30 | ansible-galaxy role import $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | *.pyc 3 | *.rst 4 | *.log -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "submodules/java-plugin"] 2 | path = submodules/java-plugin 3 | url = https://github.com/SonarSource/sonar-java.git 4 | [submodule "submodules/sonarqube"] 5 | path = submodules/sonarqube 6 | url = https://github.com/SonarSource/sonarqube.git 7 | [submodule "submodules/checkstyle-plugin"] 8 | path = submodules/checkstyle-plugin 9 | url = https://github.com/checkstyle/sonar-checkstyle.git 10 | [submodule "submodules/findbugs-plugin"] 11 | path = submodules/findbugs-plugin 12 | url = https://github.com/spotbugs/sonar-findbugs.git 13 | [submodule "submodules/pmd-plugin"] 14 | path = submodules/pmd-plugin 15 | url = https://github.com/jensgerdes/sonar-pmd.git 16 | [submodule "submodules/javascript-plugin"] 17 | path = submodules/javascript-plugin 18 | url = https://github.com/SonarSource/SonarJS.git 19 | [submodule "submodules/jdepend-plugin"] 20 | path = submodules/jdepend-plugin 21 | url = https://github.com/willemsrb/sonar-jdepend-plugin.git 22 | [submodule "submodules/jproperties-plugin"] 23 | path = submodules/jproperties-plugin 24 | url = https://github.com/racodond/sonar-jproperties-plugin.git 25 | [submodule "submodules/dependency-check-plugin"] 26 | path = submodules/dependency-check-plugin 27 | url = https://github.com/SonarSecurityCommunity/dependency-check-sonar-plugin.git 28 | [submodule "submodules/issueresolver-plugin"] 29 | path = submodules/issueresolver-plugin 30 | url = https://github.com/willemsrb/sonar-issueresolver-plugin.git 31 | [submodule "submodules/json-plugin"] 32 | path = submodules/json-plugin 33 | url = https://github.com/racodond/sonar-json-plugin.git 34 | [submodule "submodules/yaml-plugin"] 35 | path = submodules/yaml-plugin 36 | url = https://github.com/sbaudoin/sonar-yaml.git 37 | [submodule "submodules/ansible-plugin"] 38 | path = submodules/ansible-plugin 39 | url = https://github.com/sbaudoin/sonar-ansible.git 40 | [submodule "submodules/shellcheck-plugin"] 41 | path = submodules/shellcheck-plugin 42 | url = https://github.com/sbaudoin/sonar-shellcheck.git 43 | [submodule "submodules/typescript-plugin"] 44 | path = submodules/typescript-plugin 45 | url = https://github.com/SonarSource/SonarTS.git 46 | [submodule "submodules/git-plugin"] 47 | path = submodules/git-plugin 48 | url = https://github.com/SonarSource/sonar-scm-git.git 49 | [submodule "submodules/xml-plugin"] 50 | path = submodules/xml-plugin 51 | url = https://github.com/SonarSource/sonar-xml.git 52 | [submodule "submodules/python-plugin"] 53 | path = submodules/python-plugin 54 | url = https://github.com/SonarSource/sonar-python.git 55 | [submodule "submodules/css-plugin"] 56 | path = submodules/css-plugin 57 | url = https://github.com/SonarSource/sonar-css.git 58 | [submodule "submodules/html-plugin"] 59 | path = submodules/html-plugin 60 | url = https://github.com/SonarSource/sonar-html.git 61 | [submodule "submodules/php-plugin"] 62 | path = submodules/php-plugin 63 | url = https://github.com/SonarSource/sonar-php.git 64 | [submodule "submodules/smell-plugin"] 65 | path = submodules/smell-plugin 66 | url = https://github.com/QualInsight/qualinsight-plugins-sonarqube-smell.git 67 | [submodule "submodules/badges-plugin"] 68 | path = submodules/badges-plugin 69 | url = https://github.com/QualInsight/qualinsight-plugins-sonarqube-badges.git 70 | [submodule "submodules/auth-github-plugin"] 71 | path = submodules/auth-github-plugin 72 | url = https://github.com/SonarSource/sonar-auth-github.git 73 | [submodule "submodules/auth-bitbucket-plugin"] 74 | path = submodules/auth-bitbucket-plugin 75 | url = https://github.com/SonarSource/sonar-auth-bitbucket.git 76 | [submodule "submodules/bitbucket-plugin"] 77 | path = submodules/bitbucket-plugin 78 | url = https://github.com/mibexsoftware/sonar-bitbucket-plugin.git 79 | [submodule "submodules/auth-gitlab-plugin"] 80 | path = submodules/auth-gitlab-plugin 81 | url = https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin.git 82 | [submodule "submodules/gitlab-plugin"] 83 | path = submodules/gitlab-plugin 84 | url = https://github.com/gabrie-allaigre/sonar-gitlab-plugin.git 85 | [submodule "submodules/xanitizer-plugin"] 86 | path = submodules/xanitizer-plugin 87 | url = https://github.com/RIGS-IT/sonar-xanitizer.git 88 | [submodule "submodules/groovy-plugin"] 89 | path = submodules/groovy-plugin 90 | url = https://github.com/Inform-Software/sonar-groovy.git 91 | [submodule "submodules/stash-plugin"] 92 | path = submodules/stash-plugin 93 | url = https://github.com/AmadeusITGroup/sonar-stash.git 94 | [submodule "submodules/branch-plugin"] 95 | path = submodules/branch-plugin 96 | url = https://github.com/mc1arke/sonarqube-community-branch-plugin.git 97 | [submodule "submodules/build-breaker-plugin"] 98 | path = submodules/build-breaker-plugin 99 | url = https://github.com/adnovum/sonar-build-breaker.git 100 | [submodule "submodules/jacoco-plugin"] 101 | path = submodules/jacoco-plugin 102 | url = https://github.com/SonarSource/sonar-jacoco.git 103 | [submodule "submodules/kotlin-plugin"] 104 | path = submodules/kotlin-plugin 105 | url = https://github.com/SonarSource/sonar-kotlin.git 106 | [submodule "submodules/iac-plugin"] 107 | path = submodules/iac-plugin 108 | url = https://github.com/SonarSource/sonar-iac.git 109 | [submodule "submodules/config-plugin"] 110 | path = submodules/config-plugin 111 | url = https://github.com/SonarSource/sonar-config.git 112 | [submodule "submodules/text-plugin"] 113 | path = submodules/text-plugin 114 | url = https://github.com/SonarSource/sonar-text.git 115 | [submodule "submodules/mutation-plugin"] 116 | path = submodules/mutation-plugin 117 | url = https://github.com/devcon5io/mutation-analysis-plugin.git 118 | [submodule "submodules/dotnet-plugin"] 119 | path = submodules/dotnet-plugin 120 | url = https://github.com/SonarSource/sonar-dotnet.git 121 | [submodule "submodules/aem-plugin"] 122 | path = submodules/aem-plugin 123 | url = https://github.com/wttech/AEM-Rules-for-SonarQube.git 124 | [submodule "submodules/cayc-plugin"] 125 | path = submodules/cayc-plugin 126 | url = https://github.com/SonarSource/sonar-cayc-stats-plugin.git 127 | [submodule "submodules/flex-plugin"] 128 | path = submodules/flex-plugin 129 | url = https://github.com/SonarSource/sonar-flex.git 130 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | ignore: | 5 | .github/ 6 | 7 | rules: 8 | braces: 9 | max-spaces-inside: 1 10 | level: error 11 | brackets: 12 | max-spaces-inside: 1 13 | level: error 14 | colons: 15 | max-spaces-after: -1 16 | level: error 17 | commas: 18 | max-spaces-after: -1 19 | level: error 20 | empty-lines: 21 | max: 3 22 | level: error 23 | hyphens: 24 | level: error 25 | truthy: disable 26 | comments: disable 27 | comments-indentation: disable 28 | indentation: disable 29 | key-duplicates: enable 30 | line-length: 31 | max: 150 32 | level: warning 33 | new-lines: 34 | type: unix 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2020 EPAM Systems 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | sonarqube role 2 | ========= 3 | [![License](https://img.shields.io/badge/license-Apache-green.svg?style=flat)](https://raw.githubusercontent.com/lean-delivery/ansible-role-sonarqube/master/LICENSE) 4 | [![Galaxy](https://img.shields.io/badge/galaxy-lean__delivery.sonarqube-blue.svg)](https://galaxy.ansible.com/lean_delivery/sonarqube) 5 | ![Ansible](https://img.shields.io/ansible/role/d/29212.svg) 6 | ![Ansible](https://img.shields.io/badge/dynamic/json.svg?label=min_ansible_version&url=https%3A%2F%2Fgalaxy.ansible.com%2Fapi%2Fv1%2Froles%2F29212%2F&query=$.min_ansible_version) 7 | 8 | This role installs SonarQube with extended set of plugins. Playbook example below also uses openJDK, postgreSQL database and nginx web server with enabled https. 9 | 10 | See article here: https://lean-delivery.com/2020/02/how-to-add-sonarqube-to-ci-process.html 11 | 12 | In addition to default plugins included into SonarQube role could install following recommended plugins: 13 | - checkstyle-sonar-plugin 14 | - sonar-pmd-plugin 15 | - sonar-findbugs-plugin 16 | - mutation-analysis-plugin 17 | - sonar-jdepend-plugin 18 | - sonar-jproperties-plugin 19 | - sonar-groovy-plugin 20 | - sonar-dependency-check-plugin 21 | - sonar-json-plugin 22 | - sonar-yaml-plugin 23 | - sonar-ansible-plugin 24 | - sonar-shellcheck-plugin 25 | 26 | Also you may install optional plugins. Be carefull, some of them are not supported in latest SonarQube versions: 27 | - qualinsight-sonarqube-smell-plugin 28 | - qualinsight-sonarqube-badges 29 | - sonar-auth-github-plugin 30 | - sonar-auth-bitbucket-plugin 31 | - sonar-bitbucket-plugin (for Bitbucket Cloud) 32 | - sonar-stash-plugin (for Bitbucket Server) 33 | - sonar-auth-gitlab-plugin 34 | - sonar-gitlab-plugin 35 | - sonar-xanitizer-plugin 36 | - sonar-build-breaker-plugin 37 | - sonar-issueresolver-plugin 38 | - sonarqube-community-branch-plugin 39 | - sonar-aemrules-plugin 40 | 41 | See plugin matrix here: https://docs.sonarsource.com/sonarqube/latest/instance-administration/plugin-version-matrix/ 42 | 43 | This role also provides some configuration options: 44 | - ability to migrate db when updating SonarQube to new version 45 | - ability to set Jenkins webhook 46 | - ability to restore custom profiles 47 | - LDAP configuration 48 | - ability to change password for admin user 49 | 50 | See Jenkins pipeline example here: https://raw.githubusercontent.com/lean-delivery/ansible-role-sonarqube/master/files/example_pipeline.groovy 51 | 52 | Requirements 53 | -------------- 54 | 55 | - **Supported Ansible versions**: 56 | - 5 (2.12) - not covered by tests yet, should work 57 | - 6 (2.13) 58 | - 7 (2.14) 59 | - 8 - 11 - not covered by tests yet, should work 60 | - **Supported SonarQube versions**: 61 | - 7.9.6 previous LTS 62 | - 8.9.10 previous LTS 63 | - 9.9.8 LTA 64 | - 10.7 65 | - 24.12 - 25.04 66 | - **Supported Java**: 67 | - 11 68 | - 17 (use for SonarQube 9.9+) 69 | - **Supported databases** 70 | - PostgreSQL 71 | - MySQL (not recommended) 72 | - embedded H2 (for tests only) 73 | - **Supported web servers (reverse proxy for https)** 74 | - nginx 75 | - **Supported OS**: 76 | - CentOS, RHEL 77 | - 7 78 | - Ubuntu 79 | - 18.04 80 | - 20.04 - not covered by tests yet, should work 81 | - 22.04 - not covered by tests yet, should work 82 | - 24.04 - not covered by tests yet, should work 83 | 84 | Java, database, web server with self-signed certificate should be installed preliminarily. Use following galaxy roles: 85 | - lean_delivery.java 86 | - geerlingguy.postgresql 87 | - jdauphant.ssl-certs 88 | - nginxinc.nginx 89 | 90 | Role Variables 91 | -------------- 92 | 93 | - `sonar_version` - SonarQube version 94 | - `sonar_path` - installation directory\ 95 | default: /opt/sonarqube 96 | - `sonar_user` - user for installing SonarQube\ 97 | default: sonar 98 | - `sonar_group` - group of SonarQube user\ 99 | default: sonar 100 | - `sonar_nofile` - file descriptors amount that user running SonarQube can open\ 101 | default: 65536 102 | - `sonar_nproc` - threads amount that user running SonarQube can open\ 103 | default: 4096 104 | - `sonar_max_map_count` - mmap counts limit required for Elasticsearch\ 105 | default: 262144 106 | - `sonar_log_level` - Logging level of SonarQube server\ 107 | default: INFO 108 | - `sonar_java_opts`: 109 | - `web` - additional java options for web part of SonarQube\ 110 | default: -Xmx512m -Xms128m 111 | - `es` - additional java options for Elasticsearch\ 112 | default: -Xms512m -Xmx512m 113 | - `ce` - additional java options for Compute Engine\ 114 | default: -Xmx512m -Xms128m 115 | - `web`: 116 | - `host` - SonarQube binding ip address\ 117 | default: 0.0.0.0 118 | - `port` - TCP port for incoming HTTP connections\ 119 | default: 9000 120 | - `path` - web context\ 121 | default: / 122 | - `sonar_db` - database settings 123 | - `type`\ 124 | default : postgresql 125 | - `port`\ 126 | default : 5432 127 | - `host`\ 128 | default : localhost 129 | - `name`\ 130 | default: sonar 131 | - `user`\ 132 | default: sonar 133 | - `password`\ 134 | default: sonar 135 | - `options`\ 136 | default: 137 | - `sonar_store` - sonarqube artifact provider\ 138 | default: https://sonarsource.bintray.com/Distribution/sonarqube 139 | - `sonar_check_url` - url for SonarQube startup verification\ 140 | default: http://{{ web.host }}:{{ web.port }} 141 | - `sonar_download` - is sonarqube.zip download required. Set to false when not possible to download zip and put zip to sonar_download_path manually before playbook run. 142 | default: true 143 | - `sonar_download_path` - local download path\ 144 | default: /tmp/ 145 | - `sonar_proxy_type` - web server, nginx is only supported for now\ 146 | default: nginx 147 | - `sonar_proxy_server_name` - server name in webserver config\ 148 | default: '{{ ansible_fqdn }}' 149 | - `sonar_proxy_http` - is http connection allowed\ 150 | default: false 151 | - `sonar_proxy_http_port` - http port\ 152 | default: 80 153 | - `sonar_proxy_ssl` - is https connection allowed\ 154 | default: true 155 | - `sonar_proxy_ssl_port` - https port\ 156 | default: 443 157 | - `sonar_proxy_ssl_cert_path` - path to certificate\ 158 | default: '/etc/ssl/{{ sonar_proxy_server_name }}/{{ sonar_proxy_server_name }}.pem' 159 | - `sonar_proxy_ssl_key_path` - path to key\ 160 | default: '/etc/ssl/{{ sonar_proxy_server_name }}/{{ sonar_proxy_server_name }}.key' 161 | - `sonar_proxy_client_max_body_size` - client max body size setting in web server config\ 162 | default: 32m 163 | - `sonar_install_recommended_plugins` - are recommended plugins required\ 164 | default: true 165 | - `sonar_recommended_plugins` - list of recommended plugins\ 166 | - `sonar_update_default_plugins` - is update required for default plugins\ 167 | default: true 168 | - `sonar_default_plugins` - list of default plugins\ 169 | - `sonar_install_optional_plugins` - are optional plugins required\ 170 | default: false 171 | - `sonar_optional_plugins` - list of optional plugins switched off by default. Not all of them are supported in latest SonarQube versions, so select ones you need and override this property. 172 | - `sonar_excluded_plugins` - list of old plugins excluded from SonarQube installer 173 | - `sonar_default_excluded_plugins` - list of default plugins you don't need\ 174 | default: [] 175 | - `sonar_web_user` - username for admin user\ 176 | default: admin 177 | - `sonar_web_password` - password for admin user\ 178 | default: admin 179 | - `change_password` - set true to change password\ 180 | default: false 181 | - `sonar_web_old_password` - current password (before changing)\ 182 | default: admin 183 | - `sonar_migrate_db` - is DB migrate required. Set to true when updating existing SonarQube to new version.\ 184 | default: false 185 | - `sonar_set_jenkins_webhook` - is jenkins webhook configuration required\ 186 | default: false 187 | - `sonar_jenkins_webhook_name` - name of jenkins webhook\ 188 | default: jenkins 189 | - `sonar_jenkins_webhook_url` - url of jenkins webhook\ 190 | default: https://jenkins.example.com/sonarqube-webhook/ 191 | - `sonar_restore_profiles` - is profile restore required\ 192 | default: false 193 | - `sonar_profile_list` - list of profiles to restore 194 | - `sonar_updatecenter_activate` - activate the SonarQube update center 195 | default: true 196 | 197 | Ldap configuration section. 198 | See https://docs.sonarqube.org/latest/instance-administration/delegated-auth/#header-6 to get description 199 | - `ldap`:\ 200 | default: undefined 201 | - `authenticator_downcase`\ 202 | default: false 203 | - `url`\ 204 | default: ldap://myserver.mycompany.com 205 | - `bind_dn`\ 206 | default: my_bind_dn 207 | - `bind_password`\ 208 | default: my_bind_password 209 | - `authentication`\ 210 | default: simple 211 | - `realm`\ 212 | default: 213 | - `contextFactoryClass`\ 214 | default: com.sun.jndi.ldap.LdapCtxFactory 215 | - `StartTLS`\ 216 | default: false 217 | - `followReferrals`\ 218 | default: true 219 | - `user_base_dn`\ 220 | default : ou=Users,dc=mycompany,dc=com 221 | - `user_request`\ 222 | default: (&(objectClass=inetOrgPerson)(uid={login})) 223 | - `user_real_name_attribute`\ 224 | default: cn 225 | - `user_email_attribute`\ 226 | default: mail 227 | - `group_base_dn`\ 228 | default: ou=Groups,dc=sonarsource,dc=com 229 | - `group_request`\ 230 | default: (&(objectClass=posixGroup)(memberUid={uid})) 231 | - `group_idAttribute`\ 232 | default: cn 233 | 234 | Example Playbook 235 | ---------------- 236 | ```yaml 237 | --- 238 | - name: Install SonarQube 239 | hosts: sonarqube 240 | become: true 241 | vars: 242 | # java 243 | java_major_version: 17 244 | transport: repositories 245 | # postgresql 246 | postgresql_users: 247 | - name: sonar 248 | password: sonar 249 | postgresql_databases: 250 | - name: sonar 251 | # ssl-certs 252 | ssl_certs_path_owner: nginx 253 | ssl_certs_path_group: nginx 254 | ssl_certs_common_name: sonarqube.example.com 255 | # sonarqube 256 | sonar_version: 25.4.0.105899 257 | sonar_check_url: 'http://{{ ansible_fqdn }}:9000' 258 | sonar_proxy_server_name: sonarqube.example.com 259 | sonar_install_optional_plugins: true 260 | sonar_optional_plugins: 261 | - 'https://github.com/adnovum/sonar-build-breaker/releases/download/{{ build_breaker_epversion }}' 262 | sonar_default_excluded_plugins: 263 | - sonar-flex-plugin-2.14.0.5032.jar 264 | sonar_web_password: your_new_Secure_passw0rd 265 | change_password: true 266 | sonar_web_old_password: admin 267 | sonar_migrate_db: false # set to true if updating SonarQube to new version 268 | sonar_set_jenkins_webhook: true 269 | sonar_jenkins_webhook_url: https://jenkins.example.com/sonarqube-webhook/ 270 | sonar_restore_profiles: true 271 | sonar_profile_list: 272 | - files/example_profile.xml 273 | pre_tasks: 274 | - name: install rpm key 275 | rpm_key: 276 | state: present 277 | key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }} 278 | when: ansible_distribution == 'RedHat' 279 | - name: install epel 280 | package: 281 | name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm 282 | state: present 283 | when: ansible_distribution == 'RedHat' 284 | # delete previously installed sonar to prevent plugins conflict 285 | - name: delete sonar 286 | file: 287 | path: '{{ sonar_path }}' 288 | state: absent 289 | roles: 290 | - role: lean_delivery.java 291 | - role: geerlingguy.postgresql 292 | - role: nginxinc.nginx 293 | - role: jdauphant.ssl-certs 294 | - role: lean_delivery.sonarqube 295 | tasks: 296 | - name: delete default nginx config 297 | file: 298 | path: /etc/nginx/conf.d/default.conf 299 | state: absent 300 | - name: reload nginx 301 | command: 'nginx -s reload' 302 | ``` 303 | 304 | License 305 | ------- 306 | Apache 307 | 308 | Author Information 309 | ------------------ 310 | 311 | authors: 312 | - Lean Delivery Team 313 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure(2) do |config| 2 | 3 | config.ssh.forward_agent = true 4 | config.vm.hostname = "vagrant-box" 5 | config.vm.network :private_network, ip: '10.1.100.11' 6 | config.vm.define "main", primary: true do |node| 7 | #node.vm.box = "ubuntu/xenial64" 8 | #node.vm.box = "ubuntu/bionic64" 9 | #node.vm.box = "debian/stretch64" 10 | #node.vm.box = "debian/jessie64" 11 | node.vm.box = "bento/centos-7.6" 12 | #node.vm.box = "bento/centos-6.9" 13 | end 14 | 15 | # SetUp Machine 16 | config.vm.provision "prepare", type:'ansible' do |ansible| 17 | ansible.playbook = 'molecule/resources/prepare_vagrant.yml' 18 | ansible.sudo = true 19 | ansible.verbose = "vvv" 20 | end 21 | 22 | # Setup SonarQube 23 | config.vm.provision "sonar", type:'ansible' do |ansible| 24 | ansible.playbook = 'molecule/default/playbook.yml' 25 | ansible.sudo = true 26 | ansible.verbose = "vvv" 27 | end 28 | 29 | # Verify 30 | config.vm.provision "test", type:'ansible' do |ansible| 31 | ansible.playbook = 'molecule/resources/tests/verify.yml' 32 | ansible.sudo = true 33 | ansible.verbose = "vvv" 34 | end 35 | end 36 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for sonarqube 3 | sonar_version: 25.4.0.105899 4 | 5 | sonar_path: /opt/sonarqube 6 | sonar_user: sonar 7 | sonar_group: sonar 8 | 9 | # tuning 10 | sonar_nofile: 131072 11 | sonar_nproc: 8192 12 | sonar_max_map_count: 524288 13 | sonar_log_level: INFO 14 | sonar_java_opts: 15 | web: -Xmx512m -Xms128m 16 | es: -Xms512m -Xmx512m 17 | ce: -Xmx512m -Xms128m 18 | 19 | # sonarqube web interface, should be covered by reverse proxy 20 | web: 21 | host: 0.0.0.0 22 | port: 9000 23 | path: / 24 | 25 | # database connection 26 | sonar_db: 27 | type: postgresql 28 | port: 5432 29 | host: localhost 30 | name: sonar 31 | user: sonar 32 | password: sonar 33 | options: 34 | 35 | # Since 7.1 mysql deprecated 36 | # type: mysql 37 | # port: 3306 38 | # host: localhost 39 | # name: sonar 40 | # user: sonar 41 | # password: sonar 42 | # options: "?useUnicode=true&\ 43 | # characterEncoding=utf8&\ 44 | # rewriteBatchedStatements=true&\ 45 | # useConfigs=maxPerformance&\ 46 | # useSSL=false" 47 | 48 | # sonarqube artifact provider 49 | sonar_store: https://binaries.sonarsource.com/Distribution/sonarqube 50 | 51 | # need to use http for self-signed certificates 52 | sonar_check_url: http://{{ web.host }}:{{ web.port }} 53 | sonar_installation: '{{ sonar_path }}/sonarqube-{{ sonar_version }}' 54 | 55 | # local download path 56 | sonar_download: true 57 | sonar_download_path: /tmp 58 | 59 | sonar_proxy_type: nginx 60 | sonar_proxy_server_name: '{{ ansible_fqdn }}' 61 | sonar_proxy_http: false 62 | sonar_proxy_http_port: 80 63 | sonar_proxy_ssl: true 64 | sonar_proxy_ssl_port: 443 65 | sonar_proxy_ssl_cert_path: '/etc/ssl/{{ sonar_proxy_server_name }}/{{ sonar_proxy_server_name }}.pem' 66 | sonar_proxy_ssl_key_path: '/etc/ssl/{{ sonar_proxy_server_name }}/{{ sonar_proxy_server_name }}.key' 67 | sonar_proxy_client_max_body_size: 32m 68 | 69 | nginx_config_path: /etc/nginx/conf.d/sonar.conf 70 | 71 | # Plugin versions 72 | checkstyle_pversion: "{% if sonar_version is version(\"9.9\", \">=\") %}10.23.0\ 73 | {% elif sonar_version is version(\"9.0\", \">=\") %}10.12.5\ 74 | {% elif sonar_version is version(\"8.9\", \">=\") %}9.3\ 75 | {% elif sonar_version is version(\"7.9\", \">=\") %}8.45.1\ 76 | {% else %}4.27\ 77 | {% endif %}" 78 | 79 | pmd_pversion: "{% if sonar_version is version(\"9.8\", \">=\") %}4.0.1\ 80 | {% elif sonar_version is version(\"7.0\", \">=\") %}3.4.0\ 81 | {% else %}2.6\ 82 | {% endif %}" 83 | 84 | findbugs_pversion: "{% if sonar_version is version(\"9.9\", \">=\") %}4.4.2\ 85 | {% elif sonar_version is version(\"7.6\", \">=\") %}4.2.10\ 86 | {% else %}0.0.0\ 87 | {% endif %}" 88 | 89 | jdepend_pversion: "{% if sonar_version is version(\"10.4\", \">=\") %}0.0.0\ 90 | {% else %}1.1.1\ 91 | {% endif %}" 92 | 93 | mutation_pversion: "{% if sonar_version is version(\"9.0\", \">=\") %}1.8\ 94 | {% else %}1.7\ 95 | {% endif %}" 96 | 97 | jproperties_pversion: "{% if sonar_version is version(\"9.0\", \">=\") %}0.0.0\ 98 | {% else %}2.6\ 99 | {% endif %}" 100 | 101 | groovy_pversion: "{% if sonar_version is version(\"8.0\", \">=\") %}1.8\ 102 | {% else %}1.7\ 103 | {% endif %}" 104 | 105 | dependency_check_pversion: "{% if sonar_version is version(\"10.2\", \">=\") %}5.0.0\ 106 | {% elif sonar_version is version(\"9.9\", \">=\") %}4.0.1\ 107 | {% elif sonar_version is version(\"8.9\", \">=\") %}3.1.0\ 108 | {% elif sonar_version is version(\"7.6\", \">=\") %}2.0.8\ 109 | {% elif sonar_version is version(\"7.3\", \">=\") %}1.2.1\ 110 | {% else %}1.1.6\ 111 | {% endif %}" 112 | 113 | json_pversion: "{% if sonar_version is version(\"9.0\", \">=\") %}0.0.0\ 114 | {% else %}2.3\ 115 | {% endif %}" 116 | 117 | yaml_pversion: "{% if sonar_version is version(\"8.0\", \">=\") %}1.9.1\ 118 | {% else %}1.8.1\ 119 | {% endif %}" 120 | 121 | ansible_pversion: 2.5.1 122 | 123 | shellcheck_pversion: "{% if sonar_version is version(\"7.4\", \">=\") %}2.5.0\ 124 | {% else %}2.2.1\ 125 | {% endif %}" 126 | 127 | java_pversion: "{% if sonar_version is version(\"24.12\", \">=\") %}8.12.0.38599\ 128 | {% elif sonar_version is version(\"9.6\", \">=\") %}8.9.1.38281\ 129 | {% elif sonar_version is version(\"8.9\", \">=\") %}7.17.0.31219\ 130 | {% elif sonar_version is version(\"7.9\", \">=\") %}7.6.0.28201\ 131 | {% elif sonar_version is version(\"7.0\", \">=\") %}5.14.0.18788\ 132 | {% else %}0.0.0\ 133 | {% endif %}" 134 | 135 | javascript_pversion: "{% if sonar_version is version(\"10.0\", \">=\") %}10.22.0.32148\ 136 | {% elif sonar_version is version(\"9.2\", \">=\") %}9.13.0.20537\ 137 | {% elif sonar_version is version(\"8.9\", \">=\") %}8.5.0.16762\ 138 | {% elif sonar_version is version(\"8.0\", \">=\") %}8.3.0.16208\ 139 | {% elif sonar_version is version(\"7.9\", \">=\") %}6.7.0.14237\ 140 | {% elif sonar_version is version(\"7.0\", \">=\") %}5.2.1.7778\ 141 | {% else %}0.0.0\ 142 | {% endif %}" 143 | 144 | typescript_pversion: "{% if sonar_version is version(\"8.9\", \">=\") %}0.0.0\ 145 | {% else %}2.1.0.4359\ 146 | {% endif %}" 147 | 148 | git_pversion: "{% if sonar_version is version(\"8.5.0.37579\", \">=\") %}0.0.0\ 149 | {% elif sonar_version is version(\"7.0\", \">=\") %}1.12.1.2064\ 150 | {% else %}0.0.0\ 151 | {% endif %}" 152 | 153 | xml_pversion: "{% if sonar_version is version(\"10.1\", \">=\") %}2.13.0.5938\ 154 | {% elif sonar_version is version(\"9.9\", \">=\") %}2.10.0.4108\ 155 | {% elif sonar_version is version(\"8.9\", \">=\") %}2.7.0.3820\ 156 | {% elif sonar_version is version(\"7.0\", \">=\") %}2.4.0.3273\ 157 | {% else %}0.0.0\ 158 | {% endif %}" 159 | 160 | python_pversion: "{% if sonar_version is version(\"9.6\", \">=\") %}4.26.0.19456\ 161 | {% elif sonar_version is version(\"7.9\", \">=\") %}4.1.0.11333\ 162 | {% elif sonar_version is version(\"7.0\", \">=\") %}1.14.1.3143\ 163 | {% else %}0.0.0\ 164 | {% endif %}" 165 | 166 | kotlin_pversion: "{% if sonar_version is version(\"24.12\", \">=\") %}3.1.0.7071\ 167 | {% elif sonar_version is version(\"9.6\", \">=\") %}2.23.0.6359\ 168 | {% elif sonar_version is version(\"7.3\", \">=\") %}2.12.1.2158\ 169 | {% else %}0.0.0\ 170 | {% endif %}" 171 | 172 | css_pversion: "{% if sonar_version is version(\"9.2\", \">=\") %}0.0.0\ 173 | {% elif sonar_version is version(\"7.9\", \">=\") %}1.4.2.2002\ 174 | {% else %}1.1.1.1010\ 175 | {% endif %}" 176 | 177 | html_pversion: "{% if sonar_version is version(\"9.6\", \">=\") %}3.19.0.5695\ 178 | {% elif sonar_version is version(\"7.9\", \">=\") %}3.7.1.3306\ 179 | {% else %}3.2.0.2082\ 180 | {% endif %}" 181 | 182 | php_pversion: "{% if sonar_version is version(\"9.6\", \">=\") %}3.45.0.12991\ 183 | {% elif sonar_version is version(\"7.9\", \">=\") %}3.28.0.9490\ 184 | {% elif sonar_version is version(\"7.8\", \">=\") %}3.1.1.4762\ 185 | {% elif sonar_version is version(\"7.0\", \">=\") %}3.0.0.4537\ 186 | {% else %}0.0.0\ 187 | {% endif %}" 188 | 189 | jacoco_pversion: 1.3.0.1538 190 | 191 | iac_pversion: "{% if sonar_version is version(\"9.6\", \">=\") %}1.42.0.14460\ 192 | {% elif sonar_version is version(\"8.9\", \">=\") %}1.16.0.3845\ 193 | {% else %}0.0.0\ 194 | {% endif %}" 195 | 196 | config_pversion: 0.0.0 197 | 198 | cayc_pversion: "{% if sonar_version is version(\"8.9\", \">=\") %}2.4.0.2018\ 199 | {% else %}0.0.0\ 200 | {% endif %}" 201 | 202 | flex_pversion: "{% if sonar_version is version(\"10.7\", \">=\") %}2.14.0.5032\ 203 | {% elif sonar_version is version(\"10.1\", \">=\") %}2.13.0.4905\ 204 | {% elif sonar_version is version(\"9.9\", \">=\") %}2.8.0.3166\ 205 | {% else %}2.7.0.2865\ 206 | {% endif %}" 207 | 208 | text_pversion: "{% if sonar_version is version(\"9.8\", \">=\") %}2.21.1.5779\ 209 | {% elif sonar_version is version(\"8.9\", \">=\") %}1.2.0.510\ 210 | {% else %}0.0.0\ 211 | {% endif %}" 212 | 213 | dotnet_pversion: "{% if sonar_version is version(\"24.12\", \">=\") %}10.8.0.113526\ 214 | {% elif sonar_version is version(\"9.6\", \">=\") %}10.2.0.105762\ 215 | {% else %}9.0.0.68202\ 216 | {% endif %}" 217 | 218 | smell_pversion: "{% if sonar_version is version(\"7.9\", \">=\") %}4.0.0\ 219 | {% else %}0.0.0\ 220 | {% endif %}" 221 | 222 | badges_pversion: 3.0.1 223 | 224 | auth_github_pversion: "{% if sonar_version is version(\"8.0\", \">=\") %}0.0.0\ 225 | {% else %}1.5.0.870\ 226 | {% endif %}" 227 | 228 | auth_bitbucket_epversion: "{% if sonar_version is version(\"9.2\", \">=\") %}\ 229 | https://binaries.sonarsource.com/Distribution/sonar-auth-bitbucket-plugin/sonar-auth-bitbucket-plugin-0.0.0.jar\ 230 | {% elif sonar_version is version(\"7.2\", \">=\") %}\ 231 | https://binaries.sonarsource.com/Distribution/sonar-auth-bitbucket-plugin/sonar-auth-bitbucket-plugin-1.1.0.381.jar\ 232 | {% else %}\ 233 | https://github.com/SonarSource/sonar-auth-bitbucket/releases/download/1.0/sonar-auth-bitbucket-plugin-1.0.jar\ 234 | {% endif %}" 235 | 236 | bitbucket_pversion: 1.3.0 237 | 238 | stash_pversion: 1.6.0 239 | 240 | auth_gitlab_pversion: "{% if sonar_version is version(\"8.0\", \">=\") %}0.0.0\ 241 | {% else %}1.3.2\ 242 | {% endif %}" 243 | 244 | gitlab_pversion: "{% if sonar_version is version(\"7.0\", \">=\") %}4.1.0-SNAPSHOT\ 245 | {% else %}3.0.2\ 246 | {% endif %}" 247 | 248 | xanitizer_pversion: "{% if sonar_version is version(\"7.9\", \">=\") %}2.2.0\ 249 | {% elif sonar_version is version(\"7.3\", \">=\") %}2.0.0\ 250 | {% else %}1.5.0\ 251 | {% endif %}" 252 | 253 | build_breaker_epversion: "{% if sonar_version is version(\"7.3\", \">=\") %}2.3.1/sonar-build-breaker-plugin-2.3.1.347.jar\ 254 | {% else %}2.2/sonar-build-breaker-plugin-2.2.jar\ 255 | {% endif %}" 256 | 257 | issueresolver_pversion: 1.0.2 258 | 259 | branch_pversion: "{% if sonar_version is version(\"24.12\", \">=\") %}1.23.0\ 260 | {% elif sonar_version is version(\"10.6\", \">=\") %}1.22.0\ 261 | {% elif sonar_version is version(\"10.5\", \">=\") %}1.20.0\ 262 | {% elif sonar_version is version(\"10.4\", \">=\") %}1.19.0\ 263 | {% elif sonar_version is version(\"10.3\", \">=\") %}1.18.0\ 264 | {% elif sonar_version is version(\"10.2\", \">=\") %}1.17.1\ 265 | {% elif sonar_version is version(\"10.1\", \">=\") %}1.16.0\ 266 | {% elif sonar_version is version(\"10.0\", \">=\") %}1.15.0\ 267 | {% elif sonar_version is version(\"9.8\", \">=\") %}1.14.0\ 268 | {% elif sonar_version is version(\"9.7\", \">=\") %}1.13.0\ 269 | {% elif sonar_version is version(\"9.1\", \">=\") %}1.12.0\ 270 | {% elif sonar_version is version(\"9.0\", \">=\") %}1.9.0\ 271 | {% elif sonar_version is version(\"8.9.0.43852\", \">=\") %}1.8.3\ 272 | {% elif sonar_version is version(\"8.7.0.41497\", \">=\") %}1.7.0\ 273 | {% elif sonar_version is version(\"8.5.0.37579\", \">=\") %}1.6.0\ 274 | {% elif sonar_version is version(\"8.2.0.32929\", \">=\") %}1.5.0\ 275 | {% elif sonar_version is version(\"8.1.0.31237\", \">=\") %}1.4.0\ 276 | {% elif sonar_version is version(\"7.8\", \">=\") %}1.3.2\ 277 | {% else %}0.0.0\ 278 | {% endif %}" 279 | 280 | aem_pversion: "{% if sonar_version is version(\"10.5\", \">=\") %}0.0.0\ 281 | {% elif sonar_version is version(\"8.9\", \">=\") %}1.6\ 282 | {% else %}1.3\ 283 | {% endif %}" 284 | 285 | sonar_install_recommended_plugins: true 286 | sonar_recommended_plugins: 287 | - 'https://github.com/checkstyle/sonar-checkstyle/releases/download/{{ checkstyle_pversion }}/checkstyle-sonar-plugin-{{ checkstyle_pversion }}.jar' 288 | 289 | - 'https://github.com/SonarQubeCommunity/sonar-pmd/releases/download/{{ pmd_pversion }}/sonar-pmd-plugin-{{ pmd_pversion }}.jar' 290 | 291 | - "https://github.com/spotbugs/sonar-findbugs/releases/download/\ 292 | {{ findbugs_pversion }}/sonar-findbugs-plugin-{{ findbugs_pversion }}.jar" 293 | 294 | - "https://github.com/willemsrb/sonar-jdepend-plugin/releases/download/\ 295 | sonar-jdepend-plugin-{{ jdepend_pversion }}/sonar-jdepend-plugin-{{ jdepend_pversion }}.jar" 296 | 297 | - "https://github.com/devcon5io/mutation-analysis-plugin/releases/download/\ 298 | v{{ mutation_pversion }}/mutation-analysis-plugin-{{ mutation_pversion }}.jar" 299 | 300 | - "https://github.com/racodond/sonar-jproperties-plugin/releases/download/\ 301 | {{ jproperties_pversion }}/sonar-jproperties-plugin-{{ jproperties_pversion }}.jar" 302 | 303 | - 'https://github.com/Inform-Software/sonar-groovy/releases/download/{{ groovy_pversion }}/sonar-groovy-plugin-{{ groovy_pversion }}.jar' 304 | 305 | - "https://github.com/stevespringett/dependency-check-sonar-plugin/releases/download/{{ dependency_check_pversion }}/\ 306 | sonar-dependency-check-plugin-{{ dependency_check_pversion }}.jar" 307 | 308 | - 'https://github.com/racodond/sonar-json-plugin/releases/download/{{ json_pversion }}/sonar-json-plugin-{{ json_pversion }}.jar' 309 | 310 | # plugin conflicts with iac plugin: https://github.com/sbaudoin/sonar-yaml/issues/70 311 | - 'https://github.com/sbaudoin/sonar-yaml/releases/download/v{{ yaml_pversion }}/sonar-yaml-plugin-{{ yaml_pversion }}.jar' 312 | 313 | - 'https://github.com/sbaudoin/sonar-ansible/releases/download/v{{ ansible_pversion }}/sonar-ansible-plugin-{{ ansible_pversion }}.jar' 314 | 315 | - 'https://github.com/sbaudoin/sonar-ansible/releases/download/v{{ ansible_pversion }}/sonar-ansible-extras-plugin-{{ ansible_pversion }}.jar' 316 | 317 | - 'https://github.com/sbaudoin/sonar-shellcheck/releases/download/v{{ shellcheck_pversion }}/sonar-shellcheck-plugin-{{ shellcheck_pversion }}.jar' 318 | 319 | sonar_update_default_plugins: true 320 | sonar_default_plugins: 321 | - 'https://binaries.sonarsource.com/Distribution/sonar-java-plugin/sonar-java-plugin-{{ java_pversion }}.jar' 322 | - 'https://binaries.sonarsource.com/Distribution/sonar-javascript-plugin/sonar-javascript-plugin-{{ javascript_pversion }}.jar' 323 | - 'https://binaries.sonarsource.com/Distribution/sonar-typescript-plugin/sonar-typescript-plugin-{{ typescript_pversion }}.jar' 324 | - 'https://binaries.sonarsource.com/Distribution/sonar-scm-git-plugin/sonar-scm-git-plugin-{{ git_pversion }}.jar' 325 | - 'https://binaries.sonarsource.com/Distribution/sonar-xml-plugin/sonar-xml-plugin-{{ xml_pversion }}.jar' 326 | - 'https://binaries.sonarsource.com/Distribution/sonar-python-plugin/sonar-python-plugin-{{ python_pversion }}.jar' 327 | - 'https://binaries.sonarsource.com/Distribution/sonar-kotlin-plugin/sonar-kotlin-plugin-{{ kotlin_pversion }}.jar' 328 | - 'https://binaries.sonarsource.com/Distribution/sonar-css-plugin/sonar-css-plugin-{{ css_pversion }}.jar' 329 | - 'https://binaries.sonarsource.com/Distribution/sonar-html-plugin/sonar-html-plugin-{{ html_pversion }}.jar' 330 | - 'https://binaries.sonarsource.com/Distribution/sonar-php-plugin/sonar-php-plugin-{{ php_pversion }}.jar' 331 | - 'https://binaries.sonarsource.com/Distribution/sonar-jacoco-plugin/sonar-jacoco-plugin-{{ jacoco_pversion }}.jar' 332 | - 'https://binaries.sonarsource.com/Distribution/sonar-iac-plugin/sonar-iac-plugin-{{ iac_pversion }}.jar' 333 | - 'https://binaries.sonarsource.com/Distribution/sonar-config-plugin/sonar-config-plugin-{{ config_pversion }}.jar' 334 | - 'https://binaries.sonarsource.com/Distribution/sonar-text-plugin/sonar-text-plugin-{{ text_pversion }}.jar' 335 | - 'https://binaries.sonarsource.com/Distribution/sonar-csharp-plugin/sonar-csharp-plugin-{{ dotnet_pversion }}.jar' 336 | - 'https://binaries.sonarsource.com/Distribution/sonar-vbnet-plugin/sonar-vbnet-plugin-{{ dotnet_pversion }}.jar' 337 | - 'https://binaries.sonarsource.com/Distribution/sonar-cayc-plugin/sonar-cayc-plugin-{{ cayc_pversion }}.jar' 338 | - 'https://binaries.sonarsource.com/Distribution/sonar-flex-plugin/sonar-flex-plugin-{{ flex_pversion }}.jar' 339 | 340 | sonar_install_optional_plugins: false 341 | 342 | branch_plugin_url: "https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/\ 343 | {{ branch_pversion }}/sonarqube-community-branch-plugin-{{ branch_pversion }}.jar" 344 | sonar_optional_plugins: 345 | 346 | - "https://github.com/QualInsight/qualinsight-plugins-sonarqube-smell/releases/download/\ 347 | qualinsight-plugins-sonarqube-smell-{{ smell_pversion }}/qualinsight-sonarqube-smell-plugin-{{ smell_pversion }}.jar" 348 | 349 | # Plugin is not supported in SonarQube 7.3+ 350 | # https://github.com/QualInsight/qualinsight-plugins-sonarqube-badges/issues/82 351 | - "https://github.com/QualInsight/qualinsight-plugins-sonarqube-badges/releases/download/\ 352 | qualinsight-plugins-sonarqube-badges-{{ badges_pversion }}/qualinsight-sonarqube-badges-{{ badges_pversion }}.jar" 353 | 354 | # Plugin is not supported in SonarQube 8+ 355 | - 'https://binaries.sonarsource.com/Distribution/sonar-auth-github-plugin/sonar-auth-github-plugin-{{ auth_github_pversion }}.jar' 356 | 357 | - '{{ auth_bitbucket_epversion }}' 358 | 359 | # Plugin is not supported in SonarQube 7.7+ 360 | - 'https://github.com/Soyn/sonar-bitbucket-plugin/releases/download/v{{ bitbucket_pversion }}/sonar-bitbucket-plugin-{{ bitbucket_pversion }}.jar' 361 | 362 | # Plugin is not supported in SonarQube 7.7+ 363 | - 'https://github.com/AmadeusITGroup/sonar-stash/releases/download/{{ stash_pversion }}/sonar-stash-plugin-{{ stash_pversion }}.jar' 364 | 365 | # Plugin is not supported in SonarQube 8+ 366 | - "https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/releases/download/\ 367 | {{ auth_gitlab_pversion }}/sonar-auth-gitlab-plugin-{{ auth_gitlab_pversion }}.jar" 368 | 369 | # Plugin is not supported in SonarQube 7.6+ 370 | - 'https://github.com/gabrie-allaigre/sonar-gitlab-plugin/releases/download/{{ gitlab_pversion }}/sonar-gitlab-plugin-{{ gitlab_pversion }}.jar' 371 | 372 | - 'https://github.com/RIGS-IT/sonar-xanitizer/releases/download/{{ xanitizer_pversion }}/sonar-xanitizer-plugin-{{ xanitizer_pversion }}.jar' 373 | 374 | - 'https://github.com/adnovum/sonar-build-breaker/releases/download/{{ build_breaker_epversion }}' 375 | 376 | - "https://github.com/willemsrb/sonar-issueresolver-plugin/releases/download/sonar-issueresolver-plugin-{{ issueresolver_pversion }}/\ 377 | sonar-issueresolver-plugin-{{ issueresolver_pversion }}.jar" 378 | 379 | - '{{ branch_plugin_url }}' 380 | 381 | - "https://github.com/wttech/AEM-Rules-for-SonarQube/releases/download/\ 382 | v{{ aem_pversion }}/sonar-aemrules-plugin-{{ aem_pversion }}.jar" 383 | 384 | sonar_all_plugins: "{{ sonar_install_recommended_plugins | ternary(sonar_recommended_plugins, []) + \ 385 | sonar_update_default_plugins | ternary(sonar_default_plugins, []) + \ 386 | sonar_install_optional_plugins | ternary(sonar_optional_plugins, []) }}" 387 | 388 | sonar_plugins_path: "{% if sonar_version is version(\"8.5.0.37579\", \">=\") %}sonarqube-{{ sonar_version }}/lib/extensions\ 389 | {% else %}sonarqube-{{ sonar_version }}/extensions/plugins\ 390 | {% endif %}" 391 | 392 | sonar_plugins_dir: "{{ sonar_installation }}/extensions/plugins" 393 | 394 | # Exclude old plugins that go with SonarQube installations 395 | sonar_excluded_plugins: 396 | - 'sonar-java-plugin-5.4.0.14284.jar' 397 | - 'sonar-java-plugin-5.6.1.15064.jar' 398 | - 'sonar-java-plugin-5.8.0.15699.jar' 399 | - 'sonar-java-plugin-5.9.2.16552.jar' 400 | - 'sonar-java-plugin-5.10.1.16922.jar' 401 | - 'sonar-java-plugin-5.11.0.17289.jar' 402 | - 'sonar-java-plugin-5.13.0.18197.jar' 403 | - 'sonar-java-plugin-5.13.1.18282.jar' 404 | - 'sonar-java-plugin-5.14.0.18788.jar' 405 | - 'sonar-java-plugin-6.1.0.20866.jar' 406 | - 'sonar-java-plugin-6.3.0.21585.jar' 407 | - 'sonar-java-plugin-6.5.1.22586.jar' 408 | - 'sonar-java-plugin-6.8.0.23379.jar' 409 | - 'sonar-java-plugin-6.9.0.23563.jar' 410 | - 'sonar-java-plugin-6.12.0.24852.jar' 411 | - 'sonar-java-plugin-6.14.0.25463.jar' 412 | - 'sonar-java-plugin-6.15.1.26025.jar' 413 | - 'sonar-java-plugin-7.1.0.26670.jar' 414 | - 'sonar-java-plugin-7.3.0.27589.jar' 415 | - 'sonar-java-plugin-7.5.0.28054.jar' 416 | - 'sonar-java-plugin-7.7.0.28547.jar' 417 | - 'sonar-java-plugin-7.11.0.29148.jar' 418 | - 'sonar-java-plugin-7.12.0.29739.jar' 419 | - 'sonar-java-plugin-7.13.0.29990.jar' 420 | - 'sonar-java-plugin-7.14.0.30229.jar' 421 | - 'sonar-java-plugin-7.15.0.30507.jar' 422 | - 'sonar-java-plugin-7.16.0.30901.jar' 423 | - 'sonar-java-plugin-7.17.0.31219.jar' 424 | - 'sonar-java-plugin-7.20.0.31692.jar' # 10.1 425 | - 'sonar-java-plugin-7.24.0.32100.jar' # 10.2 426 | - 'sonar-java-plugin-7.27.1.33504.jar' # 10.3 427 | - 'sonar-java-plugin-7.30.0.34429.jar' # 10.4 428 | - 'sonar-java-plugin-7.33.0.35775.jar' # 10.5 429 | - 'sonar-java-plugin-8.0.1.36337.jar' # 10.6 430 | - 'sonar-java-plugin-8.2.0.36672.jar' # 10.7 431 | - 'sonar-java-plugin-8.7.0.37452.jar' # 24.12 432 | - 'sonar-java-plugin-8.8.0.37665.jar' # 25.01 433 | - 'sonar-java-plugin-8.9.0.37768.jar' # 25.02 434 | - 'sonar-java-plugin-8.10.0.38194.jar' # 25.03 435 | - 'sonar-java-plugin-8.11.0.38440.jar' # 25.04 436 | 437 | - 'sonar-javascript-plugin-4.1.0.6085.jar' 438 | - 'sonar-javascript-plugin-4.2.0.6476.jar' 439 | - 'sonar-javascript-plugin-5.0.0.6962.jar' 440 | - 'sonar-javascript-plugin-5.1.1.7506.jar' 441 | - 'sonar-javascript-plugin-5.2.1.7778.jar' 442 | - 'sonar-javascript-plugin-6.1.0.11503.jar' 443 | - 'sonar-javascript-plugin-6.2.0.12043.jar' 444 | - 'sonar-javascript-plugin-6.2.1.12157.jar' 445 | - 'sonar-javascript-plugin-6.5.0.13383.jar' 446 | - 'sonar-javascript-plugin-7.0.1.14561.jar' 447 | - 'sonar-javascript-plugin-7.2.0.14938.jar' 448 | - 'sonar-javascript-plugin-7.3.0.15071.jar' 449 | - 'sonar-javascript-plugin-7.4.4.15624.jar' 450 | - 'sonar-javascript-plugin-8.1.0.15788.jar' 451 | - 'sonar-javascript-plugin-8.4.0.16431.jar' 452 | - 'sonar-javascript-plugin-8.6.0.16913.jar' 453 | - 'sonar-javascript-plugin-8.8.0.17228.jar' 454 | - 'sonar-javascript-plugin-9.1.0.17747.jar' 455 | - 'sonar-javascript-plugin-9.3.0.18033.jar' 456 | - 'sonar-javascript-plugin-9.6.0.18814.jar' 457 | - 'sonar-javascript-plugin-9.9.0.19492.jar' 458 | - 'sonar-javascript-plugin-9.12.0.20319.jar' 459 | - 'sonar-javascript-plugin-9.13.0.20537.jar' 460 | - 'sonar-javascript-plugin-10.1.0.21143.jar' 461 | - 'sonar-javascript-plugin-10.3.1.21905.jar' # 10.1 462 | - 'sonar-javascript-plugin-10.5.1.22382.jar' # 10.2 463 | - 'sonar-javascript-plugin-10.9.0.24449.jar' # 10.3 464 | - 'sonar-javascript-plugin-10.11.1.25225-multi.jar' # 10.4 465 | - 'sonar-javascript-plugin-10.13.2.25981-multi.jar' # 10.5 466 | - 'sonar-javascript-plugin-10.14.0.26080-multi.jar' # 10.6 467 | - 'sonar-javascript-plugin-10.16.0.27621-multi.jar' # 10.7 468 | - 'sonar-javascript-plugin-10.18.0.28572-multi.jar' # 24.12 469 | - 'sonar-javascript-plugin-10.20.0.29356-multi.jar' # 25.01 470 | - 'sonar-javascript-plugin-10.21.1.30825-multi.jar' # 25.03 471 | 472 | - 'sonar-typescript-plugin-1.7.0.2893.jar' 473 | - 'sonar-typescript-plugin-1.8.0.3332.jar' 474 | - 'sonar-typescript-plugin-1.9.0.3766.jar' 475 | 476 | - 'sonar-scm-git-plugin-1.4.1.1128.jar' 477 | - 'sonar-scm-git-plugin-1.6.0.1349.jar' 478 | - 'sonar-scm-git-plugin-1.7.0.1491.jar' 479 | - 'sonar-scm-git-plugin-1.8.0.1574.jar' 480 | - 'sonar-scm-git-plugin-1.9.1.1834.jar' 481 | - 'sonar-scm-git-plugin-1.11.1.2008.jar' 482 | - 'sonar-scm-git-plugin-1.12.0.2034.jar' 483 | 484 | - 'sonar-xml-plugin-1.5.1.1452.jar' 485 | - 'sonar-xml-plugin-2.0.1.2020.jar' 486 | - 'sonar-xml-plugin-2.1.0.2861.jar' 487 | - 'sonar-xml-plugin-2.2.0.2973.jar' 488 | - 'sonar-xml-plugin-2.3.0.3155.jar' 489 | - 'sonar-xml-plugin-2.4.0.3273.jar' 490 | - 'sonar-xml-plugin-2.5.0.3376.jar' 491 | - 'sonar-xml-plugin-2.6.1.3686.jar' 492 | - 'sonar-xml-plugin-2.7.0.3820.jar' 493 | - 'sonar-xml-plugin-2.8.1.4006.jar' # 10.1 494 | - 'sonar-xml-plugin-2.10.0.4108.jar' # 10.2 495 | - 'sonar-xml-plugin-2.12.0.5749.jar' # 24.12 496 | 497 | - 'sonar-python-plugin-1.10.0.2131.jar' 498 | - 'sonar-python-plugin-1.11.0.2473.jar' 499 | - 'sonar-python-plugin-1.13.0.2922.jar' 500 | - 'sonar-python-plugin-1.14.0.3086.jar' 501 | - 'sonar-python-plugin-1.14.1.3143.jar' 502 | - 'sonar-python-plugin-1.16.0.4432.jar' 503 | - 'sonar-python-plugin-2.3.0.5351.jar' 504 | - 'sonar-python-plugin-2.5.0.5733.jar' 505 | - 'sonar-python-plugin-2.8.0.6204.jar' 506 | - 'sonar-python-plugin-2.13.0.7236.jar' 507 | - 'sonar-python-plugin-3.1.0.7619.jar' 508 | - 'sonar-python-plugin-3.2.0.7856.jar' 509 | - 'sonar-python-plugin-3.4.0.7980.jar' 510 | - 'sonar-python-plugin-3.4.1.8066.jar' 511 | - 'sonar-python-plugin-3.5.0.8244.jar' 512 | - 'sonar-python-plugin-3.6.0.8488.jar' 513 | - 'sonar-python-plugin-3.8.0.8883.jar' 514 | - 'sonar-python-plugin-3.9.0.9230.jar' 515 | - 'sonar-python-plugin-3.12.0.9583.jar' 516 | - 'sonar-python-plugin-3.13.0.9611.jar' 517 | - 'sonar-python-plugin-3.15.1.9817.jar' 518 | - 'sonar-python-plugin-3.19.0.10254.jar' 519 | - 'sonar-python-plugin-3.21.0.10628.jar' 520 | - 'sonar-python-plugin-3.24.0.10784.jar' 521 | - 'sonar-python-plugin-3.24.1.11916.jar' # 9.9.2 522 | - 'sonar-python-plugin-4.1.0.11333.jar' 523 | - 'sonar-python-plugin-4.3.0.11660.jar' # 10.1 524 | - 'sonar-python-plugin-4.7.0.12181.jar' # 10.2 525 | - 'sonar-python-plugin-4.10.0.13725.jar' # 10.3 526 | - 'sonar-python-plugin-4.14.0.14263.jar' # 10.4 527 | - 'sonar-python-plugin-4.17.0.14845.jar' # 10.5 528 | - 'sonar-python-plugin-4.19.0.15616.jar' # 10.6 529 | - 'sonar-python-plugin-4.22.0.16914.jar' # 10.7 530 | - 'sonar-python-plugin-4.24.0.18631.jar' # 24.12 531 | - 'sonar-python-plugin-4.25.0.19056.jar' # 25.01 532 | - 'sonar-python-plugin-4.26.0.19456.jar' # 25.02 533 | - 'sonar-python-plugin-5.0.0.20426.jar' # 25.03 534 | - 'sonar-python-plugin-5.2.0.20808.jar' # 25.04 535 | 536 | - 'sonar-kotlin-plugin-1.0.1.965.jar' 537 | - 'sonar-kotlin-plugin-1.2.1.2009.jar' 538 | - 'sonar-kotlin-plugin-1.4.0.155.jar' 539 | - 'sonar-kotlin-plugin-1.5.0.315.jar' 540 | - 'sonar-kotlin-plugin-1.8.1.1804.jar' 541 | - 'sonar-kotlin-plugin-1.8.2.1946.jar' 542 | - 'sonar-kotlin-plugin-1.8.3.2219.jar' 543 | - 'sonar-kotlin-plugin-2.0.1.110.jar' 544 | - 'sonar-kotlin-plugin-2.2.0.499.jar' 545 | - 'sonar-kotlin-plugin-2.7.0.948.jar' 546 | - 'sonar-kotlin-plugin-2.9.0.1147.jar' 547 | - 'sonar-kotlin-plugin-2.10.0.1456.jar' 548 | - 'sonar-kotlin-plugin-2.12.0.1956.jar' 549 | - 'sonar-kotlin-plugin-2.13.0.2116.jar' 550 | - 'sonar-kotlin-plugin-2.15.0.2579.jar' # 10.1 551 | - 'sonar-kotlin-plugin-2.17.0.2902.jar' # 10.2 552 | - 'sonar-kotlin-plugin-2.18.0.2938.jar' # 10.3 553 | - 'sonar-kotlin-plugin-2.20.0.4382.jar' # 10.4 554 | - 'sonar-kotlin-plugin-2.21.0.5736.jar' # 24.12 555 | - 'sonar-kotlin-plugin-2.22.0.5972.jar' # 25.01 556 | - 'sonar-kotlin-plugin-3.0.1.6889.jar' # 25.04 557 | 558 | - 'sonar-css-plugin-1.0.1.508.jar' 559 | - 'sonar-css-plugin-1.0.2.611.jar' 560 | - 'sonar-css-plugin-1.0.3.724.jar' 561 | - 'sonar-css-plugin-1.1.0.993.jar' 562 | - 'sonar-css-plugin-1.1.1.1010.jar' 563 | - 'sonar-css-plugin-1.2.0.1325.jar' 564 | - 'sonar-css-plugin-1.3.0.1580.jar' 565 | - 'sonar-css-plugin-1.3.1.1642.jar' 566 | - 'sonar-css-plugin-1.3.2.1782.jar' 567 | - 'sonar-css-plugin-1.4.0.1899.jar' 568 | - 'sonar-css-plugin-1.4.2.2002.jar' 569 | 570 | - 'sonar-php-plugin-2.13.0.3107.jar' 571 | - 'sonar-php-plugin-2.14.0.3569.jar' 572 | - 'sonar-php-plugin-2.15.0.4060.jar' 573 | - 'sonar-php-plugin-2.16.0.4355.jar' 574 | - 'sonar-php-plugin-3.0.0.4537.jar' 575 | - 'sonar-php-plugin-3.1.1.4762.jar' 576 | - 'sonar-php-plugin-3.2.0.4868.jar' 577 | - 'sonar-php-plugin-3.3.0.5166.jar' 578 | - 'sonar-php-plugin-3.5.0.5655.jar' 579 | - 'sonar-php-plugin-3.9.0.6331.jar' 580 | - 'sonar-php-plugin-3.13.0.6849.jar' 581 | - 'sonar-php-plugin-3.15.0.7197.jar' 582 | - 'sonar-php-plugin-3.16.0.7320.jar' 583 | - 'sonar-php-plugin-3.17.0.7439.jar' 584 | - 'sonar-php-plugin-3.20.0.8080.jar' 585 | - 'sonar-php-plugin-3.21.2.8292.jar' 586 | - 'sonar-php-plugin-3.22.1.8626.jar' 587 | - 'sonar-php-plugin-3.23.1.8766.jar' 588 | - 'sonar-php-plugin-3.24.0.8949.jar' 589 | - 'sonar-php-plugin-3.25.0.9077.jar' 590 | - 'sonar-php-plugin-3.27.1.9352.jar' 591 | - 'sonar-php-plugin-3.28.0.9490.jar' 592 | - 'sonar-php-plugin-3.30.0.9766.jar' # 10.1 593 | - 'sonar-php-plugin-3.32.0.10180.jar' # 10.2 594 | - 'sonar-php-plugin-3.33.0.11274.jar' # 10.3 595 | - 'sonar-php-plugin-3.35.0.11659.jar' # 10.5 596 | - 'sonar-php-plugin-3.36.0.11813.jar' # 10.6 597 | - 'sonar-php-plugin-3.38.0.12239.jar' # 10.7 598 | - 'sonar-php-plugin-3.40.0.12590.jar' # 24.12 599 | - 'sonar-php-plugin-3.41.0.12692.jar' # 25.01 600 | - 'sonar-php-plugin-3.42.0.12795.jar' # 25.02 601 | - 'sonar-php-plugin-3.44.0.12898.jar' # 25.03 602 | - 'sonar-php-plugin-3.45.0.12991.jar' # 25.04 603 | 604 | - 'sonar-html-plugin-3.1.0.1615.jar' 605 | - 'sonar-html-plugin-3.2.0.2082.jar' 606 | - 'sonar-html-plugin-3.3.0.2534.jar' 607 | - 'sonar-html-plugin-3.4.0.2754.jar' 608 | - 'sonar-html-plugin-3.6.0.3106.jar' 609 | - 'sonar-html-plugin-3.7.1.3306.jar' 610 | - 'sonar-html-plugin-3.8.0.3510.jar' # 10.1 611 | - 'sonar-html-plugin-3.9.0.3600.jar' # 10.2 612 | - 'sonar-html-plugin-3.11.0.4708.jar' # 10.3 613 | - 'sonar-html-plugin-3.13.0.4821.jar' # 10.4 614 | - 'sonar-html-plugin-3.15.0.5107.jar' # 10.5 615 | - 'sonar-html-plugin-3.16.0.5274.jar' # 10.6 616 | - 'sonar-html-plugin-3.17.0.5548.jar' # 24.12 617 | - 'sonar-html-plugin-3.18.0.5605.jar' # 25.01 618 | - 'sonar-html-plugin-3.19.0.5695.jar' # 25.03 619 | 620 | - 'sonar-jacoco-plugin-1.0.1.143.jar' 621 | - 'sonar-jacoco-plugin-1.0.2.475.jar' 622 | - 'sonar-jacoco-plugin-1.1.0.898.jar' 623 | - 'sonar-jacoco-plugin-1.1.1.1157.jar' 624 | - 'sonar-jacoco-plugin-1.3.0.1538.jar' 625 | 626 | - 'sonar-iac-plugin-1.4.0.1294.jar' 627 | - 'sonar-iac-plugin-1.5.0.1600.jar' 628 | - 'sonar-iac-plugin-1.7.0.2012.jar' 629 | - 'sonar-iac-plugin-1.9.2.2279.jar' 630 | - 'sonar-iac-plugin-1.11.0.2847.jar' 631 | - 'sonar-iac-plugin-1.15.0.3752.jar' 632 | - 'sonar-iac-plugin-1.17.0.3976.jar' # 10.1 633 | - 'sonar-iac-plugin-1.20.0.5654.jar' # 10.2 634 | - 'sonar-iac-plugin-1.22.0.7057.jar' # 10.3 635 | - 'sonar-iac-plugin-1.26.0.8471.jar' # 10.4 636 | - 'sonar-iac-plugin-1.27.0.9518.jar' # 10.5 637 | - 'sonar-iac-plugin-1.31.0.10579.jar' # 10.6 638 | - 'sonar-iac-plugin-1.36.0.12431.jar' # 10.7 639 | - 'sonar-iac-plugin-1.39.0.13718.jar' # 24.12 640 | - 'sonar-iac-plugin-1.40.0.13983.jar' # 25.01 641 | - 'sonar-iac-plugin-1.41.0.14206.jar' # 25.02 642 | - 'sonar-iac-plugin-1.43.0.14517.jar' # 25.03 643 | - 'sonar-iac-plugin-1.44.0.14670.jar' # 25.04 644 | 645 | - 'sonar-config-plugin-1.1.0.185.jar' 646 | - 'sonar-config-plugin-1.2.0.267.jar' 647 | - 'sonar-config-plugin-1.3.0.654.jar' # 10.2 648 | 649 | - 'sonar-text-plugin-1.0.0.120.jar' 650 | - 'sonar-text-plugin-1.1.0.282.jar' 651 | - 'sonar-text-plugin-1.2.0.510.jar' 652 | - 'sonar-text-plugin-2.0.1.611.jar' 653 | - 'sonar-text-plugin-2.0.2.1090.jar' 654 | - 'sonar-text-plugin-2.1.0.1163.jar' # 10.1 655 | - 'sonar-text-plugin-2.3.0.1632.jar' # 10.2 656 | - 'sonar-text-plugin-2.7.1.1388.jar' # 10.3 657 | - 'sonar-text-plugin-2.8.0.1635.jar' # 10.4 658 | - 'sonar-text-plugin-2.10.0.2188.jar' # 10.5 659 | - 'sonar-text-plugin-2.12.1.2905.jar' # 10.6 660 | - 'sonar-text-plugin-2.16.0.4008.jar' # 10.7 661 | - 'sonar-text-plugin-2.19.0.4883.jar' # 24.12 662 | - 'sonar-text-plugin-2.20.0.5038.jar' # 25.01 663 | - 'sonar-text-plugin-2.21.0.5225.jar' # 25.03 664 | - 'sonar-text-plugin-2.21.1.5779.jar' # 25.04 665 | 666 | - 'sonar-csharp-plugin-7.15.0.8572.jar' 667 | - 'sonar-csharp-plugin-8.22.0.31243.jar' 668 | - 'sonar-csharp-plugin-8.25.0.33663.jar' 669 | - 'sonar-csharp-plugin-8.29.0.36737.jar' 670 | - 'sonar-csharp-plugin-8.32.0.39516.jar' 671 | - 'sonar-csharp-plugin-8.34.0.42011.jar' 672 | - 'sonar-csharp-plugin-8.36.1.44192.jar' 673 | - 'sonar-csharp-plugin-8.40.0.48530.jar' 674 | - 'sonar-csharp-plugin-8.43.0.51858.jar' 675 | - 'sonar-csharp-plugin-8.46.0.54807.jar' 676 | - 'sonar-csharp-plugin-8.50.0.58025.jar' 677 | - 'sonar-csharp-plugin-8.51.0.59060.jar' 678 | - 'sonar-csharp-plugin-8.55.0.65544.jar' 679 | - 'sonar-csharp-plugin-9.3.0.71466.jar' # 10.1 680 | - 'sonar-csharp-plugin-9.8.0.76515.jar' # 10.2 681 | - 'sonar-csharp-plugin-9.13.0.79967.jar' # 10.3 682 | - 'sonar-csharp-plugin-9.19.0.84025.jar' # 10.4 683 | - 'sonar-csharp-plugin-9.23.2.88755.jar' # 10.5 684 | - 'sonar-csharp-plugin-9.27.0.93347.jar' # 10.6 685 | - 'sonar-csharp-plugin-9.32.0.97167.jar' # 10.7 686 | - 'sonar-csharp-plugin-10.3.0.106239.jar' # 24.12 687 | - 'sonar-csharp-plugin-10.4.0.108396.jar' # 25.01 688 | - 'sonar-csharp-plugin-10.6.0.109712.jar' # 25.02 689 | - 'sonar-csharp-plugin-10.7.0.110445.jar' # 25.03 690 | 691 | - 'sonar-vbnet-plugin-7.15.0.8572.jar' 692 | - 'sonar-vbnet-plugin-8.22.0.31243.jar' 693 | - 'sonar-vbnet-plugin-8.25.0.33663.jar' 694 | - 'sonar-vbnet-plugin-8.29.0.36737.jar' 695 | - 'sonar-vbnet-plugin-8.32.0.39516.jar' 696 | - 'sonar-vbnet-plugin-8.34.0.42011.jar' 697 | - 'sonar-vbnet-plugin-8.36.1.44192.jar' 698 | - 'sonar-vbnet-plugin-8.40.0.48530.jar' 699 | - 'sonar-vbnet-plugin-8.43.0.51858.jar' 700 | - 'sonar-vbnet-plugin-8.46.0.54807.jar' 701 | - 'sonar-vbnet-plugin-8.50.0.58025.jar' 702 | - 'sonar-vbnet-plugin-8.51.0.59060.jar' 703 | - 'sonar-vbnet-plugin-8.55.0.65544.jar' 704 | - 'sonar-vbnet-plugin-9.3.0.71466.jar' # 10.1 705 | - 'sonar-vbnet-plugin-9.8.0.76515.jar' # 10.2 706 | - 'sonar-vbnet-plugin-9.13.0.79967.jar' # 10.3 707 | - 'sonar-vbnet-plugin-9.19.0.84025.jar' # 10.4 708 | - 'sonar-vbnet-plugin-9.23.2.88755.jar' # 10.5 709 | - 'sonar-vbnet-plugin-9.27.0.93347.jar' # 10.6 710 | - 'sonar-vbnet-plugin-9.32.0.97167.jar' # 10.7 711 | - 'sonar-vbnet-plugin-10.3.0.106239.jar' # 24.12 712 | - 'sonar-vbnet-plugin-10.4.0.108396.jar' # 25.01 713 | - 'sonar-vbnet-plugin-10.6.0.109712.jar' # 25.02 714 | - 'sonar-vbnet-plugin-10.7.0.110445.jar' # 25.03 715 | 716 | - 'sonar-cayc-plugin-2.0.0.334.jar' # 10.1 717 | - 'sonar-cayc-plugin-2.1.0.500.jar' # 10.2 718 | - 'sonar-cayc-plugin-2.2.2.656.jar' # 10.3 719 | - 'sonar-cayc-plugin-2.3.0.1782.jar' # 10.4 720 | - 'sonar-cayc-plugin-2.4.0.2018.jar' # 10.7 721 | 722 | - 'sonar-flex-plugin-2.5.1.1831.jar' # 7.9 723 | - 'sonar-flex-plugin-2.6.1.2564.jar' # 8.9 724 | - 'sonar-flex-plugin-2.8.0.3166.jar' # 9.9 725 | - 'sonar-flex-plugin-2.9.0.3375.jar' # 10.1 726 | - 'sonar-flex-plugin-2.10.0.3458.jar' # 10.2 727 | - 'sonar-flex-plugin-2.12.0.4568.jar' # 10.3 728 | - 'sonar-flex-plugin-2.14.0.5032.jar' # 24.12 729 | 730 | # Override this var to exclude default plugins you don't need 731 | sonar_default_excluded_plugins: [] 732 | 733 | sonar_all_excluded_plugins: "{{ sonar_update_default_plugins | ternary(sonar_excluded_plugins, []) + \ 734 | sonar_default_excluded_plugins }}" 735 | 736 | # SonarQube configuration 737 | sonar_web_user: admin 738 | sonar_web_password: admin 739 | change_password: false 740 | sonar_web_old_password: admin 741 | 742 | sonar_migrate_db: false 743 | 744 | sonar_set_jenkins_webhook: false 745 | sonar_jenkins_webhook_name: jenkins 746 | sonar_jenkins_webhook_url: https://jenkins.example.com/sonarqube-webhook/ 747 | 748 | sonar_restore_profiles: false 749 | sonar_profile_list: 750 | - files/example_profile.xml 751 | 752 | sonar_updatecenter_activate: true 753 | 754 | # See https://docs.sonarqube.org/latest/instance-administration/delegated-auth/#header-6 to get description 755 | # ldap: 756 | # authenticator_downcase: false 757 | # url: ldap://myserver.mycompany.com 758 | # bind_dn: my_bind_dn 759 | # bind_password: my_bind_password 760 | # authentication: simple 761 | # realm: 762 | # contextFactoryClass: com.sun.jndi.ldap.LdapCtxFactory 763 | # StartTLS: false 764 | # followReferrals: true 765 | # user_base_dn: ou=Users,dc=mycompany,dc=com 766 | # user_request: (&(objectClass=inetOrgPerson)(uid={login})) 767 | # user_real_name_attribute: cn 768 | # user_email_attribute: mail 769 | # group_base_dn: ou=Groups,dc=sonarsource,dc=com 770 | # group_request: (&(objectClass=posixGroup)(memberUid={uid})) 771 | # group_idAttribute: cn 772 | 773 | sonar_log_path: "{% if sonar_version is version(\"9.6\", \">=\") %}\ 774 | {{ sonar_installation }}/logs/sonar.log\ 775 | {% elif sonar_version is version(\"8.7.0.41497\", \">=\") %}\ 776 | {{ sonar_installation }}/logs/sonar.{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}.log\ 777 | {% elif sonar_version is version(\"8.6.0.39681\", \">=\") %}\ 778 | {{ sonar_installation }}/logs/sonar-{{ ansible_date_time.year }}{{ ansible_date_time.month }}{{ ansible_date_time.day }}.log\ 779 | {% else %}\ 780 | {{ sonar_installation }}/logs/sonar.log\ 781 | {% endif %}" 782 | 783 | sonar_start_by_service: true 784 | -------------------------------------------------------------------------------- /files/example_pipeline.groovy: -------------------------------------------------------------------------------- 1 | pipeline { 2 | agent { 3 | node { 4 | label 'master' 5 | } 6 | } 7 | environment { 8 | SONARQUBE_NAME = "SonarQube" // Find name in Manage Jenkins > Configure System > SonarQube Servers 9 | SQ_SCANNER_HOME = tool 'SonarQube Scanner' // Find tool name in Manage Jenkins > Global Tool Configuration > SonarQube Scanner 10 | PROJECT = "Test Project" 11 | } 12 | stages { 13 | stage ('Repo checkout') { // Delete if checkout is automatical 14 | 15 | } 16 | stage ('Java compilation') { // Java only, delete if no java code in repo. Compiled java code is needed for SonarQube analysis. 17 | 18 | } 19 | stage('SonarQube branch analysis') { 20 | when { 21 | not {changeRequest()} 22 | } 23 | steps { 24 | withSonarQubeEnv(SONARQUBE_NAME) { 25 | sh """ 26 | ${SQ_SCANNER_HOME}/bin/sonar-scanner \ 27 | -Dsonar.sources=. \ 28 | -Dsonar.projectKey=${PROJECT} \ 29 | -Dsonar.projectVersion=${env.BUILD_NUMBER} \ 30 | -Dsonar.branch.name=${GIT_BRANCH} // Use this property if you are using sonarqube-community-branch-plugin 31 | """ 32 | } 33 | } 34 | } 35 | stage('SonarQube pull request analysis') { // Use this stage if you are using sonarqube-community-branch-plugin 36 | when { 37 | changeRequest() 38 | } 39 | steps { 40 | withSonarQubeEnv(SONARQUBE_NAME) { 41 | sh """ 42 | ${SQ_SCANNER_HOME}/bin/sonar-scanner \ 43 | -Dsonar.sources=. \ 44 | -Dsonar.projectKey=${PROJECT} \ 45 | -Dsonar.pullrequest.branch=${CHANGE_BRANCH} \ 46 | -Dsonar.pullrequest.key=${CHANGE_ID} \ 47 | -Dsonar.pullrequest.base=${CHANGE_TARGET} 48 | """ 49 | } 50 | } 51 | } 52 | stage('SonarQube quality gate') { // Catches webhook from SonarQube, use this stage if you are not using build-breaker plugin 53 | agent none 54 | steps { 55 | sleep 300 56 | timeout(time: 5, unit: 'MINUTES') { 57 | waitForQualityGate abortPipeline: true 58 | } 59 | } 60 | } 61 | 62 | } 63 | post { 64 | cleanup { 65 | cleanWs() 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /files/example_profile.xml: -------------------------------------------------------------------------------- 1 | Example profilejavasquidS2204MAJOR -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for sonarqube 3 | - name: Restart Sonarqube 4 | ansible.builtin.systemd: 5 | name: sonarqube 6 | state: restarted 7 | daemon_reload: true 8 | enabled: true 9 | notify: 10 | - Wait for migrate DB 11 | - Migrate DB 12 | - Wait for Sonarqube 13 | - Show logs 14 | - Debug 15 | - Fail 16 | when: sonar_start_by_service | bool 17 | become: true 18 | 19 | # temp task, see https://github.com/lean-delivery/ansible-role-sonarqube/issues/3026 20 | - name: Restart Sonarqube with script 21 | ansible.builtin.command: 'sudo -u {{ sonar_user }} {{ sonar_installation }}/bin/linux-x86-64/sonar.sh restart' 22 | register: restart_result 23 | changed_when: restart_result.rc == 0 24 | notify: 25 | - Wait for migrate DB 26 | - Migrate DB 27 | - Wait for Sonarqube 28 | - Show logs 29 | - Debug 30 | - Fail 31 | when: not (sonar_start_by_service | bool) 32 | 33 | - name: Wait for migrate DB 34 | ansible.builtin.uri: 35 | url: '{{ sonar_check_url }}/api/system/status' 36 | return_content: true 37 | validate_certs: false 38 | register: uri_result 39 | until: "'DB_MIGRATION_NEEDED' in uri_result.content" 40 | retries: 40 41 | delay: 3 42 | when: sonar_migrate_db | bool 43 | 44 | - name: Migrate DB 45 | ansible.builtin.uri: 46 | url: '{{ sonar_check_url }}/api/system/migrate_db' 47 | method: POST 48 | validate_certs: false 49 | return_content: true 50 | when: sonar_migrate_db | bool 51 | 52 | - name: Wait for Sonarqube 53 | ansible.builtin.uri: 54 | url: '{{ sonar_check_url }}/api/system/status' 55 | return_content: true 56 | validate_certs: false 57 | register: uri_result 58 | until: "'UP' in uri_result.content" 59 | retries: 40 60 | delay: 3 61 | ignore_errors: true 62 | 63 | - name: Show logs 64 | ansible.builtin.shell: 'cat {{ sonar_installation }}/logs/*' 65 | register: logs 66 | changed_when: logs.rc != 0 67 | when: "'UP' not in uri_result.content" 68 | 69 | - name: Debug 70 | ansible.builtin.debug: 71 | var: logs.stdout 72 | when: "'UP' not in uri_result.content" 73 | 74 | - name: Fail 75 | ansible.builtin.fail: 76 | msg: SonarQube failed to start, see logs above 77 | when: "'UP' not in uri_result.content" 78 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: sonarqube 4 | namespace: lean_delivery_team 5 | author: Lean Delivery Team 6 | description: Lean Delivery SonarQube server install 7 | company: EPAM Systems 8 | issue_tracker_url: https://github.com/lean-delivery/ansible-role-sonarqube/issues 9 | license: Apache 10 | min_ansible_version: '5' 11 | platforms: 12 | - name: 'Ubuntu' 13 | versions: 14 | - bionic 15 | - focal 16 | - jammy 17 | - name: 'EL' 18 | versions: 19 | - '7' 20 | 21 | galaxy_tags: 22 | - sonarqube 23 | - sonar 24 | - codequality 25 | - development 26 | - monitoring 27 | - scanner 28 | 29 | dependencies: [] 30 | -------------------------------------------------------------------------------- /molecule/base/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | roles: 5 | - role: ansible-role-sonarqube 6 | sonar_install_optional_plugins: true 7 | sonar_set_jenkins_webhook: true 8 | sonar_restore_profiles: true 9 | sonar_web_password: your_new_Secure_passw0rd 10 | change_password: true 11 | sonar_web_old_password: admin 12 | sonar_proxy_type: 13 | sonar_db: 14 | type: H2 15 | port: 16 | host: 17 | name: 18 | user: 19 | password: 20 | options: 21 | sonar_start_by_service: false 22 | -------------------------------------------------------------------------------- /molecule/base/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | options: 5 | role-file: requirements.yml 6 | driver: 7 | name: docker 8 | lint: | 9 | yamllint . -c .yamllint 10 | ansible-lint . -c .ansible-lint 11 | platforms: 12 | - name: test-docker-ubuntu1804-sonarqube 13 | image: leandelivery/docker-systemd:ubuntu-18.04 14 | privileged: true 15 | security_opts: 16 | - seccomp=unconfined 17 | volumes: 18 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 19 | tmpfs: 20 | - /tmp 21 | - /run 22 | capabilities: 23 | - SYS_ADMIN 24 | groups: 25 | - python3 26 | provisioner: 27 | name: ansible 28 | log: true 29 | config_options: 30 | defaults: 31 | callback_whitelist: profile_tasks,timer 32 | inventory: 33 | group_vars: 34 | python3: 35 | ansible_python_interpreter: /usr/bin/python3 36 | host_vars: 37 | test-docker-ubuntu1804-sonarqube: 38 | sonar_version: ${SONAR_VERSION:-7.9.6} 39 | playbooks: 40 | prepare: ../resources/prepare.yml 41 | verify: ../resources/tests/verify.yml 42 | scenario: 43 | name: base 44 | verifier: 45 | name: ansible 46 | -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | roles: 5 | - role: ansible-role-sonarqube 6 | sonar_install_optional_plugins: true 7 | sonar_set_jenkins_webhook: true 8 | sonar_restore_profiles: true 9 | sonar_web_password: your_new_Secure_passw0rd 10 | change_password: true 11 | sonar_web_old_password: admin 12 | sonar_proxy_type: 13 | sonar_db: 14 | type: H2 15 | port: 16 | host: 17 | name: 18 | user: 19 | password: 20 | options: 21 | sonar_start_by_service: false 22 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | options: 5 | role-file: requirements.yml 6 | driver: 7 | name: docker 8 | lint: | 9 | yamllint . -c .yamllint 10 | ansible-lint . -c .ansible-lint 11 | platforms: 12 | # - name: test-docker-centos7-sonarqube 13 | # image: leandelivery/docker-systemd:centos7 14 | # privileged: true 15 | 16 | - name: test-docker-ubuntu18.04-sonarqube 17 | image: leandelivery/docker-systemd:ubuntu-18.04 18 | privileged: true 19 | security_opts: 20 | - seccomp=unconfined 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | tmpfs: 24 | - /tmp 25 | - /run 26 | capabilities: 27 | - SYS_ADMIN 28 | groups: 29 | - python3 30 | provisioner: 31 | name: ansible 32 | log: true 33 | config_options: 34 | defaults: 35 | callback_whitelist: profile_tasks,timer 36 | inventory: 37 | group_vars: 38 | python3: 39 | ansible_python_interpreter: /usr/bin/python3 40 | playbooks: 41 | prepare: ../resources/prepare.yml 42 | verify: ../resources/tests/verify.yml 43 | scenario: 44 | name: default 45 | verifier: 46 | name: ansible 47 | -------------------------------------------------------------------------------- /molecule/java11/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | roles: 5 | - role: ansible-role-sonarqube 6 | sonar_install_optional_plugins: true 7 | sonar_set_jenkins_webhook: true 8 | sonar_restore_profiles: true 9 | sonar_web_password: your_new_Secure_passw0rd 10 | change_password: true 11 | sonar_web_old_password: admin 12 | sonar_proxy_type: 13 | sonar_db: 14 | type: H2 15 | port: 16 | host: 17 | name: 18 | user: 19 | password: 20 | options: 21 | sonar_start_by_service: false 22 | -------------------------------------------------------------------------------- /molecule/java11/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | options: 5 | role-file: requirements.yml 6 | driver: 7 | name: docker 8 | lint: | 9 | yamllint . -c .yamllint 10 | ansible-lint . -c .ansible-lint 11 | platforms: 12 | - name: test-docker-ubuntu1804-sonarqube 13 | image: leandelivery/docker-systemd:ubuntu-18.04 14 | privileged: true 15 | security_opts: 16 | - seccomp=unconfined 17 | volumes: 18 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 19 | tmpfs: 20 | - /tmp 21 | - /run 22 | capabilities: 23 | - SYS_ADMIN 24 | groups: 25 | - python3 26 | provisioner: 27 | name: ansible 28 | log: true 29 | config_options: 30 | defaults: 31 | callback_whitelist: profile_tasks,timer 32 | inventory: 33 | group_vars: 34 | python3: 35 | ansible_python_interpreter: /usr/bin/python3 36 | host_vars: 37 | test-docker-ubuntu1804-sonarqube: 38 | sonar_version: ${SONAR_VERSION:-7.9.6} 39 | playbooks: 40 | prepare: ../resources/prepare_java11.yml 41 | verify: ../resources/tests/verify.yml 42 | scenario: 43 | name: java11 44 | verifier: 45 | name: ansible 46 | -------------------------------------------------------------------------------- /molecule/resources/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare pre-requisites 3 | hosts: all 4 | roles: 5 | - role: lean_delivery.java 6 | java_major_version: 17 7 | transport: repositories 8 | # https://github.com/lean-delivery/ansible-role-sonarqube/issues/3025 9 | # - role: anxs.postgresql 10 | # become: true 11 | # postgresql_users: 12 | # - name: sonar 13 | # pass: sonar 14 | # postgresql_databases: 15 | # - name: sonar 16 | # owner: sonar 17 | # - role: nginxinc.nginx 18 | # become: true 19 | # - role: jdauphant.ssl-certs 20 | # become: true 21 | # ssl_certs_path_owner: nginx 22 | # ssl_certs_path_group: nginx 23 | -------------------------------------------------------------------------------- /molecule/resources/prepare_java11.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare pre-requisites 3 | hosts: all 4 | roles: 5 | - role: lean_delivery.java 6 | java_major_version: 11 7 | transport: repositories 8 | # https://github.com/lean-delivery/ansible-role-sonarqube/issues/3025 9 | # - role: anxs.postgresql 10 | # become: true 11 | # postgresql_users: 12 | # - name: sonar 13 | # pass: sonar 14 | # postgresql_databases: 15 | # - name: sonar 16 | # owner: sonar 17 | # - role: nginxinc.nginx 18 | # become: true 19 | # - role: jdauphant.ssl-certs 20 | # become: true 21 | # ssl_certs_path_owner: nginx 22 | # ssl_certs_path_group: nginx 23 | -------------------------------------------------------------------------------- /molecule/resources/prepare_vagrant.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare pre-requisites 3 | hosts: all 4 | roles: 5 | - role: lean_delivery.java 6 | java_major_version: 11 7 | transport: repositories 8 | - role: anxs.postgresql 9 | become: true 10 | postgresql_users: 11 | - name: sonar 12 | pass: sonar 13 | postgresql_databases: 14 | - name: sonar 15 | owner: sonar 16 | - role: nginxinc.nginx 17 | become: true 18 | - role: jdauphant.ssl-certs 19 | become: true 20 | ssl_certs_path_owner: nginx 21 | ssl_certs_path_group: nginx 22 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - src: lean_delivery.java 3 | version: 7.1.0 4 | - src: geerlingguy.postgresql 5 | version: 3.4.2 6 | - src: jdauphant.ssl-certs 7 | version: v1.7.1 8 | - src: nginxinc.nginx 9 | version: 0.23.2 10 | -------------------------------------------------------------------------------- /sonar-project.properties: -------------------------------------------------------------------------------- 1 | sonar.projectKey=lean-delivery_ansible-role-sonarqube 2 | sonar.organization=lean-delivery 3 | 4 | # This is the name and version displayed in the SonarCloud UI. 5 | #sonar.projectName=ansible-role-sonarqube 6 | #sonar.projectVersion=1.0 7 | 8 | # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. 9 | sonar.sources=. 10 | 11 | # Encoding of the source code. Default is default system encoding 12 | #sonar.sourceEncoding=UTF-8 13 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for sonarqube 3 | 4 | - name: Choose platform based task 5 | ansible.builtin.include_tasks: '{{ platform }}' 6 | with_first_found: 7 | - 'system/{{ ansible_facts.system }}.yml' 8 | - 'system/not-supported.yml' 9 | loop_control: 10 | loop_var: platform 11 | -------------------------------------------------------------------------------- /tasks/system/Linux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for sonarqube pre install 3 | 4 | - name: Become section 5 | become: true 6 | block: 7 | - name: Tune virtual memory 8 | ansible.posix.sysctl: 9 | name: vm.max_map_count 10 | value: '{{ sonar_max_map_count | int }}' 11 | state: present 12 | 13 | - name: Create sonar group 14 | ansible.builtin.group: 15 | name: '{{ sonar_group }}' 16 | state: present 17 | 18 | - name: Create sonar user 19 | ansible.builtin.user: 20 | name: '{{ sonar_user }}' 21 | shell: /sbin/nologin 22 | group: '{{ sonar_group }}' 23 | state: present 24 | home: '/home/{{ sonar_user }}' 25 | createhome: true 26 | 27 | - name: Mkdir for SonarQube installation 28 | ansible.builtin.file: 29 | path: '{{ sonar_path }}' 30 | state: directory 31 | mode: 0755 32 | owner: '{{ sonar_user }}' 33 | group: '{{ sonar_group }}' 34 | 35 | - name: Install requirements 36 | ansible.builtin.package: 37 | name: 38 | - unzip 39 | - curl 40 | state: present 41 | register: install_result 42 | until: install_result is succeeded 43 | retries: 3 44 | delay: 5 45 | 46 | - name: 'Download checksum for SonarQube {{ sonar_version }}' 47 | ansible.builtin.uri: 48 | url: '{{ sonar_store }}/sonarqube-{{ sonar_version }}.zip.sha' 49 | return_content: true 50 | register: sonarqube_checksum 51 | when: 52 | - sonar_version is version("8.3", "<") 53 | - sonar_version is not version("7.9.4", "==") 54 | - sonar_version is not version("7.9.5", "==") 55 | - sonar_version is not version("7.9.6", "==") 56 | 57 | - name: 'Download with check SonarQube {{ sonar_version }}' 58 | ansible.builtin.get_url: 59 | url: '{{ sonar_store }}/sonarqube-{{ sonar_version }}.zip' 60 | dest: '{{ sonar_download_path }}/' 61 | mode: 0644 62 | owner: '{{ sonar_user }}' 63 | group: '{{ sonar_group }}' 64 | checksum: 'sha1:{{ sonarqube_checksum.content | trim }}' 65 | register: download_distrib_result 66 | until: download_distrib_result is succeeded 67 | retries: 3 68 | delay: 5 69 | when: 70 | - sonar_version is version("8.3", "<") 71 | - sonar_version is not version("7.9.4", "==") 72 | - sonar_version is not version("7.9.5", "==") 73 | - sonar_version is not version("7.9.6", "==") 74 | - sonar_download 75 | 76 | - name: 'Download without check SonarQube {{ sonar_version }}' 77 | ansible.builtin.get_url: 78 | url: '{{ sonar_store }}/sonarqube-{{ sonar_version }}.zip' 79 | dest: '{{ sonar_download_path }}/' 80 | mode: 0644 81 | owner: '{{ sonar_user }}' 82 | group: '{{ sonar_group }}' 83 | register: download_distrib_result 84 | until: download_distrib_result is succeeded 85 | retries: 3 86 | delay: 5 87 | when: 88 | - sonar_version is version("8.3", ">=") or 89 | sonar_version is version("7.9.4", "==") or 90 | sonar_version is version("7.9.5", "==") or 91 | sonar_version is version("7.9.6", "==") 92 | - sonar_download 93 | 94 | - name: Prepare exclusions 95 | ansible.builtin.set_fact: 96 | sonar_all_excluded_plugins_with_path: "{{ sonar_all_excluded_plugins | map('regex_replace', '^(.*)$', sonar_plugins_path + '/\\1') | list }}" 97 | 98 | - name: 'Install SonarQube {{ sonar_version }}' 99 | ansible.builtin.unarchive: 100 | src: '{{ sonar_download_path }}/sonarqube-{{ sonar_version }}.zip' 101 | exclude: "{{ sonar_all_excluded_plugins_with_path }}" 102 | dest: '{{ sonar_path }}' 103 | owner: '{{ sonar_user }}' 104 | group: '{{ sonar_group }}' 105 | remote_src: true 106 | creates: '{{ sonar_installation }}/conf/wrapper.conf' 107 | notify: 108 | - Restart Sonarqube 109 | - Restart Sonarqube with script 110 | 111 | - name: Render sonar.properties 112 | ansible.builtin.template: 113 | src: sonar.properties.j2 114 | dest: '{{ sonar_installation }}/conf/sonar.properties' 115 | mode: 0400 116 | owner: '{{ sonar_user }}' 117 | notify: 118 | - Restart Sonarqube 119 | - Restart Sonarqube with script 120 | 121 | - name: Render sonarqube.service 122 | ansible.builtin.template: 123 | src: sonarqube.service.j2 124 | dest: /etc/systemd/system/sonarqube.service 125 | mode: 0444 126 | owner: '{{ sonar_user }}' 127 | notify: 128 | - Restart Sonarqube 129 | - Restart Sonarqube with script 130 | 131 | - name: Make sure template destination directory exists 132 | ansible.builtin.file: 133 | path: "{{ nginx_config_path | dirname }}" 134 | state: directory 135 | recurse: true 136 | 137 | - name: Render nginx config 138 | ansible.builtin.template: 139 | src: nginx.sonar.conf.j2 140 | dest: '{{ nginx_config_path }}' 141 | mode: 0444 142 | owner: '{{ sonar_user }}' 143 | when: 144 | - sonar_proxy_type == 'nginx' 145 | 146 | - name: Filter plugins 147 | ansible.builtin.set_fact: 148 | sonar_all_plugins_with_exclusions: >- 149 | {{ 150 | sonar_all_plugins if sonar_default_excluded_plugins | length == 0 151 | else sonar_all_plugins | select('match', '^(?!.*(' + '|'.join(sonar_default_excluded_plugins) + ')).*$') | list 152 | }} 153 | 154 | - name: Download plugins 155 | ansible.builtin.get_url: 156 | url: '{{ item }}' 157 | dest: '{{ sonar_plugins_dir }}' 158 | mode: 0644 159 | owner: '{{ sonar_user }}' 160 | group: '{{ sonar_group }}' 161 | when: '"0.0.0" not in item' 162 | register: download_plugin_result 163 | until: download_plugin_result is succeeded 164 | retries: 3 165 | delay: 5 166 | loop: '{{ sonar_all_plugins_with_exclusions }}' 167 | notify: 168 | - Restart Sonarqube 169 | - Restart Sonarqube with script 170 | 171 | - name: Copy branch plugin 172 | ansible.builtin.copy: 173 | src: '{{ sonar_plugins_dir }}/sonarqube-community-branch-plugin-{{ branch_pversion }}.jar' 174 | dest: '{{ sonar_installation }}/lib/common/' 175 | mode: 0644 176 | remote_src: true 177 | when: 178 | - branch_plugin_url in sonar_all_plugins 179 | - branch_pversion is version("1.2.0", ">=") 180 | - branch_pversion is version("1.7.0", "<=") 181 | notify: 182 | - Restart Sonarqube 183 | - Restart Sonarqube with script 184 | 185 | - name: Flush handlers 186 | ansible.builtin.meta: flush_handlers 187 | 188 | - name: Verify login with old password 189 | ansible.builtin.uri: 190 | url: '{{ sonar_check_url }}/api/authentication/login' 191 | method: POST 192 | force_basic_auth: true 193 | user: '{{ sonar_web_user }}' 194 | password: '{{ sonar_web_old_password }}' 195 | body: 'login={{ sonar_web_user }}&password={{ sonar_web_old_password }}' 196 | body_format: form-urlencoded 197 | validate_certs: false 198 | status_code: 199 | - 200 200 | - 401 201 | register: login_result 202 | retries: 3 203 | delay: 20 204 | when: 205 | - change_password | bool 206 | 207 | - name: Update sonar web password 208 | ansible.builtin.uri: 209 | url: '{{ sonar_check_url }}/api/users/change_password' 210 | method: POST 211 | force_basic_auth: true 212 | user: '{{ sonar_web_user }}' 213 | password: '{{ sonar_web_old_password }}' 214 | body: 'login={{ sonar_web_user }}&password={{ sonar_web_password }}&previousPassword={{ sonar_web_old_password }}' 215 | body_format: form-urlencoded 216 | validate_certs: false 217 | status_code: 204 218 | when: 219 | - change_password | bool 220 | - login_result.status == 200 221 | 222 | - name: Jenkins webhook block 223 | ansible.builtin.include_tasks: jenkins.yml 224 | when: 225 | - sonar_set_jenkins_webhook | bool 226 | 227 | - name: Get initial list of profiles 228 | ansible.builtin.find: 229 | paths: '{{ sonar_path }}/profiles/' 230 | register: sonar_profile_list_initial 231 | become: true 232 | 233 | - name: Set list of profile filenames 234 | ansible.builtin.set_fact: 235 | sonar_profile_names_list_initial: >- 236 | {{ sonar_profile_list_initial.files | map(attribute='path') | map('basename') | list }} 237 | sonar_profile_names_list: >- 238 | {{ sonar_profile_list | map('basename') | list }} 239 | 240 | - name: Restore profiles block 241 | when: 242 | - sonar_restore_profiles | bool 243 | - sonar_profile_names_list | difference(sonar_profile_names_list_initial) | length 244 | block: 245 | - name: Copy profiles to profiles directory 246 | ansible.builtin.copy: 247 | src: '{{ profile_item }}' 248 | dest: '{{ sonar_path }}/profiles/' 249 | mode: 0644 250 | owner: '{{ sonar_user }}' 251 | group: '{{ sonar_group }}' 252 | loop: '{{ sonar_profile_list }}' 253 | loop_control: 254 | loop_var: profile_item 255 | become: true 256 | 257 | - name: Cleanup profiles directory 258 | ansible.builtin.file: 259 | path: '{{ profile_item.path }}' 260 | state: absent 261 | loop: '{{ sonar_profile_list_initial.files }}' 262 | loop_control: 263 | loop_var: profile_item 264 | when: (profile_item.path | basename) not in sonar_profile_names_list 265 | become: true 266 | 267 | - name: Get list of profiles 268 | ansible.builtin.find: 269 | paths: '{{ sonar_path }}/profiles/' 270 | register: sonar_profile_list_result 271 | become: true 272 | 273 | - name: Restore profiles 274 | # have to use curl because of https://github.com/ansible/ansible/issues/38172 275 | ansible.builtin.command: >- 276 | {{ curl_command }} -k -u {{ sonar_web_user }}:{{ sonar_web_password }} -F 277 | 'backup=@{{ profile_item.path }}' {{ sonar_check_url }}/api/qualityprofiles/restore 278 | loop: '{{ sonar_profile_list_result.files }}' 279 | loop_control: 280 | loop_var: profile_item 281 | register: profile_result 282 | changed_when: profile_result.rc != 0 283 | -------------------------------------------------------------------------------- /tasks/system/jenkins.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get webhooks list 3 | ansible.builtin.uri: 4 | url: '{{ sonar_check_url }}/api/webhooks/list' 5 | method: GET 6 | force_basic_auth: true 7 | user: '{{ sonar_web_user }}' 8 | password: '{{ sonar_web_password }}' 9 | validate_certs: false 10 | return_content: true 11 | register: webhooks_list 12 | 13 | - name: Get jenkins webhook key 14 | ansible.builtin.set_fact: 15 | webhook_key: '{{ item }}' 16 | loop: '{{ webhooks_list | json_query(webhook_name_query) }}' 17 | vars: 18 | webhook_name_query: "json.webhooks[?name=='{{ sonar_jenkins_webhook_name }}'].key" 19 | 20 | - name: Create jenkins webhook 21 | ansible.builtin.uri: 22 | url: '{{ sonar_check_url }}/api/webhooks/create' 23 | method: POST 24 | force_basic_auth: true 25 | user: '{{ sonar_web_user }}' 26 | password: '{{ sonar_web_password }}' 27 | body: 'name={{ sonar_jenkins_webhook_name }}&url={{ sonar_jenkins_webhook_url }}' 28 | body_format: form-urlencoded 29 | validate_certs: false 30 | when: 31 | - webhook_key is undefined 32 | 33 | - name: Update jenkins webhook 34 | ansible.builtin.uri: 35 | url: '{{ sonar_check_url }}/api/webhooks/update' 36 | method: POST 37 | force_basic_auth: true 38 | user: '{{ sonar_web_user }}' 39 | password: '{{ sonar_web_password }}' 40 | body: 'name={{ sonar_jenkins_webhook_name }}&url={{ sonar_jenkins_webhook_url }}&webhook={{ webhook_key }}' 41 | body_format: form-urlencoded 42 | validate_certs: false 43 | status_code: 204 44 | when: 45 | - webhook_key is defined 46 | -------------------------------------------------------------------------------- /templates/nginx.sonar.conf.j2: -------------------------------------------------------------------------------- 1 | # https://docs.sonarqube.org/latest/setup-and-upgrade/configure-and-operate-a-server/operating-the-server/ 2 | 3 | upstream sonar { 4 | server {{ web.host }}:{{ web.port }}; 5 | } 6 | 7 | server { 8 | {% if sonar_proxy_http %} 9 | listen {{ sonar_proxy_http_port }}; 10 | server_name {{ sonar_proxy_server_name }}; 11 | 12 | location / { 13 | proxy_pass http://sonar; 14 | } 15 | {% elif sonar_proxy_ssl %} 16 | listen {{ sonar_proxy_ssl_port }} ssl; 17 | 18 | ssl_certificate {{ sonar_proxy_ssl_cert_path }}; 19 | ssl_certificate_key {{ sonar_proxy_ssl_key_path }}; 20 | 21 | location / { 22 | proxy_pass http://sonar; 23 | proxy_set_header Host $host; 24 | proxy_set_header X-Forwarded-For $remote_addr; 25 | proxy_set_header X-Forwarded-Proto https; 26 | } 27 | {% endif %} 28 | 29 | # temporarily disabled, doesn't work correctly on all systems 30 | # 31 | # location ~* \.(css|gif|html|ico|jpeg|js|map|png|svg|txt|xml)$ { 32 | # root {{ sonar_installation }}/web; 33 | # } 34 | 35 | client_max_body_size {{ sonar_proxy_client_max_body_size }}; 36 | } 37 | -------------------------------------------------------------------------------- /templates/sonar.properties.j2: -------------------------------------------------------------------------------- 1 | # Web parameters 2 | sonar.web.host={{ web.host }} 3 | sonar.web.port={{ web.port }} 4 | sonar.web.context={{ web.path }} 5 | 6 | # DB connections 7 | {% if sonar_db.type != 'H2' %} 8 | sonar.jdbc.username={{ sonar_db.user }} 9 | sonar.jdbc.password={{ sonar_db.password }} 10 | sonar.jdbc.url=jdbc:{{ sonar_db.type }}://{{ sonar_db.host }}:{{ sonar_db.port }}/{{ sonar_db.name }}{{ sonar_db.options }} 11 | {% endif %} 12 | 13 | # Tuning 14 | sonar.log.level={{ sonar_log_level }} 15 | sonar.web.javaOpts={{ sonar_java_opts.web }} 16 | sonar.search.javaOpts={{ sonar_java_opts.es }} 17 | sonar.ce.javaOpts={{ sonar_java_opts.ce }} 18 | 19 | # CVE-2021-44228, to remove after elasticsearch/lib/log4j-*.jar updated to 2.15.0+ version 20 | sonar.search.javaAdditionalOpts=-Dlog4j2.formatMsgNoLookups=true 21 | 22 | {% if branch_plugin_url in sonar_all_plugins and branch_pversion is version("1.8.0", ">=") %} 23 | # branch plugin 24 | sonar.web.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-{{ branch_pversion }}.jar=web 25 | sonar.ce.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-{{ branch_pversion }}.jar=ce 26 | {% endif %} 27 | 28 | # update center 29 | sonar.updatecenter.activate={{ sonar_updatecenter_activate | bool | lower }} 30 | 31 | # LDAP AUTH 32 | {%- if (ldap is defined) %} 33 | # General Configuration 34 | sonar.security.realm=LDAP 35 | sonar.authenticator.downcase={{ ldap.authenticator_downcase | default('false') }} 36 | ldap.url={{ ldap.url | mandatory }} 37 | ldap.bindDn={{ ldap.bind_dn | mandatory }} 38 | ldap.bindPassword={{ ldap.bind_password | mandatory }} 39 | ldap.authentication={{ ldap.authentication | default('simple') }} 40 | ldap.realm={{ ldap.realm | default('') }} 41 | ldap.contextFactoryClass={{ ldap.contextFactoryClass | default('com.sun.jndi.ldap.LdapCtxFactory') }} 42 | ldap.StartTLS={{ ldap.StartTLS | default('false') }} 43 | ldap.followReferrals={{ ldap.followReferrals | default('true') }} 44 | 45 | # User Configuration 46 | ldap.user.baseDn={{ ldap.user_base_dn | mandatory }} 47 | ldap.user.request={{ ldap.user_request | default('(&(objectClass=inetOrgPerson)(uid={login}))') }} 48 | ldap.user.realNameAttribute={{ ldap.user_real_name_attribute | default('cn') }} 49 | ldap.user.emailAttribute={{ ldap.user_email_attribute | default('mail') }} 50 | 51 | # Group Configuration 52 | ldap.group.baseDn={{ ldap.group_base_dn | mandatory }} 53 | ldap.group.request={{ ldap.group_request | default('(&(objectClass=posixGroup)(memberUid={uid}))') }} 54 | ldap.group.idAttribute={{ ldap.group_idAttribute | default('cn') }} 55 | {%- endif %} -------------------------------------------------------------------------------- /templates/sonarqube.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=SonarQube Server 3 | After=network.target network-online.target 4 | Wants=network-online.target 5 | 6 | [Service] 7 | LimitNOFILE={{ sonar_nofile }} 8 | LimitNPROC={{ sonar_nproc }} 9 | WorkingDirectory={{ sonar_installation }}/bin/{{ '-'.join((ansible_system | lower, ansible_architecture | replace('_','-'))) }} 10 | ExecStart={{ sonar_installation }}/bin/{{ '-'.join((ansible_system | lower, ansible_architecture | replace('_','-'))) }}/sonar.sh start 11 | ExecStop={{ sonar_installation }}/bin/{{ '-'.join((ansible_system | lower, ansible_architecture | replace('_','-'))) }}/sonar.sh stop 12 | ExecReload={{ sonar_installation }}/bin/{{ '-'.join((ansible_system | lower, ansible_architecture | replace('_','-'))) }}/sonar.sh restart 13 | PIDFile={{ sonar_installation }}/bin/{{ '-'.join((ansible_system | lower, ansible_architecture | replace('_','-'))) }}/SonarQube.pid 14 | Type=forking 15 | User={{ sonar_user }} 16 | StartLimitInterval=30 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for sonarqube 3 | 4 | arch: "{{ 'x86-32' if ansible_architecture == 'i386' else 'x86-64' }}" 5 | distro: '{{ ansible_facts.system | lower }}' 6 | 7 | # to cheat ansible lint, have to use curl because of https://github.com/ansible/ansible/issues/38172 8 | curl_command: curl 9 | --------------------------------------------------------------------------------