From 22c8593d23b2d7d19b8c4d62f878143bc251035c Mon Sep 17 00:00:00 2001
From: duynguyen <huonghaiduynhim@gmail.com>
Date: Sat, 2 May 2026 15:25:49 +0700
Subject: [PATCH] fix: use sonar-scanner-cli container instead of npx for sonar
 scan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

npx sonar-scanner fails on node:18-slim — no Java. Switch to dedicated
sonarsource/sonar-scanner-cli container with Java + scanner bundled.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 vars/homelabK8sAgent.groovy | 12 +++++++++++-
 vars/scanCodeQuality.groovy |  7 ++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/vars/homelabK8sAgent.groovy b/vars/homelabK8sAgent.groovy
index 1b9b686..0dbed6d 100644
--- a/vars/homelabK8sAgent.groovy
+++ b/vars/homelabK8sAgent.groovy
@@ -5,11 +5,13 @@
  *   nodeImage       - default: node:18-slim
  *   harborRegistry  - default: harbor-core.harbor.svc.cluster.local
  *   withTools       - include alpine/git container, default: false
+ *   withSonar       - include sonarsource/sonar-scanner-cli container, default: false
  */
 def call(Map config = [:]) {
     def nodeImage  = config.nodeImage      ?: 'node:18-slim'
     def harborReg  = config.harborRegistry ?: 'harbor-core.harbor.svc.cluster.local'
     def withTools  = config.withTools      ?: false
+    def withSonar  = config.withSonar      ?: false
 
     def toolsBlock = withTools ? """
   - name: tools
@@ -19,6 +21,14 @@ def call(Map config = [:]) {
     args:
     - infinity""" : ""
 
+    def sonarBlock = withSonar ? """
+  - name: sonar
+    image: sonarsource/sonar-scanner-cli:latest
+    command:
+    - sleep
+    args:
+    - infinity""" : ""
+
     return """
 apiVersion: v1
 kind: Pod
@@ -38,6 +48,6 @@ spec:
     - name: DOCKER_TLS_CERTDIR
       value: ""
     args:
-    - --insecure-registry=${harborReg}${toolsBlock}
+    - --insecure-registry=${harborReg}${toolsBlock}${sonarBlock}
 """.stripIndent()
 }
diff --git a/vars/scanCodeQuality.groovy b/vars/scanCodeQuality.groovy
index b766720..7e21eec 100644
--- a/vars/scanCodeQuality.groovy
+++ b/vars/scanCodeQuality.groovy
@@ -1,6 +1,7 @@
 /**
- * Runs sonar-scanner via npx inside current container.
- * Must be called inside container('node') block.
+ * Runs sonar-scanner inside container('sonar') (sonarsource/sonar-scanner-cli).
+ * Must be called inside container('sonar') block.
+ * Agent pod must be created with homelabK8sAgent(withSonar: true).
  *
  * config keys:
  *   projectKey (required) - SonarQube project key
@@ -22,7 +23,7 @@ def call(Map config) {
 
     withCredentials([string(credentialsId: credId, variable: 'SONAR_TOKEN')]) {
         sh """
-            npx sonar-scanner \
+            sonar-scanner \
               -Dsonar.projectKey=${projectKey} \
               -Dsonar.sources=${sources} \
               -Dsonar.host.url=${sonarUrl} \