For my project, we have made the job on Jenkins GUI. Non declarative.
Tasks are :-
GIT scm
Maven clean install goal
Sonar scanner
Quality gate
War to artifactory
I have defined, sonar scanner in post build steps and deploy to artifactory in post build actions.
Now in console output, order of execution is like war is getting published first and then sonar scanner runs code quality check.
However, i want sonar scanner to execute first.
Can someone please guide me on how i can achieve this ?
Are you using the Sonar Scanner for maven plugin?
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/
You should just be able to add 'sh mvn clean build sonar:sonar' in your Jenkins pipeline and the plugin will do the rest. It will run the unit test, run jacoco if you have it configured, and report it back to sonar.
Related
I am trying to run my sonar scanner from jenkins and I want my jenkins job to fail when the Quality gate at sonar is not met.
I have configured sonar host and sonar scanner with jenkins at global tool level, my project analysis is uploaded in sonar, but the jenkins job is still passing. what am i doing wrong.
so, basically I am trying to achieve this https://blog.sonarsource.com/breaking-the-sonarqube-analysis-with-jenkins-pipelines/ , I can do it via pipelines, but I want to achieve the same thing via a jenkins job.
Here is my job
just clone a project and run sonar scanner.
this is the build step
git clone 'https://github.com/SonarSource/sonar-scanning-examples.git # clone
cd $WORKSPACE # goto cloned workspace
Here are the properties passed to sonarscanner
Analysis properties:
sonar.projectKey=org.sonarqube:sonarqube-scanner
sonar.java.binaries=.
sonar.qualitygate.wait=true
I believe sonar.qualitygate.wait=true this is the extra step that I need to do at sonar scanner step.
I want my jenkins job to fail, as soon as Quality gate fails.
Why after successful analysis at jenkin, my project is empty at sonarqube.
Console output at jenkin:-
Sonarqube scanner details:-
Sonarqube/localhost details:-
Install Swift plugin in sonar. By default sonar check only java code. Then run jenkins job again.
I am trying to run a SonarQube scan from Jenkins job. I have the SonarQube Scanner for Jenkins plugin installed v2.6.1 running on local Jenkins (for dev only);
I have seen conflicting reports on whether or not you can run SonarQube on a different server then Jenkins. It wouldn't make sense if you could not do that... if you can, instructions on how to accomplish it would be great. Simply putting in the URL to the SQ server where Jenkins expects a directory to Sonar Runner locally, does not work.
Jenkins and SonarQube do not have to be on the same machine.
The SonarQube plugin in Jenkins will run one of these three scanners:
SonarQube Scanner
SonarQube Scanner for Maven
SonarQube Scanner for MsBuild
Depending on which scanner you use, it works a bit differently:
For the SonarQube Scanner, pass -Dsonar.host.url=http://your.host:1234 as additional arguments. (or add it to your sonar.properties file)
For the SonarQube Scanner for Maven, add -Dsonar.host.url=http://your.host:1234 to your maven build step.
For the SonarQube Scanner for MsBuild, add /d:sonar.host.url=http://your.host:1234 to your MsBuild.exe call.
Ok, I see in the Checkstyle and Jenkins documentation, that Jenkins will fail the build and not perform any more build steps after the checkstyle build step which has violations. However, I would like Jenkins to continue on with the next build step - ideas?
If you are using Maven to build your project, the easiest solution is to add this property in your Maven CLI:
mvn clean install -Dcheckstyle.skip=true
I am using Maven as a build tool and Jenkins as a CI tool. Currently I have a Jenkins job configured with a Maven build step.
I started using SonarQube and was wondering what is the advantage of using the Jenkins SonarQube plugin and configuring the SonarQube analysis as a post-build-action over simply adding sonar:sonar to the goals of my existing Maven build step.
Thanks and best regards,
Ronald
You can save a lot of configuration. So, if you use jenkins sonar plugin you can centralize database credentials and sonar credentials but if you make a decision about execute sonar:sonar in each jenkins job you will configure each with the same credentials.
I just found: Why use sonar plugin for Jenkins rather than simply use maven goal "sonar:sonar"?
And to add one reason: Using the Jenkins SonarQube plugins one can specify "Skip if triggered by SCM Changes". This is nice if you trigger your Jenkins job for each commit but only want to do a SonarQube analysis at a scheduled time, e.g. one per night.
And here is a summary of the the points made by "emelendez":
Centralize database credentials and sonar credentials Use jenkins
Use jenkins sonar plugin configuring SonarRunner for non Java projects
I've just changed to maven-sonar-plugin from the Jenkins SonarQube plugin to avoid divergence of information between the pom.xml and sonar-project.properties.
For example, developers elsewhere had bumped the project version number in the pom.xml, but they don't use the Jenkins builds and didn't care about the sonar-project.properties (or probably understand it). By switching to the maven plugin instead, the project version is defined once and referenced in the sonar property set within the pom.
The downside is that I no longer have the SonarQube link from the project's Jenkins page.
I'm not sure where the responsibility might be for adding this link back for projects using maven-sonar-plugin... The link is "owned" by the Jenkins SonarQube Plugin, but this is not being used here. Meanwhile the maven-sonar-plugin component is integrating with maven not Jenkins.
Something would need to observe the build and extract the SonarQube link which is emitted as a [INFO] ANALYSIS SUCCESSFUL, you can browse http://... line in the log.