I'm trying to user Sonarqube with Jenkins.
I've added the Quality Gates Plugin, to fail the build in Jenkins if the Quality Gates are not respected in Sonarqube.
However, as you can see below, there is no Project Key field for Quality Gates.
Also, if I try to save the configuration, I get:
JSONObject["projectKey"] not found.
Any idea why this would not appear?
In http://jenkinsInstance/configure I had setup SonarQube only in "SonarQube servers" but not in "Quality Gates" as well.
I have the same issue. I also didn't initially add the sonar server in the system config, after doing that, I see the Project Key field only in the Post Build Actions.
That doesn't help if you want to add it as a build step or post build step.
EG. maven install with sonar scan, then test the gate, then if gate passes, maven deploy.
You have to configure SonarCube Servers first, then configure QualityGates.
This will solve the issue.
Related
I have installed sonar and jenkins. Now I want to add Sonarqube into Jenkins. But in the manage plugins, it doesn't show me the Sonarqube.the display I get
SonarQube is a standalone server. It offers a web user interface to visualize bugs, code smells and vulnerabilities. You cannot include this web-ui SonarQube in Jenkins.
However, you can trigger a scan as part of your Jenkins job. This scan can "send" its findings into a SonarQube installation - either hosted by your own (on-premise), or using the hosting offer at sonarcloud.io.
There are a couple of different ways to include the scanner in your job, but the setup is specific to your programming language and build tools (Maven, VisualStudio, command line, ...). Check the sonarcloud docs for the way, that fit's best to your situation.
When I do some code changes and push the code to Gerrit. Jenkins build gets triggered and we usually get verified voting +1 or -1 depending on the result on to the Gerrit UI for that change.
Currently, we observed that for any of the compilation errors it is not reporting on to the Gerrit. And this happens only for compilation errors, not for failing tests, failing git checkouts or other reasons that make a build fail.
Below I've mentioned the version details. Any suggestions will be highly appreciated.
Gerrit Version: 2.14.2
Jenkins Version: 1.642.3
Gerrit-Trigger plugin: 2.18.3
Project: Java project
Build Tool: Maven
Regards
Sharieff.
That's intended for an "Unstable build" (i.e. compile/build errors but not a test error) in the default Gerrit-trigger configuration.
Take a look at your "Gerrit Reporting Values" for the project/default configuration.
If you want to use the "verify" label for unstable (i.e. compile errors) and failed (test errors) builds, configure the verify values like seen below.
(iirc the default configuration uses code-review = -1 for unstable, for this the used gerrit account needs the permission to submit a code-review label)
I m trying to fail a build in my Jenkins server using the Quality Gate plugin (v2.5). In my jenkins i have installed SonarQube plugin (v2.4.4) and SonarQube Scanner v2.6.1. I have configured a SonarQube server as well v5.6
I have defined a quality gate (for eg bugs > 10) in my server for the project which i m building using my Jenkins server. I have created a freestyle job for the same in Jenkins. What i want to achieve is the build in Jenkins should fail whenever the Quality Gate requirement is not met.
I use the "Execute SonarQube Scanner" option in my build step in Jenkins and the Quality Gate option in the post build action (with my project key). I have defined the parameters for sonar analysis in the Analysis Properties section.
Currently, when the quality gate threshold is not met the status changes to failed on the SonarQube server but the build is passed in Jenkins. During the next execution of the same job in Jenkins the build is failed by the Quality Gate. That is the build status is not changed in synchronization with the SonarQube server but in the following execution,
Can you pls let me know what m i missing here ?
it's been a while since you posted this but maybe I can help at least with my understanding.
In SonarQube 5.6 (don't know when this changed) the build analysis is been analysed in a background task in SonarQube. So the Jenkins Build is finished after it posted the analysis to the server and the build is finished long before the background task on the SonarQube server is finished.
During or on the end of the background task in SonarQube it checks the QualityGate.
So the Jenkins plugin get's always "outdated" QualityGate status at least with SonarQube versions higher than 5.6.
It's possible to extend the Jenkins plugin and add a "wait for background task" option. Of course this would lead longer build times in Jenkins. This is already done in this fork of the "Quality Gates Plugin".
Hope this all right :-)
see the also the doku here
I have a number of projects that need to be analysed by SONAR from jenkins. These projects include ant and maven projects. I have created a separate job for each SONAR analysis in jenkins.
Is it possible to have a single jenkins job in which I can pass some parameters from each individual sonar job and then see the dashboard?
If so, how do i go about it?
This solution is for Subversion and Maven.
Install the Parameterized Trigger Plugin
Create a Maven job for the SonarQube analysis, eg. _common-sonar with these settings:
Source Code Management: "Subversion", Repository URL: $PREVIOUS_SVN_URL, Check-out Strategy: "Always check out a fresh copy"
Build: Goals and options: install
Post-build Actions: "Sonar"
For the job you want to run analysis on add a Post-build Action "Trigger parameterized build on other projects" with these settings:
Projects to build: _common-sonar
Add Predefined parameters: Parameters: PREVIOUS_SVN_URL=${SVN_URL}
Now when the job-to-analyse completes it triggers the analysis job. The analysis job checks out the same SVN URL which was used by the first job.
This solution works without scripting or copying workspaces but there are quite obvious limitations and non-ideal features:
the build command is always only mvn install
the SVN checkout may be from different revision than original build
checkout and build are always done from scratch
I didn't consider ant at all here.
Improvement ideas are quite welcome!
Late improvement edit:
Instead of using a maven build ( in _common-sonar), you may also use SonarQube directly by invoking a Standalone SonarQube analysis
Additionally to the SVN URL you can add a parameter for the build tag and project name to use in sonar. Simply add
NAME=YOUR_PROJECT_NAME
BUILDTAG=$BUILD_TAG
beneath the PREVIOUS_SVN_URL parameter.
In your _common-sonar you can use it with ${NAME} and ${BUILDTAG}.
In a similar need I had once, I created a single job, which pulled sources of several projects (each to its own sub-folder in job's workspace).
Then, I wrote a simple shell script that looped over all directories and ran the sonar analysis.
The job had the sonar post build plugin which showed an aggregated report.
Unfortunately, I don't have an example as this was some years ago, but you can make it work.
I hope this helps.
I am using Maven as a build tool and Jenkins as a CI tool. Currently I have a Jenkins job configured with a Maven build step.
I started using SonarQube and was wondering what is the advantage of using the Jenkins SonarQube plugin and configuring the SonarQube analysis as a post-build-action over simply adding sonar:sonar to the goals of my existing Maven build step.
Thanks and best regards,
Ronald
You can save a lot of configuration. So, if you use jenkins sonar plugin you can centralize database credentials and sonar credentials but if you make a decision about execute sonar:sonar in each jenkins job you will configure each with the same credentials.
I just found: Why use sonar plugin for Jenkins rather than simply use maven goal "sonar:sonar"?
And to add one reason: Using the Jenkins SonarQube plugins one can specify "Skip if triggered by SCM Changes". This is nice if you trigger your Jenkins job for each commit but only want to do a SonarQube analysis at a scheduled time, e.g. one per night.
And here is a summary of the the points made by "emelendez":
Centralize database credentials and sonar credentials Use jenkins
Use jenkins sonar plugin configuring SonarRunner for non Java projects
I've just changed to maven-sonar-plugin from the Jenkins SonarQube plugin to avoid divergence of information between the pom.xml and sonar-project.properties.
For example, developers elsewhere had bumped the project version number in the pom.xml, but they don't use the Jenkins builds and didn't care about the sonar-project.properties (or probably understand it). By switching to the maven plugin instead, the project version is defined once and referenced in the sonar property set within the pom.
The downside is that I no longer have the SonarQube link from the project's Jenkins page.
I'm not sure where the responsibility might be for adding this link back for projects using maven-sonar-plugin... The link is "owned" by the Jenkins SonarQube Plugin, but this is not being used here. Meanwhile the maven-sonar-plugin component is integrating with maven not Jenkins.
Something would need to observe the build and extract the SonarQube link which is emitted as a [INFO] ANALYSIS SUCCESSFUL, you can browse http://... line in the log.