Add initial version (#2)

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in the repo and
+# will be requested for review when someone opens a pull request.
+*       @swissgrc/platform

.github/renovate.json

@@ -0,0 +1,13 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+      "github>swissgrc/renovate-presets:docker"
+    ],
+    "packageRules": [
+      {
+        "matchDepNames": [ "dotnet/sdk" ],
+        "description": "No .NET SDK Major Updates",      
+        "extends": [ ":disableMajorUpdates" ]
+      }
+    ]
+}  

.github/workflows/linter.yml

@@ -0,0 +1,12 @@
+name: Lint Code Base
+
+on:
+  pull_request:
+    branches: [develop]
+
+jobs:
+  lint-image:
+    name: Lint Code Base
+    uses: swissgrc/.github/.github/workflows/lint-image.yml@main
+    secrets:
+      gh-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

@@ -0,0 +1,24 @@
+name: Build
+
+on:
+  push:
+    branches: [develop]
+  release:
+    types: [published]
+  pull_request:
+    branches: [develop]
+
+jobs:
+  publish-image:
+    name: Build and push Docker image
+    uses: swissgrc/.github/.github/workflows/publish-image.yml@main
+    with:
+      image-name: swissgrc/azure-pipelines-sonarscannermsbuild
+      default-latest-tag: true
+      additional-latest-tag-name: 8
+      default-unstable-tag: true
+      additional-unstable-tag-name: 8-unstable
+    secrets:
+      gh-token: ${{ secrets.GITHUB_TOKEN }}
+      docker-username: ${{ secrets.DOCKER_USERNAME }}
+      docker-password: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/sonarcloud.yml

@@ -0,0 +1,14 @@
+name: SonarCloud
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    uses: swissgrc/.github/.github/workflows/sonarcloud.yml@main
+    secrets:
+      gh-token: ${{ secrets.GITHUB_TOKEN }}
+      sonar-token: ${{ secrets.SONAR_TOKEN }}

Dockerfile

@@ -0,0 +1,126 @@
+# Base image containing dependencies used in builder and final image
+FROM ghcr.io/swissgrc/azure-pipelines-openjdk:17.0.9.0 AS base
+
+
+# Builder image
+FROM base AS build
+
+# Make sure to fail due to an error at any stage in shell pipes
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# renovate: datasource=repology depName=debian_12/curl versioning=loose
+ENV CURL_VERSION=7.88.1-10+deb12u4
+
+RUN apt-get update -y && \
+  # Install necessary dependencies
+  apt-get install -y --no-install-recommends curl=${CURL_VERSION} && \
+  # Add Git LFS PPA
+  curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+  # Add NodeJS PPA
+  curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
+  NODE_MAJOR=18 && \
+  echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
+  # Add .NET PPA
+  curl -o /tmp/packages-microsoft-prod.deb https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb && \
+  dpkg -i /tmp/packages-microsoft-prod.deb && \
+  rm -rf /tmp/*
+
+
+# Final image
+FROM base AS final
+
+LABEL org.opencontainers.image.vendor="Swiss GRC AG"
+LABEL org.opencontainers.image.authors="Swiss GRC AG <[email protected]>"
+LABEL org.opencontainers.image.title="azure-pipelines-sonarscannermsbuild"
+LABEL org.opencontainers.image.documentation="https://github.com/swissgrc/docker-azure-pipelines-sonarscannermsbuild"
+
+# Make sure to fail due to an error at any stage in shell pipes
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+WORKDIR /
+# Copy Git LFS & NodeJS PPA keyring
+COPY --from=build /etc/apt/keyrings/ /etc/apt/keyrings
+# Copy .NET keyring
+COPY --from=build /usr/share/keyrings/ /usr/share/keyrings 
+COPY --from=build /etc/apt/trusted.gpg.d/ /etc/apt/trusted.gpg.d
+# Copy sources
+COPY --from=build /etc/apt/sources.list.d/ /etc/apt/sources.list.d
+
+# Install Git
+
+# renovate: datasource=repology depName=debian_12/git versioning=loose
+ENV GIT_VERSION=1:2.39.2-1.1
+
+RUN apt-get update -y && \
+  # Install Git
+  apt-get install -y --no-install-recommends git=${GIT_VERSION} && \
+  # Clean up
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Smoke test
+  git version
+
+# Install Git LFS
+
+# renovate: datasource=github-tags depName=git-lfs/git-lfs extractVersion=^v(?<version>.*)$
+ENV GITLFS_VERSION=3.4.0
+
+RUN apt-get update -y && \
+  # Install Git LFS
+  apt-get install -y --no-install-recommends git-lfs=${GITLFS_VERSION}  && \
+  # Clean up
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Smoke test
+  git lfs version
+
+# Install NodeJS
+
+# renovate: datasource=github-tags depName=nodejs/node extractVersion=^v(?<version>.*)$
+ENV NODE_VERSION=18.19.0
+
+# Install NodeJS
+
+RUN apt-get update -y && \
+  # Install NodeJs
+  apt-get install -y --no-install-recommends nodejs=${NODE_VERSION}-1nodesource1 && \
+  # Clean up
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Smoke test
+  node -v
+
+# Install .NET
+
+# renovate: datasource=github-tags depName=dotnet/sdk extractVersion=^v(?<version>.*)$
+ENV DOTNET_VERSION=8.0.100
+
+ENV \
+    # Do not show first run text
+    DOTNET_NOLOGO=true \
+    DOTNET_SKIP_FIRST_TIME_EXPERIENCE=true \
+    # Disable telemetry
+    DOTNET_CLI_TELEMETRY_OPTOUT=true \
+    # Enable correct mode for dotnet watch (only mode supported in a container)
+    DOTNET_USE_POLLING_FILE_WATCHER=true \
+    # Skip extraction of XML docs - generally not useful within an image/container - helps performance
+    NUGET_XMLDOC_MODE=skip
+
+RUN apt-get update -y && \
+  # Install .NET
+  apt-get install -y --no-install-recommends dotnet-sdk-8.0=${DOTNET_VERSION}-1 && \
+  # Clean up
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* && \
+  # Smoke test
+  dotnet --info
+
+# Install Dependencies required for dotnet test coverage
+
+# renovate: datasource=repology depName=debian_12/libxml2 versioning=loose
+ENV LIBXML_VERSION=2.9.14+dfsg-1.3~deb12u1
+
+RUN apt-get update -y && \
+  apt-get install -y --no-install-recommends libxml2=${LIBXML_VERSION} && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/*

README.md

@@ -1,2 +1,49 @@
-# docker-azure-pipelines-sonarscannermsbuild-8
-🐳 Docker image for running Sonar Scanner for .NET 8 in an Azure Pipelines container job
+# Docker image for running Sonar Scanner for .NET 8 in an Azure Pipelines container job
+
+<!-- markdownlint-disable MD013 -->
+[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-sonarscannermsbuild-8/blob/main/LICENSE) [![Build](https://img.shields.io/github/actions/workflow/status/swissgrc/docker-azure-pipelines-sonarscannermsbuild-8/publish.yml?branch=develop&style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-sonarscannermsbuild-8/actions/workflows/publish.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=swissgrc_docker-azure-pipelines-sonarscannermsbuild-8&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=swissgrc_docker-azure-pipelines-sonarscannermsbuild-8) [![Pulls](https://img.shields.io/docker/pulls/swissgrc/azure-pipelines-sonarscannermsbuild.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-sonarscannermsbuild) [![Stars](https://img.shields.io/docker/stars/swissgrc/azure-pipelines-sonarscannermsbuild.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-sonarscannermsbuild)
+<!-- markdownlint-restore -->
+
+Docker image to run [Sonar Scanner for .NET] in [Azure Pipelines container jobs].
+
+## Usage
+
+This image can be used to run Sonar Scanner CLI in [Azure Pipelines container jobs].
+
+### Azure Pipelines Container Job
+
+To use the image in an Azure Pipelines Container Job, add one of the following example tasks and use it with the `container` property.
+
+The following example shows the container used for a deployment step which shows .NET version:
+
+```yaml
+  - stage: Build
+    jobs:
+    - job: Build
+      steps:
+      - task: SonarCloudPrepare@1
+        displayName: 'Prepare analysis configuration'
+        target: swissgrc/azure-pipelines-sonarscannermsbuild:8-unstable
+        inputs:
+          SonarCloud: 'SonarCloud'
+          organization: 'myOrganization'
+          scannerMode: 'MSBuild'
+          projectKey: 'my-project'
+          projectName: 'MyProject'
+      - bash: |
+          dotnet build
+        displayName: "Build"
+        target: swissgrc/azure-pipelines-sonarscannermsbuild:8-unstable
+      - task: SonarCloudAnalyze@1
+        displayName: 'Run SonarCloud analysis'
+        target: swissgrc/azure-pipelines-sonarscannermsbuild:8-unstable
+```
+
+### Tags
+
+| Tag          | Description                                     | Base Image                                | .NET SDK | NodeJS  | Git        | Git LFS | Size                                                                                                                                           |
+|--------------|-------------------------------------------------|-------------------------------------------|----------|---------|------------|---------|------------------------------------------------------------------------------------------------------------------------------------------------|
+| 8-unstable   | Latest unstable release (from `develop` branch) | swissgrc/azure-pipelines-openjdk:17.0.9.0 | 8.0.100  | 18.19.0 | 2.39.2-1.1 | 3.4.0   | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-sonarscannermsbuild/8-unstable?style=flat-square) |
+
+[Sonar Scanner for .NET]: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-msbuild/
+[Azure Pipelines container jobs]: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/container-phases

sonar-project.properties

@@ -0,0 +1,12 @@
+sonar.projectKey=swissgrc_docker-azure-pipelines-sonarscannermsbuild-8
+sonar.organization=swissgrc-opensource
+
+# This is the name and version displayed in the SonarCloud UI.
+sonar.projectName=docker-azure-pipelines-sonarscannermsbuild-8
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+#sonar.sources=.
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8