From ee35c5f81ec5e6aff830643e2120f8d4ab17942c Mon Sep 17 00:00:00 2001
From: "ekouejor.follysod" <ekoue-jordan.folly-sodoga@etu.hesge.ch>
Date: Wed, 26 Mar 2025 16:00:47 +0100
Subject: [PATCH] sonar

---
 .gitlab-ci.yml           | 45 +++++++++++++++++++++++++++++++++++++---
 sonar-project.properties |  2 ++
 2 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 sonar-project.properties

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9647991..72d8dcd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,10 +1,15 @@
 stages:
 - build
-- quality
-
+- build-sonar
+- sonarqube-vulnerability-report
 - documentation
 
+image:
+    name: leadrien/isc-sonar-scanner-cli:latest
+
 variables:
+  SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
+  GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
 
 default:
   image: node:lts-slim
@@ -18,4 +23,38 @@ build:
   script: npm run build
   artifacts:
     paths:
-      - dist
\ No newline at end of file
+      - dist
+
+build-sonar:
+  stage: build-sonar
+
+  cache:
+    policy: pull-push
+    key: "sonar-cache-$CI_COMMIT_REF_SLUG"
+    paths:
+      - "${SONAR_USER_HOME}/cache"
+      - sonar-scanner/
+
+  script:
+    - sonar-scanner -Dsonar.host.url="${SONAR_HOST_URL}"
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - if: $CI_COMMIT_BRANCH == 'main'
+    - if: $CI_COMMIT_BRANCH == 'develop'
+
+sonarqube-vulnerability-report:
+  stage: sonarqube-vulnerability-report
+  script:
+    - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=folly-breakout&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - if: $CI_COMMIT_BRANCH == 'main'
+    - if: $CI_COMMIT_BRANCH == 'develop'
+  artifacts:
+    expire_in: 1 day
+    reports:
+      sast: gl-sast-sonar-report.json
\ No newline at end of file
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..8e833fb
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,2 @@
+sonar.projectKey=folly-breakout
+sonar.qualitygate.wait=true
-- 
GitLab