Difference between Sonarqube & SonarScanner - sonarqube

I'm using sonar & Jacoco for my Android application code coverage reporting. I could be successfully deploy it by setup jacoco task job & Sonar job & then following command.
./gradlew clean jacocoTestReport (name of jacoco task)
./gradlew sonarqube (<- mark this)
Report is successfully generated and showing to localhost:9000 sonar server setup.
I heard about sonar-scanner which is available to perform same task.
My confusion is what I should use sonar-scanner or sonarqube with gradlew command; How they mutually different from each other.

SonarQube is the central server holding the results of analysis.
SonarQube Scanner / sonar-scanner - performs analysis and sends the results to SonarQube. It is a generic, CLI scanner, and you must provide explicit configurations that list the locations of your source files, test files, class files, ...
SonarQube Scanner for Gradle / ./gradlew sonarqube - performs analysis and sends the results to SonarQube. You don't have to provide explicit configurations that list the locations of your various types of files because it gets that from your Gradle project.

Related

SonarQube analysis from maven and Jenkins have different results

I am using SonarQube version 6.7 for running analysis of Maven projects using the command mvn clean verify sonar:sonar from the project directory using command prompt and get the results. The sonar configurations in settings.xml for maven (v3.5.3) are added respectively.
In Jenkins (version 2.161), I have installed SonarQube Scanner for Jenkins (v2.8.1) plugin. The SonarQube Server configuration is configured as below.
In the Jenkins maven project, I have configured the post steps as below.
I have checked the Prepare SonarQube Scanner environment in the Build Environment section and the Build goal is -e clean verify sonar:sonar.
My issue is, when the SonarQube analysis for a maven project is triggered through command prompt using the command mvn clean verify sonar:sonar, I am getting the results as expected. But when the Jenkins job is triggered with the configurations above for the same maven project, the results are different and incorrect. What am I missing?
P.S- In the Post-build Actions, I can see the SonarQube analysis with maven is deprecated.
Thanks in advance.
You use different scanners. First you used SonarScanner for Maven (mvn sonar:sonar). Next you used Basi SonarScanner, which requires manual configuration of all options.
The best option to sole it is always use the same scanner. You have Maven project, so you can enable Prepare SonarQube Scanner environment in Build Environment, and next execute Sonar goal $SONAR_MAVEN_GOAL in Build.

Configuring the sonarqube gitlab plugin, preview mode

I am trying to configure the Gilab Sonar Plugin, so we can get sonar review comments in merge requests.
We have configured our gradle project, as per documentation and through gitlab-ci.yml, we call sonarqube task:
# Run sonar feature analysis
sonar_feature:
stage: sonar
only:
- /^BE-*/
tags:
- gitlab-runner-docker
script:
- ./gradlew sonarqube -Dsonar.analysis.mode=preview
-Dsonar.gitlab.project_id=${CI_PROJECT_PATH}
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME} -Dsonar.verbose=true
The 'sonarqube' task completes in gradle, but an 'external' job remains in running status, without completing . In Sonarqube itself, I don't see a new background task, so it seems analysis is not really occurring and it's a hanging/waiting mode.
Notes:
1. We don't see logging on the sonar_feature job, eventhough sonar.verbose=true.
What could be the issue?
I had the same problem when I had not configured sonar.gitlab.user_token.
Generate a User Token in GITLAB and add it to your sonar properties

How to launch a Grade SonarQube analysis with help of the Jenkins SonarQube plugin

I have installed Sonarqube plugin in Jenkins and configurations are done for SonarQube and sonar-runner in Manage Jenkins->configure System.
I want to trigger analysis for Gradle project. I would like to know the steps to be followed.
The Jenkins SonarQube plugin only allows to easily launch some SonarQube analysis with help of SonarRunner or Maven. If you want to launch a SonarQube analysis with help of the Gradle SonarQube plugin (see the docs) you must manually configure your Jenkins job to execute 'gradle sonarqube'. Simple example for SonarQube with Gradle is provided here.

Feed sonarqube jacoco widget with csv/html reports (instead of *.exec)

I got a root maven project, under which there are many independent modules (e.g. module_A, module_B, etc.).
One of these module is my integration-tests module, and it uses all the above external modules.
In order to have code coverage for all modules used by integration-tests, I use a workaround based on maven-ant (see this blog post).
Problem is:
The above generates csv/html report, yet sonarqube jacoco widget parses only jacoco*.exec files - which results in 0% code coverage.
Question is:
EDIT
here's an example project for the problem above.
You don't need to use that workaround. You can provide Sonar with integration tests coverage file with following property (you shall use it while executing sonar:sonar goal):
-Dsonar.jacoco.itReportPath=<coverage_file>
Here is detailed documentation:
http://docs.codehaus.org/display/SONAR/Code+Coverage+by+Integration+Tests+for+Java+Project
To sum up:
Compile all your modules.
Execute integration tests with jacoco enabled.
Execute Maven Sonar build adding mentioned property in command line.
I have prepared example project generating both unit and integration coverage results, you can check it here:
https://github.com/octosan/unit-and-integration-jacoco-coverage-with-sonar
You have to:
download newest Sonarqube version and start it
execute command:
mvn clean install sonar:sonar -Dsonar.jacoco.itReportPath=<absolute_path>/itest/target/jacoco-it.exec
add integration coverage widged in project dashboard in Sonar

Gradle: 'Normal' build vs. analysis build

On my Jenkins (or some other CI server) I want to build the develop branch with full analysis, which includes:
Checkstyle
Emma (coverage for feature-, integration-, and unit-tests)
FindBugs
JSHint
PMD (including CopyPasteDetection)
But at the same time I don't want all this stuff running, when I build locally.
A build on my development PC should only compile and run unit tests.
How does one solve this 'the gradle way'?
You could create an analysis task in your build.gradle that depends on all the analysis tasks you want to run on the CI server. Then in the "Tasks" section of the Jenkins configuration for your build, specify the analysis task instead of build.

Resources