Prevent SonarQube from failing Pull Request checks - jenkins

I've set up an automatic "pull request check" via jenkins/github/sonarqube integration.
The workflow is as follows:
Github pull request created by user → Github Webhook triggers, and calls Jenkins API to execute sonarqube scanner → reports to sonarqube server → sonarqube server calls github API(create commit statuses : ref https://developer.github.com/v3/repos/statuses/) and posts a comment about the PR.
The issue is that it marks the PR as check failed just because it didn't pass its code health checks. The build passed, but the code is "dirty" - and that causes the PR to be marked as unacceptable. I'd like to find a way to prevent code quality checks from appearing as an actual status of the commit, and only allow commenting.
Additional images to provide some context:
SonarQube uses a techuser account token to post its analysis summary as a comment on the PR thread. (Sorry for the black boxes, corporate stuff..)
This functionality is everything we need, nothing more.
However... the plugin does one more thing, which is marking the commit as a failure. Note that we're already using something else to check for actual build failures. Although it didn't fail, sonarqube marking the commit as failure because of code quality makes the whole commit display as a failure. I'd like to prevent sonarqube from setting branch check statuses, while letting it comment on the issue. I couldn't find an option for anything like that neither in jenkins plugin configuration nor sonarqube admin page nor sonarqube scanner script documentation.
Thanks in advance.

What you want to achieve is currently not possible when using the SonarQube GitHub plugin, since this behaviour is hardcoded in the plugin and there is no configuration option to customize this.
In upcoming versions of SonarQube and SonarCloud, pull request will have a built-in support and the behaviour will be the following:
The status will be red if there is at least an open issue on the PR analyzed by SonarQube/SonarCloud
Teams will have the ability to mark those issues as "Confirmed" in SonarQube/SonarCloud (to acknowledge that they accept this technical debt), in which case the status will be automatically turned to green in GitHub

Related

Publish the Screenshot/PDF of SonarQube Analysis Result from Jenkins to Confluence

I have a Jenkins job that will invoke SonarQube analysis on code pulled from a Bitbucket repository whenever there is any changes on the Bitbucket repository. At the moment, I was able to use the Confluence Publisher plugin to publish the URL of the build job to Confluence as a comment.
I was wondering if there is any way I could use Jenkins to screenshot the SonarQube analysis report (like in SonarQube web UI) and publish it directly to Confluence? (So that the user does not need to use the URL to go to the specific Jenkins build job, and then get the SonarQube analysis report URL, and navigate to the page to view the report)
Thank you.
Instead of using a screenshot, you can send a curl request from Jenkins to SonarQube REST API (5.3 and above) to get the project status from the quality gate after the code has been uploaded and analysed. The endpoint you'd likely want to use is: /api/qualitygates/project_status?prjectKey=<projectKey>&branch=<branch>
According to the web API docs:
Get the quality gate status of a project or a Compute Engine task.
Either 'analysisId', 'projectId' or 'projectKey' must be provided
The different statuses returned are: OK, WARN, ERROR, NONE. The NONE status is returned when there is no quality gate associated with the analysis.
Returns an HTTP code 404 if the analysis associated with the task is not found or does not exist.
Requires one of the following permissions:
'Administer System'
'Administer' rights on the specified project
'Browse' on the specified project
Once you have these results available, you can create a Jenkins user in Confluence and have Jenkins send a POST request to create a page or a comment with the results obtained.

pre-commit check or Remote-run missing with Github setup & Jenkins

Just to quote as an example one can submit a remote-run with some tool like TeamCity (similar to Jenkins) where it will apply delta/patch on what user is trying to commit & produces result whether changes is good from set-of configured checks for that project.
With Github & Jenkins, can such validation be achieved with any plugins out there?, which will avoid breaking a build?
I know with pull-request & status check one can achieve similar end-result. But without commit/push to remote repo of Git - is there a way Jenkins can handle this validation & produce initial result ??
It isn't possible to have GitHub perform checks on data it doesn't have, so if you don't push the data to the remote server, GitHub won't know anything about it and therefore will do nothing.
Jenkins does have a REST API that you could use to do this, provided you equipped each developer with appropriate credentials. However, this is not a common situation and wouldn't be a recommended configuration.
You'd be better off with a script in the repository that users could install as a hook or invoke from a hook that would perform the testing you want. If your CI jobs run a script in your repository, then sharing code between them should be easy.
Note that you shouldn't mandate pre-commit hooks, since they can interfere with advanced users (who may make intentionally incomplete temporary commits) and they can be disabled by users. Any sort of required checks should be done as part of CI, where policy can be enforced appropriately.

Updating JIRA issues from gitlab pipeline

I want to move an issue to the deployed stage (transition) when the gitlab pipeline of a merge request has finished. Is that even possible?
My Idea so far:
The pipeline is related to that specific issue by both the branch name (see 1.) of the merge request and also the message of that merge request like so "Finish PV-1234".
I can parse the issue key from the branch name.
I can call a server to run a script making the Jira api call.
If you directly want to close the issu, look into the gitlab jira integration docs - therefore you have to add a description to your MR, to tell the integration to close the issue, as soon as the MR was merged.
If you want more control, write yourself a simple script, that first gets the ids of the available transition (You can get them via /rest/api/3/issue/{issueIdOrKey}/transitions see here) and after that posts the transition you want (You can do that by posting on the same endpoint, as the get command mentioned before see here).
Sad that the jira integration doesn't provide more issue-movement than jsut closing issues...

jenkins pipeline : how to avoid that a gerrit change verify job is superseded by a newer change

I have a pipeline running, triggered by several gerrit review hooks.
e.g.
branch-v1.0
branch-v2.0
normally i receive my verifies accordingly to the result of the appropriate job run. E.g. run finished successfully with passed tests, i get the verified+1 back in my gerrit system.
My problem:
If there is running a job for verifying my gerrit change, a newer "verify job" of another change or patch, is always canceling the current running job. It doesn't matter whether the change comes from a different branch or not. Also no difference if the new change has something to do with the current one. The current running change is always superseded.
in the console:
In this case the job A canceled an older B and later A was canceled by a newer job C
Canceling older #3128
Waiting for builds [3126]
Canceled since #3130 got here
So, does anybody know how to avoid the canceling of the current running job?
I wanted to use the Multi-Branch pipeline (but i really do not know if this helps), but the gerrit plug-in is currently not supported by the Multi-Branch pipeline or the blue ocean project. As far as i know.
https://issues.jenkins-ci.org/browse/JENKINS-38046
There is a new gerrit plug-in in development, but there is no information when this will be available (or is 'production ready'). See the following comment in the issue.
lucamilanesio added a comment - 2017-08-18 15:40
Thanks for your support!

Workflow action not executed in Jira Issue Updater plugin

So currently I am trying to progress my JIRA workflow with the Jira Issue Updater plugin in Jenkins. Attached are my config screenshot and my workflow. However i get this error when I execute a commit triggered build.
JIRA Update Results Recorder
Unable to connect to REST service
java.io.IOException: Server returned HTTP response code: 400 for URL: http://*******:9055/rest/api/2/search?jqlFinished: SUCCESS
This does not have any effect on my Jira workflow.
Thanks for the help in advance and let me know if more information is needed.
Hadi
EDIT: I got a 404 meaning the JQL is incorrect, but when I try to use that in incognito mode I get an empty string, However, if i am locally logged in, I get all issues in xml format.
Workflow
Jenkins Jira Config
I ended up using the JIRA plugin instead.
I used Progress JIRA Issues by workflow action step after build successful phase.
Attaching a screenshot of the configuration.
I am still trying to figure how to pull the issue number from the commit message for this action.
JIRA PLUGIN CONFIG
This is a following question and answer if anybody else gets stuck:
How can I get JIRA issue number from a commit message in Jenkins

Resources