From 1bd3dd7b822269d74c0dd6b1620ebc84664716d6 Mon Sep 17 00:00:00 2001
From: duynguyen <huonghaiduynhim@gmail.com>
Date: Sat, 2 May 2026 14:51:23 +0700
Subject: [PATCH] feat: add scanCodeQuality var for SonarQube scanning

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 vars/scanCodeQuality.groovy | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 vars/scanCodeQuality.groovy

diff --git a/vars/scanCodeQuality.groovy b/vars/scanCodeQuality.groovy
new file mode 100644
index 0000000..b766720
--- /dev/null
+++ b/vars/scanCodeQuality.groovy
@@ -0,0 +1,33 @@
+/**
+ * Runs sonar-scanner via npx inside current container.
+ * Must be called inside container('node') block.
+ *
+ * config keys:
+ *   projectKey (required) - SonarQube project key
+ *   sonarUrl   (optional) - SonarQube server URL, default: http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000
+ *   credId     (optional) - Jenkins secret-text credential id, default: sonarqube-token
+ *   sources    (optional) - sources to scan, default: .
+ *   exclusions (optional) - comma-separated paths to exclude
+ */
+def call(Map config) {
+    def projectKey = config.projectKey
+    if (!projectKey) error('scanCodeQuality: projectKey is required')
+
+    def sonarUrl   = config.sonarUrl   ?: 'http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000'
+    def credId     = config.credId     ?: 'sonarqube-token'
+    def sources    = config.sources    ?: '.'
+    def exclusions = config.exclusions ?: ''
+
+    def exclusionsArg = exclusions ? "-Dsonar.exclusions=${exclusions}" : ''
+
+    withCredentials([string(credentialsId: credId, variable: 'SONAR_TOKEN')]) {
+        sh """
+            npx sonar-scanner \
+              -Dsonar.projectKey=${projectKey} \
+              -Dsonar.sources=${sources} \
+              -Dsonar.host.url=${sonarUrl} \
+              -Dsonar.token=\${SONAR_TOKEN} \
+              ${exclusionsArg}
+        """
+    }
+}