I have a Jenkins job that will invoke SonarQube analysis on code pulled from a Bitbucket repository whenever there is any changes on the Bitbucket repository. At the moment, I was able to use the Confluence Publisher plugin to publish the URL of the build job to Confluence as a comment.
I was wondering if there is any way I could use Jenkins to screenshot the SonarQube analysis report (like in SonarQube web UI) and publish it directly to Confluence? (So that the user does not need to use the URL to go to the specific Jenkins build job, and then get the SonarQube analysis report URL, and navigate to the page to view the report)
Thank you.
Instead of using a screenshot, you can send a curl request from Jenkins to SonarQube REST API (5.3 and above) to get the project status from the quality gate after the code has been uploaded and analysed. The endpoint you'd likely want to use is: /api/qualitygates/project_status?prjectKey=<projectKey>&branch=<branch>
According to the web API docs:
Get the quality gate status of a project or a Compute Engine task.
Either 'analysisId', 'projectId' or 'projectKey' must be provided
The different statuses returned are: OK, WARN, ERROR, NONE. The NONE status is returned when there is no quality gate associated with the analysis.
Returns an HTTP code 404 if the analysis associated with the task is not found or does not exist.
Requires one of the following permissions:
'Administer System'
'Administer' rights on the specified project
'Browse' on the specified project
Once you have these results available, you can create a Jenkins user in Confluence and have Jenkins send a POST request to create a page or a comment with the results obtained.
Related
I couldn't find any solutions to this particular need.
Basically I have a GUI Job and I need the status of the Sonarqube Analysis so I can later send a POST Request with it.
(I'm aware that pipeline exists and works great but because a specific reason I need it to be GUI)
On the pipeline you have the WaitForQualityGate.status(), I've tried using this but no success.
Example of what is desired
Any insights? Thanks in advance
You can use the SonarQube Rest API to get the status.
Whenever you run SonarQube analysis through Jenkins Pipeline, upon the successful analysis you will see report-task.txt created in the workspace folder.
Note: The location of report-task.txt file depends on the tool that was used to generate it. The mvn sonar:sonar task defaults to path target/sonar. In my case, I used sonarscanner to analyse a nodejs project. So the location of report-tast.txt is .scannerwork.
Now, you will get the ceTaskUrl and ceTaskId in report-task.txt. You can use that ceTaskUrl to get the analysisId.
Then, you can use the below api to get the quality gate status using analysisId.
http://<sonarqube_host>/api/qualitygates/project_status?analysisId=$ANALYSIS_ID"
Now, try to get the curl output of the above API into a variable.
If you mean to say that you want a custom variable message to pop up in your Jenkins GUI based on the SonarQube scan status, then that would require you to:
Clone the original Jenkins source code
Add a custom HTML button/div/graphic
Compile the Jenkins code
Build the new code
Execute the generated JAR
Else, you can try some plugins available on Jenkins that would give you the ability to render conditional outputs. No promises on whether they can actually help you change the original GUI.
Any alternative traditional approach wouldn't be able to fulfill your GUI requirement.
I've set up an automatic "pull request check" via jenkins/github/sonarqube integration.
The workflow is as follows:
Github pull request created by user → Github Webhook triggers, and calls Jenkins API to execute sonarqube scanner → reports to sonarqube server → sonarqube server calls github API(create commit statuses : ref https://developer.github.com/v3/repos/statuses/) and posts a comment about the PR.
The issue is that it marks the PR as check failed just because it didn't pass its code health checks. The build passed, but the code is "dirty" - and that causes the PR to be marked as unacceptable. I'd like to find a way to prevent code quality checks from appearing as an actual status of the commit, and only allow commenting.
Additional images to provide some context:
SonarQube uses a techuser account token to post its analysis summary as a comment on the PR thread. (Sorry for the black boxes, corporate stuff..)
This functionality is everything we need, nothing more.
However... the plugin does one more thing, which is marking the commit as a failure. Note that we're already using something else to check for actual build failures. Although it didn't fail, sonarqube marking the commit as failure because of code quality makes the whole commit display as a failure. I'd like to prevent sonarqube from setting branch check statuses, while letting it comment on the issue. I couldn't find an option for anything like that neither in jenkins plugin configuration nor sonarqube admin page nor sonarqube scanner script documentation.
Thanks in advance.
What you want to achieve is currently not possible when using the SonarQube GitHub plugin, since this behaviour is hardcoded in the plugin and there is no configuration option to customize this.
In upcoming versions of SonarQube and SonarCloud, pull request will have a built-in support and the behaviour will be the following:
The status will be red if there is at least an open issue on the PR analyzed by SonarQube/SonarCloud
Teams will have the ability to mark those issues as "Confirmed" in SonarQube/SonarCloud (to acknowledge that they accept this technical debt), in which case the status will be automatically turned to green in GitHub
Context: In Sonar Qube, there exists a custom Quality Gate which is called say abcd. This is NOT the default quality gate. And in Jenkins, I had configured this SonarQube Quality Gate for a set of APIs by using the parameter
-Dsonar.QualityGate=abcd and it was working fine.
Recently Sonar Qube was upgraded to version 5.3. Since then, the abcd quality gate is not working and the default quality gate is coming into play instead of the abcd quality gate for all the APIs.
On analysis, I came to know that sonar.QualityGate is deprecated in Version 5.3.
Question: Can you please let me know what is the alternative? And how do I make sure that these set of APIs have abcd as the quality gate and not the default quality gate?
I would prefer a solution such that I can configure something on Jenkins as I have access to Jenkins but not to Sonar Qube configurations.
It's indeed no more possible to set the Quality Gate of a project using a parameter when running an analysis.
It's only possible from the UI/WS, where you can specify which Quality Gate should be used for which project.
See the documentation for more information : http://docs.sonarqube.org/display/SONAR/Quality+Gates.
You can still dynamically create an association gate - project via Sonarqube Web API.
From your Sonarqube instance, go to its /web_api URL (e.g. http://my-sonarqube/web_api) and check the list of available operations.
The web_api/api/qualitygates is the set of operations related to quality gates.
The web_api/api/qualitygates/select is the operation you need to associate a gate to a project.
Hence, as replacement of the deprecated sonar.qualitygate, you can use either the manual association via the web UI or a dynamic (and automated) association via web API, recommended. The latter case is the way to go in case of Continous Integration jobs (as you mentioned Jenkins in this context) that would need to create dynamically the link (especially useful for branches management).
As a mandatory step for this operation to work, you need to pass some permissions, e.g. an user token, as recommended approach from official Sonarqube documentation on Web API.
An example of what a CI step may look like just before invoking the sonar:sonar step:
curl -u ${sonar.password.token}: ${sonar.setqualitygate.url} \
-d "gateId=${sonar.gate.id}&projectKey=${sonar.project.key}:${planRepository.branch}"
Where:
sonar.password.token is a token you need to generate from the Sonarqube User management page, for a technical user (e.g. a Jenkins user used to make the connection between the component)
sonar.setqualitygate.url the URL of the REST API endpoint (e.g. http://your.sonarqube.domain/api/qualitygates/select)
sonar.gate.id is the gate id, you can find it easily on the URL of the concerned gate (e.g. http://your.sonarqube.domain/quality_gates/show/<id>)
sonar.project.key and planRepository.branch here we are building dynamically the name of the project for a certain branch as well, you can skip this step if you don't want to handle branches dynamically (e.g. easy to do in Bamboo, a bit more tricky in Jenkins)
Using approach, suggested by A_Di-Matteo , I faced an issue: when trying to select a gate for brand new feature branch, Sonar throw an error saying that project does not exist. So one can assign a gate only after project has been created.
In this case, i use a hack: manually create a project using Sonar Web API just before assigning a gate, and only then performing mvn sonar:sonar step.
Here is creation of dummy new project:
def createNewProject(def config, def branch) {
String projectName = new XmlSlurper().parseText(readFile('pom.xml')).name as String
def url = "${config.sonarHost}/api/projects/create"
sh "curl -u ${config.sonarToken}: ${url} -d 'name=${projectName}&project=${projectKey()}&branch=${branch}'"
}
Next step is assigning a Gate for this dummy project:
def setSonarQualityGate(def config, def projectFullName, def gateId) {
def url = "${config.sonarHost}/api/qualitygates/select"
sh "curl -u ${config.sonarToken}: ${url} -d 'gateId=${gateId}&projectKey=${projectFullName}'"
}
And only after that I execute analysis itself:
def runSonarAnalysis(def config, def branch) {
echo "Run Sonar analysis"
sh "mvn sonar:sonar -Dsonar.host.url=${config.sonarHost} -Dsonar.branch=${branch}"
}
So currently I am trying to progress my JIRA workflow with the Jira Issue Updater plugin in Jenkins. Attached are my config screenshot and my workflow. However i get this error when I execute a commit triggered build.
JIRA Update Results Recorder
Unable to connect to REST service
java.io.IOException: Server returned HTTP response code: 400 for URL: http://*******:9055/rest/api/2/search?jqlFinished: SUCCESS
This does not have any effect on my Jira workflow.
Thanks for the help in advance and let me know if more information is needed.
Hadi
EDIT: I got a 404 meaning the JQL is incorrect, but when I try to use that in incognito mode I get an empty string, However, if i am locally logged in, I get all issues in xml format.
Workflow
Jenkins Jira Config
I ended up using the JIRA plugin instead.
I used Progress JIRA Issues by workflow action step after build successful phase.
Attaching a screenshot of the configuration.
I am still trying to figure how to pull the issue number from the commit message for this action.
JIRA PLUGIN CONFIG
This is a following question and answer if anybody else gets stuck:
How can I get JIRA issue number from a commit message in Jenkins
I have been looking for a while now for a way to trigger a Jenkins job from the status or a ticket/story in Jira changing status. To give a more detailed example when my team moves a ticket to the 'ready for test' column we would like to be able to trigger a sanity test pack in Jenkins, the ideal situation would then be that we are able to post the results (generated as a html) as a comment on the ticket within Jira. Failing that we would like to be able to publish the results as simply pass/fail.
I have recently been looking at the Jenkins Jira plugin but this does not seem to have the functionality to work both ways, in other words it can post results after a job has run but you cannot trigger the job from a change of status in Jira. Is there any such plugin available or is it something that we will need to create ourselves?
Cheers in advance
So, basicly there are webhooks in jira (https://developer.atlassian.com/jiradev/jira-architecture/webhooks). With it you can configure it to trigger specific url on issue status change. The specific url should be jenkins API, for example for triggering a build you should call an external url like (if you are building with parameters): http://server/job/myjob/buildWithParameters?token=TOKEN&PARAMETER=Value
Some more info https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API
I have written a Jenkins plugin that supports JIRA status change trigger: jira-trigger-plugin.
This plugin also injects an environment variable of JIRA_ISSUE_KEY, so you can utilise this information to publish your result back to JIRA e.g. using REST API.
Please follow as mentioned below:
GIT:
You can set the web hooks for git/ bitbucket /stash on commit which inturn should change the state of task in JIRA.
JIRA:
Once you in JIRA. define the workflow for your task.
In this particular workflow you can set a post-function where the web hook should be configured. In this configuration of webhook in events define JQL as below:
status CHANGED FROM "To Do" TO "ready to test".
In the same mention the job that needs to be fired in the URL section.
You can look through webhooks in Jira :
https://support.atlassian.com/jira-cloud-administration/docs/manage-webhooks/
You also need to add the Generic Webhook Trigger plugin to your Jenkins :
https://plugins.jenkins.io/generic-webhook-trigger/
You can find here an example on how to use the Generic Webhook Trigger plugin with Bitbucket Github and Gitlab. https://github.com/jenkinsci/generic-webhook-trigger-plugin/tree/master/src/test/resources/org/jenkinsci/plugins/gwt/bdd
It involved multiple steps
If you are using Git/Stash/BitBucket (which i implemented),
You can simply
configure the commit hooks in your Stash/Bitbucket
Attach events to your JIRA workflow
Jenkins JOB - post build events - configure Notify
Stash plugin Set the Poll SCM
That's it