I am developing a plugin for SonarQube 6.3.1 which execute an analysis and then generate a docx report.
The problem is that I have to wait between these both actions that SonarQube finishes its REPORT task. My plugin is destined to lambda users so without Administrator permissions: so I can not use activityStatus service.
Is there an other way to know if the reporting of a project in SonarQube is terminated? (inside a plugin)
Your analysis take place on the server side ? I think you should run it on a client side, not server side.
Write a plugin with #BatchSide and implements org.sonar.api.batch.postjob.PostJob.
Then your method will execute soon analysis is finish (as you requested)
See https://github.com/SonarSource/sonar-custom-plugin-example/blob/master/src/main/java/org/sonarsource/plugins/example/hooks/DisplayIssuesInScanner.java
And by the way with PostJobContext object you have all infos you need to fill a custom report
Related
Is there any way I can get any sonarqube api which can provide the build number of bamboo or any bamboo api which can give sonarqube info.This would really help.
I have so far tried both side but i am surprised both the system are quite clueless about each other. Why it is not possible that a build which ran sonarqube as as one of it's job doesn't have any information about that. Also neither in sonar it tell which build has actually triggered that sonar execution
(Not sure I understand what exactly you are looking for, perhaps this ...? )
I don't believe you can relate a specific Activity (SonarQube analysis) to a specific build (Bamboo), just project to job.
You must have SonarQube Server configured in Bamboo
When executing your job, you can add these sonar.links optional parameters to the analysis step:
sonar.links.homepage Project home page.
sonar.links.ci Continuous integration.
and
sonar.links.scm Project source repository.
sonar.links.issue Issue tracker.
Maybe also specify sonar.host.url=$SONAR_HOST_URL (where SONAR_HOST_URL is the global setting in Bamboo) in the analysis step parameters.
Those populate the Project Overview page sidebar:
That should provide the links from SonarQube back to the other systems of interest.
If you have properly configured Bamboo, you should see a link in Bamboo to the SonarQube project, post execution.
I've successfully built up a SonarQube server, and I wrote several custom rules to review the code. Now, I can use the server and custom rule with Jenkins and with Maven only when the code is on the same server.
My question is when I develop maven project on another computer, and I want to use maven build or maven install, how can I still use the certain SonarQube server? Simply add plugins in the pom.xml can't use the SonarQube server I established, and the custom rules I developed are also not taken into effect.
As stated in the docs, you only need to make sure the address of your SonarQube server is available to the analysis. Beyond that, you should provide the token of a user with analysis permissions (and 'create project' permissions if the project doesn't already exist) and analyze away.
Of course, this pre-supposes that your SQ server is visible on your network.
I'd like to configure SonarQube so that developers can generate an HTML report locally (in 'issues' mode), but not be able to publish reports on the SonarQube server (in 'publish' mode).
Instead, I'd like the CI server to be the only system with access to publish results (using a 'technical' user).
The Release notes for SonarQube 5.4 indicate that the "Execute Preview Analysis" permission has been removed.
There is an "Execute Analysis" permission, but from what I've understood, this is required for both 'issues' mode and 'publish' mode.
Right now, the Execute Analysis permission has been granted to 'Anyone'. This allows the Maven plugin to perform an analysis (issues or publish mode). However, sonar-runner (and sonar-scanner) both seem to need a login token configured before they can run even a preview analysis. This inconsistency seems confusing.
How can SonarQube 5.4 be secured so that only the build server can update the results shown on the dashboard?
This is pretty simple:
Make sure that the "Execute Analysis" global permission is granted only to a "technical" user and configure your CI server to pass credentials of this user to the Maven command
=> This will allow the CI to push analysis reports to the SonarQube server, but prevent any other user to do so.
Make sure that every other user has the "Browse" permission on the projects
=> This will allow any user to run an "issues" analysis and therefore generate an HTML report
It seems that over half of the time I try to execute analysis using Sonar Runner 2.4 on several different projects that the analysis completes successfully but the publish (via the background task) to SonarQube fails. There is no log that I can find with relevant information on the SonarQube server for the failed tasks - at least I can't find any. I am new to SonarQube. The SonarQube 5.2 server is on Windows Server 2012 R2 using SQL Server 2012(SP1) database.
The answer is the solution stated in the related SonarQube 5.3 Background Task Fails with No Log in Dashboard . There were several SonarQube servers, which I was unaware of when I originally posted, accessing the same database. When those other instances were shut down there were no more failures in the background tasks.
I'm currently using Jenkins(1.451) and the Gerrit Trigger(2.3.1) to launch builds from Gerrit in order to verify code.
This is working fine as long as the project in Jenkins is configured as a "Free style" project. However, I'm currently setting up a new build pipeline where I'm using the "Build a maven2/3 project" option in order to take advantage of maven specific properties which I can't get from the "Free style" option. For some reason, Jenkins doesn't seem to trigger builds using this option. Nothing at all happens when I submit code to Gerrit which under normal circumstances should be picked up. I'm actually wondering if the Gerrit trigger is meant to work with Jenkins projects configured as a maven2/3 job or maybe it is the case that I can only use the Free style option in order to do this.ge
Could anyone confirm if this is the case?
Yes this will work. I suspect you might have some authentication issues that causes your jobs not to be triggered.
Check you sshd_log in the gerrit config folder to see if there are any jenkins logins that result in immediate LOGOUT. I my case I forgot to add Stream Events rights to the Non-Interactive Users under All-Projects and this caused some strange behavior.
This was the message I saw 3x per second in my sshd_log:
jenkins a/1000002 gerrit.stream-events 0ms 0ms not-admin
See here for more details