I just concluded my GitHub integration with Jenkins so that every time I commit code to my GitHub repository, Jenkins automatically builds.
Now I'm trying to integrate SonarCloud too but I haven't been successful.
I'm not looking to integrate with a local SonarQube server, I really need SonarCloud for my team to check it every time Jenkins builds.
I'm not sure if I should analyse the project locally to achieve this or if I can analyse my Jenkins server or GitHub repository and get the result I want because I can't find any documentation.
Can anyone point me in the right direction?
Thank you!
Sonarcloud is just a sonarqube server.
Just use sonar-scanner(the documentation for jenkins can be found here).
At first, you need to install the jenkins plugin for sonar-scanner.
After that, you open the configuration of sonar-scanner using Manage Jenkins > Configure System.
Insert https://sonarcloud.io under Server URL and your sonar token(of sonarclound) under Server authentication token
Under Manage Jenkins > Configure System, you should check Enable injection of SonarQube server configuration as build environment variables and in Build Environment in your job, you should enable Prepare SonarScanner environment.
After you've done that, you can run sonar-scanner with $SONAR_MAVEN_GOAL (if you are using maven), ./gradlew sonarqube (if you are using gradle) or sonar-scanner (if you use none of that).
Related
I use Jenkins for Continuous Integration, and I plan to add SonarQube to its tasks. I know it is possible to run SonarQube server and database remotely from the scanner, thanks to the documentation.
I tried to install sonarqube and sonarscanner plugins in Jenkins, setting up a slave connected to the server hosting sonarqube and sonarscanner, but Jenkins can't trigger a scan.
I also don't understand how Sonar would get the code ? Is Jenkins supposed to send it all to the server ?
Or do I have to manage the pulling from the repository on the server hosting Sonar ?
You're correct, the scanner must be on the build machine.
we would like to start a sonarqube analyze on developers' branches (bitbucket) just before pull requests via jenkins . Is there a sample solution?as far as i understood "sonar for bitbucketserver" plugin only shows the analysis results it does not trigger sonarqube analysis . Our scanner will be on jenkins
without a CI tool I was able to trigger analysis by adding the plugin sonar-stash to sonarqube. This way integrating with Bitbucket. Command I executed in sonarqube server, under sonar-scanner/bin folder:
./sonar-scanner -Dsonar.analysis.mode=preview
-Dsonar.stash.notification=true
-Dsonar.stash.project=JAVA
-Dsonar.stash.repository=abcd
-Dsonar.stash.pullrequest.id=2
-Dsonar.stash.password=**********
I am trying to find a solution to automate installation and configuration of Jenkins & SonarQube. The idea is to provide an easy to use provisioning utility for setting up CI. Ideally I would love to automate the following
Installation
Set up users,Build, Unit testing and Code coverage
Is there an SDK, CLI or similar which can be used from batch script?
Thanks
You can use the Jenkins docker image for the installation part - even if you're not using Docker you can still copy the installation procedure:
https://github.com/jenkinsci/docker
For the setup of jobs I would recommend the Job DSL:
https://github.com/jenkinsci/job-dsl-plugin
For the rest you can use the Jenkins CLI or you can manually configure it once and then extract the corresponding XML file from the Jenkins home and copy it into other installations.
I am using Maven as a build tool and Jenkins as a CI tool. Currently I have a Jenkins job configured with a Maven build step.
I started using SonarQube and was wondering what is the advantage of using the Jenkins SonarQube plugin and configuring the SonarQube analysis as a post-build-action over simply adding sonar:sonar to the goals of my existing Maven build step.
Thanks and best regards,
Ronald
You can save a lot of configuration. So, if you use jenkins sonar plugin you can centralize database credentials and sonar credentials but if you make a decision about execute sonar:sonar in each jenkins job you will configure each with the same credentials.
I just found: Why use sonar plugin for Jenkins rather than simply use maven goal "sonar:sonar"?
And to add one reason: Using the Jenkins SonarQube plugins one can specify "Skip if triggered by SCM Changes". This is nice if you trigger your Jenkins job for each commit but only want to do a SonarQube analysis at a scheduled time, e.g. one per night.
And here is a summary of the the points made by "emelendez":
Centralize database credentials and sonar credentials Use jenkins
Use jenkins sonar plugin configuring SonarRunner for non Java projects
I've just changed to maven-sonar-plugin from the Jenkins SonarQube plugin to avoid divergence of information between the pom.xml and sonar-project.properties.
For example, developers elsewhere had bumped the project version number in the pom.xml, but they don't use the Jenkins builds and didn't care about the sonar-project.properties (or probably understand it). By switching to the maven plugin instead, the project version is defined once and referenced in the sonar property set within the pom.
The downside is that I no longer have the SonarQube link from the project's Jenkins page.
I'm not sure where the responsibility might be for adding this link back for projects using maven-sonar-plugin... The link is "owned" by the Jenkins SonarQube Plugin, but this is not being used here. Meanwhile the maven-sonar-plugin component is integrating with maven not Jenkins.
Something would need to observe the build and extract the SonarQube link which is emitted as a [INFO] ANALYSIS SUCCESSFUL, you can browse http://... line in the log.
There is a sonar plugin for jenkins, it triggers the sonar build inside CI (jenkins), it is useful.
While now I want to see the sonar result inside jenkins without jumping to sonar websites, it is useful if I just want to see some key data for this job.
It could be sonar-report plugin in jenkins.
Do you have similar needs ?
One ugly solution I used so far is to use Sonar Web API.
I add one curl command in the end of job (build steps) to fetch the needed metrics like
curl http://sonar.sh.cn.ao.ericsson.se//api/resources?metrics=qi-quality-index,coverage,test_success_density&resource=54936 --output sonar-result.xml
Then I archive the sonar-result.xml to make it visible inside the job.
You can try using Mashup Portlets plugin for Jenkins to configure the results in Jenkins Dashboard.
PFB URL for the plugin.
URL:- https://wiki.jenkins-ci.org/display/JENKINS/Mashup+Portlets