Hi there. I am working on implementing a SQ integration into CodeCommit as outlined in this guide:
I was able to successfully test the concept using the guide above in our lab environment and am now trying to adapt it to our stage environment where it will operate in our workflow. TL;DR, the guide outlines a process to trigger a PR approval rule that kicks off a build pipeline to feed the commit(s) into an AWS EC2 instance running SQ Community using Maven’s SonarScanner plugin. If the scan passes, the PR is approved for merge.
All the AWS workflow stuff works fine in both my test setup and in my production setup. The problem I’m running into is that the only file that is being checked by SQ is the POM file (the one configuring Maven). I have verified that the PR contains multiple commits which involve other files. I tried just adding a comment to one of the actual golang files I want it to look at, and when that didn’t work, I copied the whole golang file into the same root of the repo folder that the POM file is located in.
I’m using the buildspec and the POM contained in the guide above (found here GitHub - aws-samples/aws-codecommit-pull-request-approver-demo: AWS CodeCommit sample repository with SonarQube integration) with a few modifications - there’s a lot of static version references that I had to update (only done so far in the buildspec (because it wouldn’t run otherwise) not the POM), and obviously the relevant server info in my environment). I don’t see any references to specific files in the POM or buildspec that would limit the scan to just the POM file. The only thing I can tell is limiting what SQ is scanning is a variable in the buildspec for checking out $SOURCE_COMMIT.
The SQ server is a vanilla install of Community v9.9.1.69595. All I’ve done server-side was to add a service account used by the build pipeline. The server is running on Amazon Linux 2023.
The buildspec runs the following commands to invoke SQ:
build:
commands:
- mvn install
- result=$(mvn clean sonar:sonar -Dsonar.projectKey=$sonar_project_key -Dsonar.host.url=$sonar_host_url -Dsonar.login=$sonar_username -Dsonar.password=$sonar_password)
- echo $result
$sonar_project_key is defined in the buildspec as just the name of the repo.
Let me know if you need the POM file for reference. There are no errors in the build, everything looks like it passed as far as the build is concerned. Any suggestion on where I’m going wrong here?