Build Breaker Plugin with SonarQube 5.2 - sonarqube

It seems like the Build Breaker Plugin is no longer compatible with SonarQube 5.2. Is there any alternative to have a (VSO) build fail if a Sonar gate is not fulfilled or are there plans to update the Build Breaker Plugin to 5.2?

There is not (for now) any plugin which will break build when Quality Gate did't pass on SonarQube 5.2.
But for SonarQube 5.3+ you can again use Build Breaker plugin.
From mailing list:
Breaking the build in SonarQube 5.2 (21/Oct/2015)
Fabrice Bellingrad: The Build Breaker
Plugin
won't be available for SQ 5.2+. The idea is to develop a core feature
to answer the use cases previously covered by this plugin. This is
what we call the "what if" feature =>
https://jira.sonarsource.com/browse/SONAR-6763
This issue SONAR-6763 is planned for SonarQube 6.X.

You can now use the SonarQube Build Breaker Plugin with version SonarQube version 5.3+.

In SonarQube 5.2 we found alternative way in usage of Web Service /api/events.
Request example:
https://<sq-host>/api/events?categories=Alert&resource=<project_key>
Response example:
<events>
<event>
<id>50411</id>
<name>Red (was Green)</name>
<resourceKey>project_key</resourceKey>
<category>Alert</category>
<date>2015-09-29T22:38:44+0200</date>
<description>New Critical issues > 0 since previous analysis (2015 Sep 23), New Major issues > 0 since previous analysis (2015 Sep 23), New issues > 0 since previous analysis (2015 Sep 23)</description>
</event>
....
</events>
Detecting RED status of the project:
To verify RED status you will need to find event with highest id value in events list from response and then verify that name of this event is starting from Red and if you will find it you will need to fail build.
Such verification can be done just on CI server using additional command line step after SQ step or it can be done from build automation system like Maven or Gradle.
We didn't implement such workaround yet in our project, just because of lack free time, but we will do this in near future.
Proposed solution should be used only as workaround until issue SONAR-6763 will be done.

With SonarQube 5.3 a new Quality Gates Web Service was introduced which could be called and used to break the build.
To break the CI build for a failed Quality Gate, use WS API calls in a loop to wait until processing is finished, and then check Quality Gate web service:
call the analysis's ceTaskUrl and examine the "status" value:
PENDING or IN_PROGRESS - check again later
FAILED or CANCELED - break the build?
SUCCESS - move forward
call Quality Gate web service for status
I've also added an issue to enhance the VSTS Tasks with an option to automatically call this service.
Update: A recent PR added this feature to the VSTS Task (not released yet)

Related

Rest api to get sonarqube info from bamboo build or vice versa

Is there any way I can get any sonarqube api which can provide the build number of bamboo or any bamboo api which can give sonarqube info.This would really help.
I have so far tried both side but i am surprised both the system are quite clueless about each other. Why it is not possible that a build which ran sonarqube as as one of it's job doesn't have any information about that. Also neither in sonar it tell which build has actually triggered that sonar execution
(Not sure I understand what exactly you are looking for, perhaps this ...? )
I don't believe you can relate a specific Activity (SonarQube analysis) to a specific build (Bamboo), just project to job.
You must have SonarQube Server configured in Bamboo
When executing your job, you can add these sonar.links optional parameters to the analysis step:
sonar.links.homepage Project home page.
sonar.links.ci Continuous integration.
and
sonar.links.scm Project source repository.
sonar.links.issue Issue tracker.
Maybe also specify sonar.host.url=$SONAR_HOST_URL (where SONAR_HOST_URL is the global setting in Bamboo) in the analysis step parameters.
Those populate the Project Overview page sidebar:
That should provide the links from SonarQube back to the other systems of interest.
If you have properly configured Bamboo, you should see a link in Bamboo to the SonarQube project, post execution.

No results in Sonarqube from SonarLint analysis and connected Sonarqube

I have configured IntelliJ with SonarLint to a connected SonarQube instance in AWS. I am able to run a code analysis in IntelliJ and I do get results back in IntelliJ.
But I want to have these results in Sonarqube. How to do this?
You should have a look on the documentation to see how to :
Install SonarQube : https://docs.sonarqube.org/display/SONAR/Installing+the+Server
Execute an analysis : https://docs.sonarqube.org/display/SCAN
If you have Jenkins you should have 2 jobs: one to build application from branch, another to run SonarQube analysis based on artifacts created by first job (build job). You can create a pipeline: when you push to git (or other repository) first job automatically will be started, when build is done and it’s successful it will trigger job to analyze code in sonar. Try to find configuration examples at https://docs.sonar.org/ or I can send you tomorrow details how we configured our pipeline. P.S. forgot to mention that you need to install SonarQube plugin in Jenkins too.
SonarLint: this tool only open connection to your Sonar server just to get rules for analysis, but analysis is done on your side (localhost) without sending results to Sonar server back. This is how SonarLint works.

Travis CI skipping SonarQube analysis

I'm trying to configure SonarQube analysis in a github project. I've followed the official travis ci documentation but SonarQube analysis is not performed.
I'm getting the following message: "Skipping SonarQube Scan because it is not running in a secure environment"
pull request link: https://github.com/zakshya/cronos/pull/4
Full build log: https://s3.amazonaws.com/archive.travis-ci.org/jobs/216125526/log.txt
Does some one encountered this problem ?
I'm i missing some config ?
As mentioned in the official documentation of the SonarQube Travis Add-on about analysing pull requests:
For security reasons, this advanced feature
[i.e. pull request analysis]
works only for internal pull requests. In other words, pull requests
built from forks won’t be inspected.

TeamCity/Sonar: Fail build if some metric increases

We're using TeamCity with the Sonar plugin. Is there a way to fail the TeamCity build if some metric (i.e. number of Blocker issues, amount of technical debt, etc.) increases within Sonar, or if it just fails the Quality Gate? I haven't found any documentation regarding this.
For now, the options available for this are
the Build Breaker Plugin (assuming Team City is compatible with the way this plugin woks)
adding a script step in your job (again, assuming TC supports it) to poll SQ in a loop for the completion of analysis report processing, then to grab the QG status and conditionally fail the build.
2018 EDIT
There is now non-blocking support for this within Jenkins Pipelines. More in the docs.
yes you can do it using powershell scripts .Call the sonar rest api for the project using metric and metric key .Compare the result with the project if the metric value dose not match the exit from the build.

SonarQube does not support parallel execution - How to use in continuous pipeline

SonarQube does not support parallel execution as parallel execution is failing with:
Caused by: org.sonar.api.utils.SonarException: The project is already been analysing
I am using SonarQube v4.3.3 for code inspection.
Now my hudson jobs are running in parallel and due to this restriction I am not able to add sonar analysis to my Hudson job.
Please suggest how can I use SonarQube with hudson in a continuous pipeline using SonarQube.
SonarQube 4.x does support parallel analysis of different projects, but not parallel analysis of the same project. This is a technical constraint to avoid conflicts when persisting analysis into the shared database.
SonarQube 5.2 introduces a major architecture change. Analyzers (launched by your Hudson job) are no more connected to database. They generate and send to server a report that contains only raw data, basically sources and issues. Computation of measures, validation of Quality gate and persistence are done asynchronously on server. In your case that allows analyzers to be executed in parallel, even on the same project, but they can't directly verify Quality gate. For that you should implement a kind of listener on web services to get the gate status when report is processed. See http://docs.sonarqube.org/display/SONAR/Breaking+the+CI+Build for more details. Note also that version 2 of the build breaker plugin implements this solution directly in the analyzer (see https://github.com/SonarQubeCommunity/sonar-build-breaker)

Resources