Currently we're using Jenkins free style job for Gradle project and using following commands to run Sonar and Dependencycheck
./gradlew clean build sonarqube dependencyCheckAnalyze \
and I'm getting following message
Analyzing /opt/jenkins_slave_home/workspace/AA/package-lock.json - however, the node_modules directory does not exist. Please run npm install prior to running dependency-check
Generating report for project AA_ArbitraryBuild
Found 0 vulnerabilities in project AA
and we can able to see a file inside "ws/build/reports/" but it dint scanned anything.
Following are the "build.gardle" file
buildscript {
repositories {
maven { url artifactoryRepoUrl }
mavenCentral()
}
dependencies {
classpath 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7'
classpath 'org.owasp:dependency-check-gradle:6.0.3'
}
}
apply plugin: 'org.sonarqube'
apply plugin: 'org.owasp.dependencycheck'
sonarqube {
properties {
property 'sonar.projectName', sonarProjectName
property 'sonar.projectKey', sonarProjectKey
property 'sonar.host.url', sonarHostUrl
property 'sonar.login', sonarAuthToken
property 'sonar.dependencyCheck.reportPath', sonarDependencyCheckReport
property 'sonar.dependencyCheck.htmlReportPath', sonarDependencyCheckHTMLReport
}
}
Can you plz help on what are the additional steps that I need to add.
You've got all you need to push result to sonar. Make sure that you provide right path for your owasp vulnerabilities report for sonar plugin. It's sonar.dependencyCheck.reportPath and should point to build/reports directroy, and if you produce html report file you can point it with sonar.dependencyCheck.htmlReportPath.
Related
I am trying to get git commit details as part of "/actuator/info" api end point using the gradle-git-properties plugin by following https://guides.grails.org/adding-commit-info/guide/index.html guide but having no luck with it. Steps I followed:
"sdk install grails 4.0.8" //installing latest grails 4 version using sdkman
"sdk use grails 4.0.8" //making sure my current shell is using latest version as well
"grails create-app myapp --profile=rest-api" //creating a dummy app
"cd myapp" //change working dir to the new app
"git init" //initializing git
As per the guide I updated the build.gradle
buildscript {
repositories {
maven { url "https://repo.grails.org/grails/core" }
maven { url "https://plugins.gradle.org/m2/" }
}
dependencies {
classpath "org.grails:grails-gradle-plugin:$grailsVersion"
classpath "org.grails.plugins:hibernate5:7.0.4"
classpath "org.grails.plugins:views-gradle:2.0.2"
classpath "gradle.plugin.com.gorylenko.gradle-git-properties:gradle-git-properties:2.2.0"
}
}
version "0.1"
group "myapp"
apply plugin:"eclipse"
apply plugin:"idea"
apply plugin:"war"
apply plugin:"org.grails.grails-web"
apply plugin:"org.grails.plugins.views-json"
apply plugin: "com.gorylenko.gradle-git-properties"
Also updated the application.yml file to enable actuator end points
management:
endpoints:
enabled-by-default: true
run the application using ./gradlew bootRun
I see that the git.properties file is correctly generated and placed under "build/resources/main" folder within the project folder.
But when I hit "http://localhost:8080/actuator/info" in browser, all I see is:
{"app":{"grailsVersion":"4.0.8","version":"0.1","name":"myapp"}}
But no git related info.
Raised the same issue here are well: https://github.com/n0mer/gradle-git-properties/issues/161
Solution has been provided by #virtualdogbert here : https://github.com/n0mer/gradle-git-properties/issues/161#issuecomment-936544990
Basically we have to set path to the git.properties file for dev env:
environments {
development{
spring.info.git.location='file:build/resources/main/git.properties'
}
}
SonarQube 7.7 shows the following warning for a Java project analysis:
Property 'sonar.jacoco.reportPath' is deprecated (JaCoCo binary format). 'sonar.coverage.jacoco.xmlReportPaths' should be used instead (JaCoCo XML format).
The Gradle based project is configured via sonar-project.properties as follows:
sonar.projectKey=MyExampleLib
sonar.projectName=MyExample Library
sonar.sources=src/main/java
sonar.jacoco.reportPath=build/jacoco/test.exec
sonar.junit.reportsPath=build/test-results/test
sonar.java.test.binaries=build/classes/test
sonar.java.binaries=build/classes/java/main
sonar.binaries=build/classes
sonar.projectVersion=$libVersion
The SonarQube server URL is injected via (otherwise you end up with a "localhost:9000" error):
The SonarQube analysis is triggered via Jenkins and the JaCoCo plugin v.3.0.4 with the following Job configuration:
I read that a report.xml is picked up by xmlReportPaths. How can I generate it?
Related
https://github.com/jacoco/jacoco/issues/919
https://github.com/jacoco/jacoco/commit/6babdb5233217b0812a85f6b1673aabe7f0fd47e
We can generate Jacoco reports in XML format by specifying xml.enabled value to true and providing destination path in the reports section.
plugins {
id "org.sonarqube" version "2.8"
}
jacocoTestReport {
group = "Reporting"
reports {
xml.enabled true
csv.enabled false
//to create coverage report in html
html.destination file("${buildDir}/reports/coverage")
//for XML
xml.destination file("${buildDir}/reports/jacoco.xml")
}
}
The SonarQube properties can be also configured through the build.gradle file. As sonar.jacoco.reportPath and sonar.jacoco.reportPaths are deprecated properties from the sonar version of 7.7 which should be replaced with sonar.coverage.jacoco.xmlReportPaths.
Configuring the Sonarqube properties through the build.gradle
sonarqube {
properties {
property 'sonar.projectName', 'MyExample Library'
property 'sonar.projectKey', 'MyExampleLib'
property 'sonar.core.codeCoveragePlugin', 'jacoco'
property 'sonar.coverage.jacoco.xmlReportPaths', "${project.buildDir}/reports/jacoco.xml"
}
}
If you wish to do that through sonar-project.properties then update the deprecated properties mentioned below to the suggested one.
sonar.jacoco.reportPath=build/reports/jacoco.xml
Finally, by executing gradle jacocoTestReport sonarqube command, the jacoco test report files such as ${project.buildDir}/reports/jacoco.xml and ${project.buildDir}/jacoco/test.exec will be generated for SonarQube.
It seems that your build is based on Gradle. It would be easier to use jacoco and sonarqube plugins in the gradle build
plugins {
id "jacoco"
id "org.sonarqube" version "2.8"
}
you don't need sonar-project.properties, analysis is configured from your build. You can customize default values in sonarqube configuration
// in build.gradle
sonarqube {
properties {
property "sonar.exclusions", "**/*Generated.java"
}
}
To enable coverage you need to configure gradle to generate XML report
jacocoTestReport {
reports {
xml.enabled true
}
}
And then run with gradle build jacocoTestReport sonarqube. More details can be found here and in SonarScanner for Gradle doc
In Maven (pom.xml), simple add (under properties):
<properties>
<sonar.coverage.jacoco.xmlReportPaths>
../app-project-name/target/jacoco-report/jacoco.xml
</sonar.coverage.jacoco.xmlReportPaths>
</properties>
I'm struggling with deploying the war file to Nexus repository using Jenkinsfile via Gradle task.
The war is being created successfully. I have also no problem with deploying JARs (since there are examples everywhere how to do it).
So I have this publishing section in my build.grade:
publishing {
repositories {
maven {
URI releasesUrl = new URI("${UploadURL}/repository/releases")
URI snapshotsUrl = new URI("${UploadURL}/repository/snapshots")
afterEvaluate {
url version.endsWith("SNAPSHOT") ? snapshotsUrl : releasesUrl
}
credentials {
username "${user}"
password "${password}"
}
}
}
publications {
mavenWeb(MavenPublication) {
from components.web
artifact war.archivePath
}
}
}
With pluggins:
apply plugin: 'java'
apply plugin: 'maven'
apply plugin: 'maven-publish'
apply plugin: 'org.springframework.boot'
apply plugin: 'war'
The URL for repositories is also specified in the build script correctly (test publish with the jar works just fine)
And the Jenkinsfile:
stage ('Publish war') {
steps {
sh "sh gradlew publish"
}
}
Currently I'm getting this error from jenkins build:
Task :publishMavenWebPublicationToMavenRepository FAILED
FAILURE: Build failed with an exception.
What went wrong:
Execution failed for task ':publishMavenWebPublicationToMavenRepository'.
Failed to publish publication 'mavenWeb' to repository 'maven'
Invalid publication 'mavenWeb': multiple artifacts with the identical extension and classifier ('war', 'null').
I'm quite sure that the problem is within "publications" part of Gradle task.
For publishing the Jars I have been using it like this:
[...]
publications {
mavenJava(MavenPublication) {
from components.java
artifact sourceJar
}
}
[...]
task sourceJar(type: Jar) {
classifier 'sources'
from sourceSets.main.java
}
I do not know how to configure from, artifact and classifier for this task. I do not even know if all of these parameters should be configured... Could anyone help me with that?
It turned out, that the origin of the problem was this section:
afterEvaluate {
url version.endsWith("SNAPSHOT") ? snapshotsUrl : releasesUrl
}
This feature works with Gradle 5.X version however, I was using Gradle 4.8. That lead to null instead of propper url value...
Unfortunately, it took a while since the exception message does not suggest where the problem was.
I want tagsoup jar as dependency for one of my test case which reads a html.
In my build.gradle I have done these changes
asciidoctorj {
version = '1.5.4'
}
repositories {
maven {
url "http://mvn-nexus.my.company:8081/nexus/content/groups/public/"
}
mavenCentral()
}
compile(
'org.codehaus.groovy:groovy-all:2.4.14',
'org.codehaus.groovy.modules.http-builder:http-builder:0.7',
'org.apache.httpcomponents:httpclient:4.5.2',
'org.apache.httpcomponents:httpmime:4.5.2',
'commons-cli:commons-cli:1.2',
'ant:ant:1.7.0',
'com.cloudbees:groovy-cps:1.19',
'org.codehaus.gpars:gpars:1.2.1'
)
testCompile(
'junit:junit:4.12',
'org.codehaus.groovy:groovy-all:2.4.14',
'org.spockframework:spock-core:1.1-groovy-2.4',
'org.mockito:mockito-core:2.12.0',
'com.athaydes:spock-reports:1.4.0',
'org.slf4j:slf4j-api:1.7.13',
'org.slf4j:slf4j-simple:1.7.13',
'com.lesfurets:jenkins-pipeline-unit:1.0',
'org.ccil.cowan.tagsoup:1.2.1'
)
varsCompile sourceSets.main.output
}
But I get the following error in my jenkins build while building this project
What went wrong:
Could not resolve all files for configuration ':testCompileClasspath'.
Could not find org.ccil.cowan.tagsoup:0.9.7:.
Required by:
project :
What am I missing?
You miss the artefact name. Try :
'org.ccil.cowan.tagsoup:tagsoup:1.2.1'
I googled for ages now and I give up, the buzz word Groovy + Jenkins is bringing up so many false flags...
I have a Groovy project I developed in IntelliJ, it contains also a JUnit.groovy with unit tests. Now this is a script for SoapUI, no need for Maven, Ant nor Grails, but I would like to be able to compile those files on Jenkins and run the unit tests after. Is it possible to build and test those files on Jenkins? So far all solutions seem to be me manually running groovyc (commited with my repository) and then running JUnit on the JUnit.class.
So before I start to dig deeper and write a Maven, Grails or Ant file, is there another way that does not involve me pushing the GroovySDK on my git? Or is there may be a simple build script, not involving 20 libraries and steps that would build the groovy sources and run the JUnit tests :) ?
I'm new to Jenkins obviously ;), thanks for your input.
Update:
So for all as newbie as me, what was required? First I changed my local source code to a gradle project (remember to activate AutoImport in IntelliJ) and also activate the creation of the JUnit xml and since I do not use Maven and the system is "offline" we have the libs in git anyway so my build.gradle is:
version '2.5-SNAPSHOT'
apply plugin: 'groovy'
dependencies {
compile fileTree(dir: '../Library', include: ['*.jar'])
}
test {
reports {
junitXml.enabled = true
html.enabled = true
}
}
sourceCompatibility = 1.8
set up gradle wrapper for the project via gradle wrapper for the gradlew.bat
then I added a post-commit in my git-/.hooks/ so my Jenkins is triggered upon commit via curl http://jenkins:8080/git/notifyCommit?url=https://git.git&branches=dev
finally set up a pipeline on jenkins:
#!groovy
node {
stage('Checkout') {
git branch: 'dev', credentialsId: 'youwish', url: 'https://git.git'
}
stage('Build') {
dir('./Modules') {
gradle('clean')
gradle('compileTestGroovy')
}
}
stage('UnitTest') {
dir('./Modules') {
gradle('test')
junit '/build/test-results/**/TEST-*.xml'
}
}
stage('IntegrationTest') {
stage('CodeTableDownload') {
dir('./SoapUi') {
bat 'AutoRun.bat'
junit '/results/**/*-JUNIT.xml'
}
}
}
}
def gradle(command) {
bat "./gradlew.bat $command"
}
There's a Groovy plugin for Jenkins that will let you execute Groovy scripts on Jenkins.
But, why not let something like Gradle do the build and run the test for you? A minimal Gradle build file for Groovy that will do both is:
apply plugin: 'groovy'
repositories {
jcenter()
}
dependencies {
compile 'org.codehaus.groovy:groovy-all:2.4.12'
testCompile 'junit:junit:4.12'
}
You don't have to commit the GDK, just declare a dependency.