Add sonarqube coverage and verification tests

Change-Id: I92823f084bd5a4d1fbee85848618a65a2a44d26c
diff --git a/jjb/sonar.yaml b/jjb/sonar.yaml
new file mode 100644
index 0000000..d6adbf2
--- /dev/null
+++ b/jjb/sonar.yaml
@@ -0,0 +1,123 @@
+---
+# Sonarqube coverage tests
+#
+# There are two kinds of tests:
+#
+#  - coverage_{project}_sonarqube - run after merge to give an idea of ongoing code health
+#  - verify_{project}_sonarqube - run on patchsets, invoked in the verify/*.yaml
+#
+# JJB module docs:
+#  https://docs.openstack.org/infra/jenkins-job-builder/builders.html?highlight=sonar#builders.sonar
+#
+# Sonarqube docs:
+#  https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins
+#  https://docs.sonarqube.org/display/SCAN/Advanced+SonarQube+Scanner+Usages
+
+- project:
+    name: 'sonarqube-ongoing-coverage'
+
+    jobs:
+      - 'sonarqube-coverage':
+          branch-regexp: '{supported-branches-regexp}'
+          project:
+            - 'cord'
+            - 'maas'
+            - 'platform-install'
+            - 'xos'
+
+# run ongoing coverage tests on merged patchsets
+- job-template:
+    id: sonarqube-coverage
+    name: 'coverage_{project}_sonarqube'
+    description: |
+      Created by sonarqube-coverage job-template from ci-management/jjb/sonar.yaml
+
+    triggers:
+      - cord-infra-gerrit-trigger-merge:
+          gerrit-server-name: '{gerrit-server-name}'
+          project-regexp: '^{project}$'
+          branch-regexp: '{branch-regexp}'
+          dependency-jobs: '{dependency-jobs}'
+          file-include-regexp: '{all-files-regexp}'
+
+    properties:
+      - cord-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+          artifact-num-to-keep: '{artifact-num-to-keep}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    scm:
+      - lf-infra-gerrit-scm:
+          git-url: '$GIT_URL/$GERRIT_PROJECT'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: 'false'
+          choosing-strategy: gerrit
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    node: '{build-node}'
+    project-type: freestyle
+    concurrent: true
+
+    builders:
+      - sonar:
+          sonar-name: 'sonarqube.opencord.org'
+          properties: |
+            sonar.projectKey={project}_$GERRIT_BRANCH
+            sonar.python.pylint=/usr/local/bin/pylint
+
+
+# run Sonarqube as a verification jobs on individual patchsets
+- job-template:
+    id: verify-sonarqube
+    name: 'verify_{project}_sonarqube'
+    description: |
+      Created by verify-sonarqube job-template from ci-management/jjb/sonar.yaml
+
+    triggers:
+      - cord-infra-gerrit-trigger-patchset:
+          gerrit-server-name: '{gerrit-server-name}'
+          project-regexp: '^{project}$'
+          branch-regexp: '{branch-regexp}'
+          dependency-jobs: '{dependency-jobs}'
+          file-include-regexp: '{all-files-regexp}'
+
+    properties:
+      - cord-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+          artifact-num-to-keep: '{artifact-num-to-keep}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    scm:
+      - lf-infra-gerrit-scm:
+          git-url: '$GIT_URL/$GERRIT_PROJECT'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: 'false'
+          choosing-strategy: gerrit
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    node: '{build-node}'
+    project-type: freestyle
+    concurrent: true
+
+# coverage checks with sonarqube
+# module docs: https://docs.openstack.org/infra/jenkins-job-builder/builders.html?highlight=sonar#builders.sonar
+# Sonarqube docs:
+#  https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins
+#  https://docs.sonarqube.org/display/SCAN/Advanced+SonarQube+Scanner+Usages
+    builders:
+      - sonar:
+          sonar-name: 'sonarqube.opencord.org'
+          properties: |
+            sonar.projectKey=verify_{project}_$GERRIT_BRANCH
+            sonar.python.pylint=/usr/local/bin/pylint
+
diff --git a/jjb/verify/cord.yaml b/jjb/verify/cord.yaml
index 601f3b0..7509064 100644
--- a/jjb/verify/cord.yaml
+++ b/jjb/verify/cord.yaml
@@ -15,6 +15,8 @@
       - 'verify-licensed'
       - 'verify-ansible-lint':
           dependency-jobs: 'verify_cord_licensed'
+      - 'verify-sonarqube':
+          dependency-jobs: 'verify_cord_ansible-lint'
       - 'api-test':
-          dependency-jobs: 'verify_cord_licensed, verify_cord_ansible-lint'
+          dependency-jobs: 'verify_cord_sonarqube'
 
diff --git a/jjb/verify/maas.yaml b/jjb/verify/maas.yaml
index f9c029c..00127de 100644
--- a/jjb/verify/maas.yaml
+++ b/jjb/verify/maas.yaml
@@ -15,4 +15,6 @@
       - 'verify-licensed'
       - 'verify-ansible-lint':
           dependency-jobs: 'verify_maas_licensed'
+      - 'verify-sonarqube':
+          dependency-jobs: 'verify_maas_ansible-lint'
 
diff --git a/jjb/verify/platform-install.yaml b/jjb/verify/platform-install.yaml
index c04db63..241c8bf 100644
--- a/jjb/verify/platform-install.yaml
+++ b/jjb/verify/platform-install.yaml
@@ -15,6 +15,8 @@
       - 'verify-licensed'
       - 'verify-ansible-lint':
           dependency-jobs: 'verify_platform-install_licensed'
+      - 'verify-sonarqube':
+          dependency-jobs: 'verify_platform-install_ansible-lint'
       - 'api-test':
-          dependency-jobs: 'verify_platform-install_licensed, verify_platform-install_ansible-lint'
+          dependency-jobs: 'verify_platform-install_sonarqube'
 
diff --git a/jjb/verify/xos.yaml b/jjb/verify/xos.yaml
index 8b7c48b..5f3e911 100644
--- a/jjb/verify/xos.yaml
+++ b/jjb/verify/xos.yaml
@@ -13,5 +13,7 @@
     name: 'verify-xos-jobs'
     jobs:
       - 'verify-licensed'
-      - 'api-test':
+      - 'verify-sonarqube':
           dependency-jobs: 'verify_xos_licensed'
+      - 'api-test':
+          dependency-jobs: 'verify_xos_sonarqube'