From 58e51dc20556ba51ff660f41f6071400f794701a Mon Sep 17 00:00:00 2001
From: jung geun <pieroot.02@gmail.com>
Date: Tue, 3 Sep 2024 21:11:35 +0900
Subject: [PATCH] chore: Add GitLab CI configuration for SonarQube analysis

---
 .gitlab-ci.yml           | 47 ++++++++++++++++++++++++++++++++++++++++
 sonar-project.properties |  2 ++
 2 files changed, 49 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 sonar-project.properties

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..9458b2b
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,47 @@
+image: 
+    name: sonarsource/sonar-scanner-cli:11.0
+    entrypoint: [""]
+
+variables:
+  SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
+  GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
+
+stages:
+  - sonarqube-check
+  - sonarqube-vulnerability-report
+
+sonarqube-check:
+  stage: sonarqube-check
+  # dependencies:
+  #   - get-binaries
+  #   - build
+  cache:
+    policy: pull
+    key: "${CI_COMMIT_SHORT_SHA}"
+    paths:
+      - sonar-scanner/
+      
+      
+  script: 
+    - sonar-scanner
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - if: $CI_COMMIT_BRANCH == 'main'
+    - if: $CI_COMMIT_BRANCH == 'develop'
+
+sonarqube-vulnerability-report:
+  stage: sonarqube-vulnerability-report
+  script:
+    - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=pieroot_cloudflare-ddns_e6da100b-a671-4736-87ac-9a41acda99f6&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - if: $CI_COMMIT_BRANCH == 'main'
+    - if: $CI_COMMIT_BRANCH == 'develop'
+  artifacts:
+    expire_in: 1 day
+    reports:
+      sast: gl-sast-sonar-report.json
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..8c355d6
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,2 @@
+sonar.projectKey=pieroot_cloudflare-ddns_e6da100b-a671-4736-87ac-9a41acda99f6
+sonar.qualitygate.wait=true