I have a gitlab pipeline set up where it will invoke sonarqube for source code analysis. Unfortunately, SonarQube stubbornly claims 'The main branch has no lines of code.', but if I analyze the same code on gitlab-runner, the whole thing is displayed correctly and I can see the results of the analysis.
On gitlab-runner, I run the following command:
gitlab-runner exec shell sonarqube-analyze
Wheren sonarqube-analyze is a name of gitlab-ci job
Related
We have a build that runs SonarQube from Jenkins using a bash script, and we want to get the results of the tests back in the Jenkins pipeline so we can prevent merges on fail. We are using v2 of Jenkins, but it is an old version that doesn't support the SonarQube Jenkins plugin, and upgrading Jenkins isn't something we can accomplish in our sprint.
Is there is a way to get the results to gate our pipeline with what we have? At the moment this is how we're running SonarQube from Jenkins in OpenShift.
dotnet build
~/.dotnet/tools/coverlet "./bin/Debug/netcoreapp3.1/AppTests.dll" --target "dotnet" --targetargs 'test . --no-build --logger "trx;LogFileName=TestResults.trx" --logger "xunit;LogFileName=TestResults.xml" --results-directory ../BuildReports/UnitTests' -f opencover -o ./BuildReports/Coverage/coverage
dotnet build-server shutdown
~/.dotnet/tools/dotnet-sonarscanner begin /k:${APP_NAME} /n:${APP_NAME} /d:sonar.host.url=${SONAR_URL} /d:sonar.cs.opencover.reportsPaths="./BuildReports/Coverage/coverage.opencover.xml" /d:sonar.exclusions="**/Migrations/*" /d:sonar.coverage.exclusions="**Tests*.cs","**/Migrations/*","**/Program.cs" /d:sonar.cpd.exclusions="**/Migrations/*" /d:sonar.cs.vstest.reportsPaths="./BuildReports/UnitTests/TestResults.trx" /d:sonar.cs.nunit.reportsPaths="./BuildReports/UnitTests/TestResults.xml"
dotnet build -v n
~/.dotnet/tools/dotnet-sonarscanner end
dotnet build-server shutdown
Install the Build Breaker plugin on the SonarQube server. And enable it for the project you are scanning -- to do this go to Project Settings on the SonarQube server. You may need server level and project level Administrative rights for doing this.
Now the Sonar Scanner will check for the quality gate status after doing the code analysis. In case the quality gate fails, the scanner returns with a non-zero status code that can be used to mark the build as “failed”.
https://github.com/adnovum/sonar-build-breaker#sonarqube-build-breaker-plugin
In case you don't have control over what gets installed on the SonarQube server, then you may write a bash script to use the curl command to hit web API of your SonarQube server to first find if the analysis report has been processed by the SonarQube server and then the quality gate status of the code analysis just concluded.
For the documentation of the web API, see http://<sonarqube-server-host>/web_api.
When scanning code from a pull request (bitbucket) Sonar ignores the code coverage report. This process is performed on Jenkins.
Create report command:
clean install -Pjacoco org.jacoco:jacoco-maven-plugin:report -s
./template_config/settings.xml
It's offline mode coverage scan.
Then executing scanner command:
sonar:sonar -Psonar -Dsonar.branch.name=${PULL_REQUEST_FROM_BRANCH}
-Dsonar.branch.target=${PULL_REQUEST_TO_BRANCH} -Dsonar.verbose=true
-Dsonar.inclusions=${SONAR_DIFF} -Dsonar.host.url="sonar_address"
-Dsonar.login="any_login" -s ./template_config/settings.xml
With sonar inclusions option:
All the branches in the sonar marked as long living.
In the "sonar.inclusions" option I pass a list of files that have been modified by this pull request.
If i remove the option , the coverage will be displayed in the dashboard. But the sonar scans the whole project. Please help to solve this problem.
Without sonar inclusions option:
After merging with the main branch and adding new code, I created a second pull request. The analysis job was run in Jenkins and the coverage was displayed in the dashboard.
The resulting dashboard with "sonar.inclusions"
But one thing. Code coverage was evaluated against the code that changed in the second pull request. The code from the first pull request is not analyzed.
I have an application in springboot which uses gradle to build the code.
I have setup https://github.com/gabrie-allaigre/sonar-gitlab-plugin on SonarQube and have integrated gitlab CI
to analyse code on every push/commit. What I want to achieve is to break the push/commit if the analysis fails.
Below is my .gitlab-ci.yml
image: XXXXXX:oraclejdk:1.8.0_121
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
sonarqube_master_job:
stage: test
only:
- master
- release2.0
script:
- ./gradlew assemble
- ./gradlew -x test sonarqube -Dsonar.host.url=http://sonarqube.XXX.XXX.XXX:9000/sonarqube -Dsonar.login=xxxxxxxxxxxxxxxxxxxx
sonarqube_preview_feature_job:
stage: test
only:
- /^feature\/*/
- development
script:
- git checkout $CI_COMMIT_REF_NAME
- git merge --no-commit --no-ff
- ./gradlew assemble
- ./gradlew -x test sonarqube -Dsonar.host.url=http://XXXX.XXXXX.com:9000/sonarqube -Dsonar.login=xxxxxxxxxxxxxxxxxxxxx -Dsonar.analysis.mode=preview -Dsonar.gitlab.commit_sha=$CI_COMMIT_REF -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.gitlab.project_id=$CI_PROJECT_ID --stacktrace
How do I make sure the push fails if the analysis fails? Do I need to use webhooks. Is there a sample CI file?
#jibsonline, You can refer to my answer provided in the below link.
However the script answers only how to break the build on sonar analysis and display the results.
How to integrate Sonar Quality Gates with Gitlab-CI
Since gitlab triggers the build, once the changes were pushed, it is not advisable to set up an automated tool to revert the code changes on your behalf. Whenever a build fails, write script (dependencies) such that the code will not be deployed. Since the code is not deployed, your environment will not be effected. Also,set up an email configuration whenever build fails.
I am runnig Sonarqube 5.3 and has integrated it with Jenkins. I want to post Sonareqube issues as Gerrit comments.
Then I need to specify the path to and name of the data generated from sonarqube, e.g. build/sonar/sonar-report.json
The file sonar-report.json is not generated and I have found some setting for Sonarqube that shouold make sonareqube create the file.
sonar.report.export.path=sonar-report.json
sonar.issuesReport.html.enable=true
sonar.issuesReport.json.enable=true
sonar.issuesReport.console.enable=true
I have tried to set these in the file
<sonar-installation-directory>/conf/sonar.properties
I have restarted the Sonare service and restarted the computer but the sonar-report.json file is still not created.
Those properties are not meant to be configured on the server side, they are passed on the scanner side, and are valid only for analysis in preview mode (by the way no need for sonar.issuesReport.json.enable). That's what SonarLint for Command Line is about.
Why preview mode ? Because the goal is to analyse a diff (to comment the code review in your case). You don't want a full analysis to be submitted to SonarQube if the code is not yet pushed to the repo.
Example:
$ sonar-runner -Dsonar.analysis.mode=preview -Dsonar.issuesReport.html.enable=true -Dsonar.report.export.path=report.json -Dsonar.host.url=http://localhost:9000
[...]
$ ls .sonar/
issues-report report.json
(careful with the JSON report, looks like it will ultimately be removed, see SONAR-7247)
P.S.: I guess you might be using the sonar-gerrit Jenkins plugin, which is essentially saying the same thing:
This plugin is intended to work with report provided by SonarQube running on your project in preview mode
I have a jenkins git job to pull down code from github. Jenkins tells me the job / project is successful. But I can't see the code anywhere on my file system (osx).
Where should it be?
If you used the default location for the JENKINS_HOME directory where Jenkins stores all its data, the code should be under
/Users/jenkins_user/.jenkins/job_name/workspace
where jenkins_user is the account that runs the Jenkins server and job_name s the name of your build job.
Additionally, within the first few lines of the "Console Output" for any build, you should see on which machine and in which directory the build occurred, e.g.
"Building on master in workspace /Users/jenkins_user/.jenkins/job_name/workspace"