Jenkins doesn't pick up Quality Gate failure - jenkins

I want my Jenkins build to fail if the code doesn't have 90% test coverage. For that, I have installed the Quality Gates plugin, which should check the SonarQube analysis.
I have the following configuration in Jenkins, under Quality Gates:
Name: SonarQubeServer
SonarQube Server URL: http://my-server.com:9000
SonarQube account login: admin
SonarQube account password: ****
SonarQube displays: Quality Gate Failed
Jenkins displays: SonarQube analysis completed: SUCCESS and the build passes.
Any idea why Jenkins doesn't get that the quality gate failed?

Eventually I realised that I should have added Quality Gates as a Post Build Action for every job I was using it on.

You can do that with the Shell commands: sharing this info if someone needs it
To mark build as failure when Quality gate is not passed using Sonar Rest api. Add “Execute Shell” after Sonar Step and use below code
Tip : Introduce sleep time of 10s before this step , just to ensure that Sonar site is updated with task result status.
Fetching TASKURL from report-task.txt in workspace
url=$(cat $WORKSPACE/.sonar/report-task.txt | grep ceTaskUrl | cut -c11- )
Fetching Task attributes from Sonar Server
curl -u admin:${admin_pwd} -L $url | python -m json.tool
Setting up task status to check if sonar scan is completed successfully.
curl -u admin:${admin_pwd} -L $url -o task.json
status=$(python -m json.tool < task.json | grep -i "status" | cut -c20- | sed 's/.(.)$/\1/'| sed 's/.$//' )
echo ${status}
If SonarScan is completed successfully then set analysis ID & URLS.
if [ $status = SUCCESS ]; then
analysisID=$(python -m json.tool < task.json | grep -i "analysisId" | cut -c24- | sed 's/.(.)$/\1/'| sed 's/.$//')
analysisUrl="https://sonar.net/api/qualitygates/project_status?analysisId=${analysisID}
echo ${analysisID}
echo ${analysisUrl}
else
echo "Sonnar run was not sucess"
exit 1
fi
Fetching SonarGate details using analysis URL
curl -u admin:$admin_pwd ${analysisUrl} | python -m json.tool
curl -u admin:$admin_pwd ${analysisUrl} | python -m json.tool | grep -i "status" | cut -c28- | sed 's/.$//' >> tmp.txt
cat tmp.txt
sed -n '/ERROR/p' tmp.txt >> error.txt
cat error.txt
if [ $(cat error.txt | wc -l) -eq 0 ]; then
echo "Quality Gate Passed ! Setting up SonarQube Job Status to Success ! "
else
exit 1
echo "Quality Gate Failed ! Setting up SonarQube Job Status to Failure ! "
fi
Cleaning up the files
unset url
unset status
unset analysisID
unset analysisUrl
task.json
tmp.txt
error.txt

In response to Sri who has some type/errors in his solution.
This is sonar4.5.5 building using sonar-scanner
if [ -e tmp.txt ];
then
rm tmp.txt
rm error.txt
rm task.json
fi
sleep 5
cat $WORKSPACE/.scannerwork/report-task.txt
url=$(cat $WORKSPACE/.scannerwork/report-task.txt | grep ceTaskUrl | cut -c11- )
echo $url
curl -u admin:pswd -L $url | python -m json.tool
curl -u admin:pswd -L $url -o task.json
status=$(python -m json.tool < task.json | grep -i "status" | cut --delimiter=: --fields=2 | sed 's/"//g' | sed 's/,//g' )
echo ${status}
if [ $status = SUCCESS ]; then
analysisID=$(python -m json.tool < task.json | grep -i "analysisId" | cut -c24- | sed 's/"//g' | sed 's/,//g')
analysisUrl="http://sonarserver/sonarqube/api/qualitygates/project_status?analysisId=${analysisID}"
echo ${analysisID}
echo ${analysisUrl}
else
echo "Sonar run was not success"
exit 1
fi
curl -u admin:pswd ${analysisUrl} | python -m json.tool
curl -u admin:pswd ${analysisUrl} | python -m json.tool | grep -i "status" | cut -c28- | sed 's/.$//' >> tmp.txt
cat tmp.txt
sed -n '/ERROR/p' tmp.txt >> error.txt
cat error.txt
if [ $(cat error.txt | wc -l) -eq 0 ]; then
echo "Quality Gate Passed ! Setting up SonarQube Job Status to Success ! "
else
echo "Quality Gate Failed ! Setting up SonarQube Job Status to Failure ! "
exit 1
fi

the plugin quality gates return just status :passed or failed , so you can build other job from jenkins from the result of those two flags . but if you want to make flag passed if the coverage resulat >90 % you have to configure it from sonarqube not jenkins . in this situation you can imagine this scenario :
test coverage <90 -> flag :failed . jenkins don't call other job .
test coverage >90 -> flag :passed. jenkins call other job .
i think this can help you somehow .

Related

Jenkins pass a shell script variable to a down stream job

I'm new to Jenkins.
I have a job with an "Execute Shell" Build trigger, and in that shell script i initiate some variables with values i take from some source.
I need to pass these values to a downstream job.
The values i want to pass are $IMG_NAME and $IMG_PATH from this shell script:
#!/bin/bash -x
whoami
echo "BASE_PATH: $BASE_PATH"
declare -A BRANCHES
for i in $(echo $BRANCHES_LIST | tr ',' '\n'); do BRANCHES[$i]= ; done
echo 'user' | sudo -S umount -rf /mnt/tlv-s-comp-prod/drops/
echo 'user' | sudo -S mount.nfs -o nolock,nfsvers=3 tlv-s-comp-prod:/export/drops /mnt/tlv-s-comp-prod/drops
ls /mnt/tlv-s-comp-prod/drops/
echo "cleanup workspace"
rm ${WORKSPACE}/*.txt &> /dev/null
i="0"
while [ $i -lt 6 ]
do
if [[ ${BASE_PATH} == *"Baseline"* ]]; then
unset BRANCHES[#]
declare -A BRANCHES
BRANCHES[Baseline]=
fi
for BRANCH in "${!BRANCHES[#]}"; do
echo "BRANCH: $BRANCH"
if [ $BRANCH == "Baseline" ]; then BRANCH=; fi
img_dir=$(ls -td -- ${BASE_PATH}/${BRANCH}/*/ | head -n 1)
echo "img_dir: $img_dir"
IMG_PATH=$(ls $img_dir*.rpm)
echo "IMG_PATH: $IMG_PATH"
cd $img_dir
IMG_NAME=$(ls *.rpm) > env.properties
if [ ! -z "$IMG_NAME" ]; then
if [ $(( $(date +%s) - $(stat -c %Z $IMG_PATH) )) -lt 10000800 ]; then
echo "IMG_NAME: ${IMG_NAME}"
#BRANCHES[$BRANCH]=$IMG_PATH
#echo "REG_OSA_SOFTSYNC_BUILD_IMG_FULL_PATH=${BRANCHES[$BRANCH]}" >> ${WORKSPACE}/$BRANCH.txt
echo "BRANCH_NAME=$BRANCH" >> ${WORKSPACE}/${BRANCH}_branch.txt
echo "REG_OSA_SOFTSYNC_BUILD_NAME=$BRANCH-$IMG_NAME" >> ${WORKSPACE}/${BRANCH}_branch.txt
else
echo "$IMG_NAME is out dated"
fi
else
echo "IMG_NAME is empty"
fi
BRANCH_NAME=""
done
$TEMP=$BRANCH_NAME
echo "TEMP: $TEMP"
if [ $(ls ${WORKSPACE}/*_branch.txt | wc -l) == $(echo ${#BRANCHES[#]}) ]; then break; fi
#for i in $(ls *_branch.txt); do i=$(echo $i | awk -F '_branch.txt' '{print $1}'); if [ $(echo ${!BRANCHES[#]} | grep $i | wc -l) == 0 ]; then state=1 break; fi done
i=$[$i+1]
sleep 1800
done
This is the "Trigger parameterized build on other projects" configuration:

No such file found in jenkis pipeline

Here is my groovy file
timestamps{
node('cf_slave'){
checkout scm
stage('Read the file') {
def PWD = pwd()
withEnv(["prj_option=${params.project}"]) {
def response =sh(returnStdout: true, script: 'sh \'jenkins/security/get_values.sh\'')
}
}
This is my get_values.sh file
echo "The project option is:" $prj_option
prj_name=$(echo "$prj_option" | tr '[:upper:]' '[:lower:]')
file_name="va_input_file_$prj_name.txt"
echo "The project option is:" $file_name
ls -la
chmod 775 jenkins/security/$file_name
ls -la
get_input_values() {
file=$1
IFS=''
while read line
do
if [ `echo ${line} | grep -E -c -w "NAME_SPACE" ` -gt 0 ]; then
NAME_SPACE=$(echo " ${line}" | cut -d'=' -f2)
echo "The name space value is $NAME_SPACE"
elif [ `echo ${line} | grep -E -c -w "IMAGE_NAMES" ` -gt 0 ]; then
values=$(echo " ${line}" | cut -d'=' -f2)
echo "THE DOCKERIMAGES are $DOCKER_IMAGES_NAMES"
else
echo "Please provide input for namespace and docker images to be scanned by VA_TOOl"
fi
done < ${file}
}
images=$(get_input_values ${file_name})
so here my text file is under jenkins/security folder of gitrepo but unfortunately I am getting this error:
16:05:28 + sh jenkins/security/get_values.sh
16:05:28 jenkins/security/get_values.sh: 16: jenkins/security/get_values.sh: cannot open va_input_file_icp.txt: No such file```
Unfortunately, there is a ticket for this in Jenkins (https://issues.jenkins-ci.org/browse/JENKINS-51245) which was closed as a duplicate of this ticket: (https://issues.jenkins-ci.org/browse/JENKINS-27413)
JENKINS-27413 was raised in 2015, and is still open. The File Parameter appears not to work in Jenkins Pipeline. It does however work when used in a Freestyle project. While not ideal, I would recommend changing your job to be a Freestyle project if that's feasible.

how can i create gulp task to run a script shell?

I have this script shell and i want to create task gulp to execute it.
for tag in `git tag -l | sort -V |head -n -4`
do
echo $tag
if [ -n "$(echo $tag | grep -P "(^v.*-*)")" ] then
echo VERSION=$(echo $tag | grep -P "(^v.*-*)")
git tag -d $(echo $tag | grep -P "(^v.*-*)")
git push origin :$tag
fi
done
I'm using those plugins in my gulpfile :
var gulp = require('gulp'),
shell = require('gulp-shell'),
pckg = require('./package.json'),
runSequence = require('run-sequence'),
is there any solution?

Jenkins to automate deb reprepro repository creation/signing

Problem statement:
Can sign repos from inside normal terminal (also inside docker). From jenkins job, repo creation/signing fails. Job hangs.
Configuration:
Jenkins spawns docker container to create/sign deb repository.
Private and public keys all present.
gpg-agent installed on the docker container to sign the packages.
~/.gnupg/gpg.conf file has "use-agent" enabled
Progress:
Can start gpg-agent using jenkins on the docker container.
Can use gpg-preset-passphrase to cache passphrase.
Can use [OUTSIDE JENKINS]
reprepro --ask-passphrase -Vb . includedeb ${_repo_name} ${_pkg_location}
to fetch the passphrase from gpg-agent and sign the repo.
Problem:
from inside a jenkins job, the command "reprepro --ask-passphrase -Vb ..." hangs.
Code:
starting gpg-agent:
GPGAGENT=/usr/bin/gpg-agent
GNUPG_PID_FILE=${GNUPGHOME}/gpg-agent-info
GNUPG_CFG=${GNUPGHOME}/gpg.conf
GNUPG_CFG=${GNUPGHOME}/gpg-agent.conf
function start_gpg_agent {
GPG_TTY=$(tty)
export GPG_TTY
if [ -r "${GNUPG_PID_FILE}" ]
then
source "${GNUPG_PID_FILE}" count=$(ps lax | grep "${GPGAGENT}" | grep "$SSH_AGENT_PID" | wc -l)
if [ $count -eq 0 ]
then
if ! ${GPGAGENT} 2>/dev/null then
$GPGAGENT --debug-all --options ${BASE_PATH}/sign/gpg-agent.options \
--daemon --enable-ssh-support \
--allow-preset-passphrase --write-env-file ${GNUPG_PID_FILE}
if [[ $? -eq 0 ]]
then
echo "INFO::agent started"
else
echo "INFO::Agent could not be started. Exit."
exit -101
fi
fi
fi
else
$GPGAGENT --debug-all --options ${BASE_PATH}/sign/gpg-agent.options \
--daemon --allow-preset-passphrase --write-env-file ${GNUPG_PID_FILE}
fi
}
options file:
default-cache-ttl 31536000
default-cache-ttl-ssh 31536000
max-cache-ttl 31536000
max-cache-ttl-ssh 31536000
enable-ssh-support
debug-all
saving passphrase.
/usr/lib/gnupg2/gpg-preset-passphrase -v --preset --passphrase ${_passphrase} ${_fp}
finally (for completion), sign repo:
reprepro --ask-passphrase -Vb . includedeb ${_repo_name} ${_pkg_location}

Jenkins - Configure Jenkins to poll changes in SCM

I am working with jenkins and I would like to run the maven goals when there is a change in the svn repository. I've attached a picture with my current configuration.
I know that checking the repository every 5 min is crazy. I would like to run it only when there is a new change, but I could not find the way. Anyway, it is not checking the repository. What am I doing wrong?
I believe best practice these days is H/5 * * * *, which means every 5 minutes with a hashing factor to avoid all jobs starting at EXACTLY the same time.
I think your cron is not correct. According to what you described, you may need to change cron schedule to
*/5 * * * *
What you put in your schedule now mean it will poll the SCM at 5 past of every hour.
That's an old question, I know. But, according to me, it is missing proper answer.
The actual / optimal workflow here would be to incorporate SVN's post-commit hook so it triggers Jenkins job after the actual commit is issued only, not in any other case. This way you avoid unneeded polls on your SCM system.
You may find the following links interesting:
Jenkins Wiki's post-commit hook description on Subversion Plugin's doc-site. Here you find documented example of the script you are interested in.
Hook-scripts contrib directory in the source of official Apache Foundation's Subversion's source control repository.
Similar question on StackOverflow.
In case of my setup in the corp's SVN server, I utilize the following (censored) script as a post-commit hook on the subversion server side:
#!/bin/sh
# POST-COMMIT HOOK
REPOS="$1"
REV="$2"
#TXN_NAME="$3"
LOGFILE=/var/log/xxx/svn/xxx.post-commit.log
MSG=$(svnlook pg --revprop $REPOS svn:log -r$REV)
JENK="http://jenkins.xxx.com:8080/job/xxx/job/xxx/buildWithParameters?token=xxx&username=xxx&cause=xxx+r$REV"
JENKtest="http://jenkins.xxx.com:8080/view/all/job/xxx/job/xxxx/buildWithParameters?token=xxx&username=xxx&cause=xxx+r$REV"
echo post-commit $* >> $LOGFILE 2>&1
# trigger Jenkins job - xxx
svnlook changed $REPOS -r $REV | cut -d' ' -f4 | grep -qP "branches/xxx/xxx/Source"
if test 0 -eq $? ; then
echo $(date) - $REPOS - $REV: >> $LOGFILE
svnlook changed $REPOS -r $REV | cut -d' ' -f4 | grep -P "branches/xxx/xxx/Source" >> $LOGFILE 2>&1
echo logmsg: $MSG >> $LOGFILE 2>&1
echo curl -qs $JENK >> $LOGFILE 2>&1
curl -qs $JENK >> $LOGFILE 2>&1
echo -------- >> $LOGFILE
fi
# trigger Jenkins job - xxxx
svnlook changed $REPOS -r $REV | cut -d' ' -f4 | grep -qP "branches/xxx_TEST"
if test 0 -eq $? ; then
echo $(date) - $REPOS - $REV: >> $LOGFILE
svnlook changed $REPOS -r $REV | cut -d' ' -f4 | grep -P "branches/xxx_TEST" >> $LOGFILE 2>&1
echo logmsg: $MSG >> $LOGFILE 2>&1
echo curl -qs $JENKtest >> $LOGFILE 2>&1
curl -qs $JENKtest >> $LOGFILE 2>&1
echo -------- >> $LOGFILE
fi
exit 0

Resources