fix: use sonar-scanner-cli container instead of npx for sonar scan

npx sonar-scanner fails on node:18-slim — no Java. Switch to dedicated sonarsource/sonar-scanner-cli container with Java + scanner bundled. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 15:25:49 +07:00
parent 1bd3dd7b82
commit 22c8593d23
2 changed files with 15 additions and 4 deletions
--- a/vars/homelabK8sAgent.groovy
+++ b/vars/homelabK8sAgent.groovy
@@ -5,11 +5,13 @@
 *   nodeImage       - default: node:18-slim
 *   harborRegistry  - default: harbor-core.harbor.svc.cluster.local
 *   withTools       - include alpine/git container, default: false
+ *   withSonar       - include sonarsource/sonar-scanner-cli container, default: false
 */
 def call(Map config = [:]) {
    def nodeImage  = config.nodeImage      ?: 'node:18-slim'
    def harborReg  = config.harborRegistry ?: 'harbor-core.harbor.svc.cluster.local'
    def withTools  = config.withTools      ?: false
+    def withSonar  = config.withSonar      ?: false

    def toolsBlock = withTools ? """
  - name: tools
@@ -19,6 +21,14 @@ def call(Map config = [:]) {
    args:
    - infinity""" : ""

+    def sonarBlock = withSonar ? """
+  - name: sonar
+    image: sonarsource/sonar-scanner-cli:latest
+    command:
+    - sleep
+    args:
+    - infinity""" : ""
+
    return """
 apiVersion: v1
 kind: Pod
@@ -38,6 +48,6 @@ spec:
    - name: DOCKER_TLS_CERTDIR
      value: ""
    args:
-    - --insecure-registry=${harborReg}${toolsBlock}
+    - --insecure-registry=${harborReg}${toolsBlock}${sonarBlock}
 """.stripIndent()
 }
--- a/vars/scanCodeQuality.groovy
+++ b/vars/scanCodeQuality.groovy
@@ -1,6 +1,7 @@
 /**
- * Runs sonar-scanner via npx inside current container.
- * Must be called inside container('node') block.
+ * Runs sonar-scanner inside container('sonar') (sonarsource/sonar-scanner-cli).
+ * Must be called inside container('sonar') block.
+ * Agent pod must be created with homelabK8sAgent(withSonar: true).
 *
 * config keys:
 *   projectKey (required) - SonarQube project key
@@ -22,7 +23,7 @@ def call(Map config) {

    withCredentials([string(credentialsId: credId, variable: 'SONAR_TOKEN')]) {
        sh """
-            npx sonar-scanner \
+            sonar-scanner \
              -Dsonar.projectKey=${projectKey} \
              -Dsonar.sources=${sources} \
              -Dsonar.host.url=${sonarUrl} \