i got a Maven Jenkins Job (not a Pipeline job) which runs a code analysis with sonar (mvn sonar:sonar). The Sonar report is create and everthing is fine. Now I want that the Jenkins job fails or at least gets a warning state if Sonar does not reach the quality gate.
I running Jenkins ver. 2.176.3.
How do I config the job? I only found a solution for a pipeline job with SonarQube (https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/)
Thanks ...
Found a solution.
https://github.com/jenkinsci/sonar-quality-gates-plugin/blob/master/README.md
Just install the plugin and add as Post Build Step "Quality Gates SonarQube Plugin".
Related
I am using SonarQube version 6.7 for running analysis of Maven projects using the command mvn clean verify sonar:sonar from the project directory using command prompt and get the results. The sonar configurations in settings.xml for maven (v3.5.3) are added respectively.
In Jenkins (version 2.161), I have installed SonarQube Scanner for Jenkins (v2.8.1) plugin. The SonarQube Server configuration is configured as below.
In the Jenkins maven project, I have configured the post steps as below.
I have checked the Prepare SonarQube Scanner environment in the Build Environment section and the Build goal is -e clean verify sonar:sonar.
My issue is, when the SonarQube analysis for a maven project is triggered through command prompt using the command mvn clean verify sonar:sonar, I am getting the results as expected. But when the Jenkins job is triggered with the configurations above for the same maven project, the results are different and incorrect. What am I missing?
P.S- In the Post-build Actions, I can see the SonarQube analysis with maven is deprecated.
Thanks in advance.
You use different scanners. First you used SonarScanner for Maven (mvn sonar:sonar). Next you used Basi SonarScanner, which requires manual configuration of all options.
The best option to sole it is always use the same scanner. You have Maven project, so you can enable Prepare SonarQube Scanner environment in Build Environment, and next execute Sonar goal $SONAR_MAVEN_GOAL in Build.
I am trying to configure the Gilab Sonar Plugin, so we can get sonar review comments in merge requests.
We have configured our gradle project, as per documentation and through gitlab-ci.yml, we call sonarqube task:
# Run sonar feature analysis
sonar_feature:
stage: sonar
only:
- /^BE-*/
tags:
- gitlab-runner-docker
script:
- ./gradlew sonarqube -Dsonar.analysis.mode=preview
-Dsonar.gitlab.project_id=${CI_PROJECT_PATH}
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} -Dsonar.verbose=true
The 'sonarqube' task completes in gradle, but an 'external' job remains in running status, without completing . In Sonarqube itself, I don't see a new background task, so it seems analysis is not really occurring and it's a hanging/waiting mode.
Notes:
1. We don't see logging on the sonar_feature job, eventhough sonar.verbose=true.
What could be the issue?
I had the same problem when I had not configured sonar.gitlab.user_token.
Generate a User Token in GITLAB and add it to your sonar properties
As of now I know sonar has dropped support for Build-braker plugin but I am trying to integrate build breaker plugin for sonarqube. I have 5.6 version of sonarqube and build breaker with 1.1 version installed.In Build breaker plugin I have setup sonar.buildbreaker.skip to false. And I run job using Jenkins and maven. for sonarqube analysis I have setup a phase as "prepare-package" where it runs automatically when I do mvn clean install. But, eventhough my quality gate shows failed, my build is still getting success rather than failing. I tried to find documentation but I didn't found better for this. https://docs.sonarqube.org/display/SONARQUBE45/Build+Breaker+Plugin
How to fail maven goal sonar:sonar based on quality gates rules?
I run it for local builds, for CI I already wrote a script according to http://docs.sonarqube.org/display/SONAR/Breaking+the+CI+Build
So, if quality gates validation fails then goal also should fails
If Sonar Qube Version is bigger than 8.1, following command can be used:
mvn verify sonar:sonar -Dsonar.qualitygate.wait=true
You can use the SonarQube Build Breaker plugin.
It's a controversy feature as explained in the blog post Why You Shouldn't Use Build Breaker.
It is also possible to integrate with Jenkins use web hook (see the blog post Breaking the SonarQube Analysis with Jenkins Pipelines).
I added the script as post step command, so after build succeeded the script check quality gates and breaks the job if they are not ok.
I have installed Sonarqube plugin in Jenkins and configurations are done for SonarQube and sonar-runner in Manage Jenkins->configure System.
I want to trigger analysis for Gradle project. I would like to know the steps to be followed.
The Jenkins SonarQube plugin only allows to easily launch some SonarQube analysis with help of SonarRunner or Maven. If you want to launch a SonarQube analysis with help of the Gradle SonarQube plugin (see the docs) you must manually configure your Jenkins job to execute 'gradle sonarqube'. Simple example for SonarQube with Gradle is provided here.