We're using TeamCity with the Sonar plugin. Is there a way to fail the TeamCity build if some metric (i.e. number of Blocker issues, amount of technical debt, etc.) increases within Sonar, or if it just fails the Quality Gate? I haven't found any documentation regarding this.
For now, the options available for this are
the Build Breaker Plugin (assuming Team City is compatible with the way this plugin woks)
adding a script step in your job (again, assuming TC supports it) to poll SQ in a loop for the completion of analysis report processing, then to grab the QG status and conditionally fail the build.
2018 EDIT
There is now non-blocking support for this within Jenkins Pipelines. More in the docs.
yes you can do it using powershell scripts .Call the sonar rest api for the project using metric and metric key .Compare the result with the project if the metric value dose not match the exit from the build.
Related
Normally (when used with Maven), in order to get the number of failed/passed test we can check TestOccurrences element in Teamcity REST API.
What would be the way to report and fetch test stats for non-maven steps (e.g. custom shell script)?
Is it possible to manually set TestOccurrences somehow, so all step types would report stats in the similar way? If not, how can we make custom stats available with Teamcity REST API?
Is there any way I can get any sonarqube api which can provide the build number of bamboo or any bamboo api which can give sonarqube info.This would really help.
I have so far tried both side but i am surprised both the system are quite clueless about each other. Why it is not possible that a build which ran sonarqube as as one of it's job doesn't have any information about that. Also neither in sonar it tell which build has actually triggered that sonar execution
(Not sure I understand what exactly you are looking for, perhaps this ...? )
I don't believe you can relate a specific Activity (SonarQube analysis) to a specific build (Bamboo), just project to job.
You must have SonarQube Server configured in Bamboo
When executing your job, you can add these sonar.links optional parameters to the analysis step:
sonar.links.homepage Project home page.
sonar.links.ci Continuous integration.
and
sonar.links.scm Project source repository.
sonar.links.issue Issue tracker.
Maybe also specify sonar.host.url=$SONAR_HOST_URL (where SONAR_HOST_URL is the global setting in Bamboo) in the analysis step parameters.
Those populate the Project Overview page sidebar:
That should provide the links from SonarQube back to the other systems of interest.
If you have properly configured Bamboo, you should see a link in Bamboo to the SonarQube project, post execution.
In my company we are running some legacy application which takes too long to compile and post that we are using sonar to scan the code, so in total the job takes around 3 hrs approx through teamcity in single build configuration
Hence i come up with the idea of static analysis in separate configuration which will scan the code parallely while the other job does the compilation part, By doing this way i was able to save some good amount of time but the jacoco reports are getting generated during the build compilation part and i want to inject the jacoco.exec report directly into the sonar dashboard since the sonar execution is separate.
Will there be any way to achive this like curl rest api to upload the jacoco report in the sonar dashboard of particular project?
It is impossible to push JaCoCO reports separately. All analysis data must go together.
Hence i come up with the idea of static analysis in separate configuration which will scan the code parallely while the other job does the compilation part
Don't do this. SonarScanner uses binary data and tests results to perform analysis. If your application will be not compiled then:
the scanner will find less issues due to missing data
the analysis will fail (again, due to missing data)
If the process is too long, I would recommended to execute SonarScanner less frequently (for example once a day for main branches).
SonarQube does not support parallel execution as parallel execution is failing with:
Caused by: org.sonar.api.utils.SonarException: The project is already been analysing
I am using SonarQube v4.3.3 for code inspection.
Now my hudson jobs are running in parallel and due to this restriction I am not able to add sonar analysis to my Hudson job.
Please suggest how can I use SonarQube with hudson in a continuous pipeline using SonarQube.
SonarQube 4.x does support parallel analysis of different projects, but not parallel analysis of the same project. This is a technical constraint to avoid conflicts when persisting analysis into the shared database.
SonarQube 5.2 introduces a major architecture change. Analyzers (launched by your Hudson job) are no more connected to database. They generate and send to server a report that contains only raw data, basically sources and issues. Computation of measures, validation of Quality gate and persistence are done asynchronously on server. In your case that allows analyzers to be executed in parallel, even on the same project, but they can't directly verify Quality gate. For that you should implement a kind of listener on web services to get the gate status when report is processed. See http://docs.sonarqube.org/display/SONAR/Breaking+the+CI+Build for more details. Note also that version 2 of the build breaker plugin implements this solution directly in the analyzer (see https://github.com/SonarQubeCommunity/sonar-build-breaker)
It seems like the Build Breaker Plugin is no longer compatible with SonarQube 5.2. Is there any alternative to have a (VSO) build fail if a Sonar gate is not fulfilled or are there plans to update the Build Breaker Plugin to 5.2?
There is not (for now) any plugin which will break build when Quality Gate did't pass on SonarQube 5.2.
But for SonarQube 5.3+ you can again use Build Breaker plugin.
From mailing list:
Breaking the build in SonarQube 5.2 (21/Oct/2015)
Fabrice Bellingrad: The Build Breaker
Plugin
won't be available for SQ 5.2+. The idea is to develop a core feature
to answer the use cases previously covered by this plugin. This is
what we call the "what if" feature =>
https://jira.sonarsource.com/browse/SONAR-6763
This issue SONAR-6763 is planned for SonarQube 6.X.
You can now use the SonarQube Build Breaker Plugin with version SonarQube version 5.3+.
In SonarQube 5.2 we found alternative way in usage of Web Service /api/events.
Request example:
https://<sq-host>/api/events?categories=Alert&resource=<project_key>
Response example:
<events>
<event>
<id>50411</id>
<name>Red (was Green)</name>
<resourceKey>project_key</resourceKey>
<category>Alert</category>
<date>2015-09-29T22:38:44+0200</date>
<description>New Critical issues > 0 since previous analysis (2015 Sep 23), New Major issues > 0 since previous analysis (2015 Sep 23), New issues > 0 since previous analysis (2015 Sep 23)</description>
</event>
....
</events>
Detecting RED status of the project:
To verify RED status you will need to find event with highest id value in events list from response and then verify that name of this event is starting from Red and if you will find it you will need to fail build.
Such verification can be done just on CI server using additional command line step after SQ step or it can be done from build automation system like Maven or Gradle.
We didn't implement such workaround yet in our project, just because of lack free time, but we will do this in near future.
Proposed solution should be used only as workaround until issue SONAR-6763 will be done.
With SonarQube 5.3 a new Quality Gates Web Service was introduced which could be called and used to break the build.
To break the CI build for a failed Quality Gate, use WS API calls in a loop to wait until processing is finished, and then check Quality Gate web service:
call the analysis's ceTaskUrl and examine the "status" value:
PENDING or IN_PROGRESS - check again later
FAILED or CANCELED - break the build?
SUCCESS - move forward
call Quality Gate web service for status
I've also added an issue to enhance the VSTS Tasks with an option to automatically call this service.
Update: A recent PR added this feature to the VSTS Task (not released yet)