Jenkins Warning Plugin and SonarQube Scanner - jenkins

For my project, I want use the Warning Plugin on Jenkins. The result is a XML file. And I have a plugin SonarQube for read this file.
However, the Warning plugin is execute after the Sonar Scanner analysis. Warning plugin is in "Post build actions" and the Sonar Scanner analysis is in "Post build step". So the XML file can't be read by my SonarQube Plugin cause this file doesn't exist when the SonarQube Scanner runs.
Someone has a solution ?
Thanks a lot guys.

You have to create another Job to read the XML in Post build actions. So in your current Job you must execute the plugin in Post build actions to create the XML. So in Post build step call the new job created. It makes the XML enable to read.

Related

Sonar scanner execution order jenkins job

For my project, we have made the job on Jenkins GUI. Non declarative.
Tasks are :-
GIT scm
Maven clean install goal
Sonar scanner
Quality gate
War to artifactory
I have defined, sonar scanner in post build steps and deploy to artifactory in post build actions.
Now in console output, order of execution is like war is getting published first and then sonar scanner runs code quality check.
However, i want sonar scanner to execute first.
Can someone please guide me on how i can achieve this ?
Are you using the Sonar Scanner for maven plugin?
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/
You should just be able to add 'sh mvn clean build sonar:sonar' in your Jenkins pipeline and the plugin will do the rest. It will run the unit test, run jacoco if you have it configured, and report it back to sonar.

Upload analysis results to SonarQube using Jenkins

I have to Upload analysis results to SonarQube using Jenkins. Please suggest me.
My XML path is - C:\UC\UC_Cart\results.xml. Do I need to download any plugins for the same.
My Issue- How to End Analysis under Sonarqube Scanner for MSBuild.
I mean..Where should I include this section in Jenkins
End the SonarQube Analysis and upload it to the SonarQube server
MSBuild.SonarQube.Runner.exe end
https://docs.sonarqube.org/pages/viewpage.action?pageId=6389772
Followed this URL
You're missing the End Analysis step, which you should find in the list of available build steps. Add it to your job after the build and the analysis report should be sent automatically to the server. There are specifics in the docs.

Setting up gradle org.sonarqube plugin sonar analysis task (sonarqube) in jenkins

As per the recent announcement on Gradle forum, the Sonar Plugin and Sonar Runner Plugin are being deprecated in favor of the SonarQube plugin. Can someone share any links (documentation or blogs) that demonstrate setting this up in Jenkins. I tried this on the local setup and gradle sonarqube task works great.
Should we continue to use the "Invoke Standalone Sonar Analysis" (from Jenkins-Sonar plugin) build step in a freestyle Jenkins job? With the default settings, it doesn't infer mandatory information like sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources from the build.gradle file. To provide it manually for a multi-module project is painful (particularly for sonar.libraries and sonar.binaries). One could think to generate a sonar-project.properties file as part of a custom gradle task that will subsequently be used by the Standalone Sonar analysis step.
However, it seems that this a generic requirement and I feel that there might be a simpler way out in in the Jenkins-Sonar plugin. Could someone familiar with the Jenkins-Sonar Plugin shed some light on it?
System info:
Gradle 2.5
Jenkins 1.560
SonarQube 4.5
SonarQube Gradle Plugin 1.0
Sonar Runner 2.3
Jenkins Sonar Plugin 2.2
JDK 1.8
Linux 2.6
Thanks in advance!
EDIT:
I did not want to put the database username and password of the remote sonarqube instance in my gradle build file and hence don't want to use the existing 'sonarqube' task.
I think that you are referring to the following improvement that we want to do on the Jenkins SonarQube plugin: SONARJNKNS-217
This should come sooner or later. In the meantime, you're right, there's no easier way than what you described - unfortunately.

Single Jenkins job for SONAR analysis of multiple projects

I have a number of projects that need to be analysed by SONAR from jenkins. These projects include ant and maven projects. I have created a separate job for each SONAR analysis in jenkins.
Is it possible to have a single jenkins job in which I can pass some parameters from each individual sonar job and then see the dashboard?
If so, how do i go about it?
This solution is for Subversion and Maven.
Install the Parameterized Trigger Plugin
Create a Maven job for the SonarQube analysis, eg. _common-sonar with these settings:
Source Code Management: "Subversion", Repository URL: $PREVIOUS_SVN_URL, Check-out Strategy: "Always check out a fresh copy"
Build: Goals and options: install
Post-build Actions: "Sonar"
For the job you want to run analysis on add a Post-build Action "Trigger parameterized build on other projects" with these settings:
Projects to build: _common-sonar
Add Predefined parameters: Parameters: PREVIOUS_SVN_URL=${SVN_URL}
Now when the job-to-analyse completes it triggers the analysis job. The analysis job checks out the same SVN URL which was used by the first job.
This solution works without scripting or copying workspaces but there are quite obvious limitations and non-ideal features:
the build command is always only mvn install
the SVN checkout may be from different revision than original build
checkout and build are always done from scratch
I didn't consider ant at all here.
Improvement ideas are quite welcome!
Late improvement edit:
Instead of using a maven build ( in _common-sonar), you may also use SonarQube directly by invoking a Standalone SonarQube analysis
Additionally to the SVN URL you can add a parameter for the build tag and project name to use in sonar. Simply add
NAME=YOUR_PROJECT_NAME
BUILDTAG=$BUILD_TAG
beneath the PREVIOUS_SVN_URL parameter.
In your _common-sonar you can use it with ${NAME} and ${BUILDTAG}.
In a similar need I had once, I created a single job, which pulled sources of several projects (each to its own sub-folder in job's workspace).
Then, I wrote a simple shell script that looped over all directories and ran the sonar analysis.
The job had the sonar post build plugin which showed an aggregated report.
Unfortunately, I don't have an example as this was some years ago, but you can make it work.
I hope this helps.

What is the advantage of the Jenkins SonarQube plugin over adding sonar:sonar to maven build step

I am using Maven as a build tool and Jenkins as a CI tool. Currently I have a Jenkins job configured with a Maven build step.
I started using SonarQube and was wondering what is the advantage of using the Jenkins SonarQube plugin and configuring the SonarQube analysis as a post-build-action over simply adding sonar:sonar to the goals of my existing Maven build step.
Thanks and best regards,
Ronald
You can save a lot of configuration. So, if you use jenkins sonar plugin you can centralize database credentials and sonar credentials but if you make a decision about execute sonar:sonar in each jenkins job you will configure each with the same credentials.
I just found: Why use sonar plugin for Jenkins rather than simply use maven goal "sonar:sonar"?
And to add one reason: Using the Jenkins SonarQube plugins one can specify "Skip if triggered by SCM Changes". This is nice if you trigger your Jenkins job for each commit but only want to do a SonarQube analysis at a scheduled time, e.g. one per night.
And here is a summary of the the points made by "emelendez":
Centralize database credentials and sonar credentials Use jenkins
Use jenkins sonar plugin configuring SonarRunner for non Java projects
I've just changed to maven-sonar-plugin from the Jenkins SonarQube plugin to avoid divergence of information between the pom.xml and sonar-project.properties.
For example, developers elsewhere had bumped the project version number in the pom.xml, but they don't use the Jenkins builds and didn't care about the sonar-project.properties (or probably understand it). By switching to the maven plugin instead, the project version is defined once and referenced in the sonar property set within the pom.
The downside is that I no longer have the SonarQube link from the project's Jenkins page.
I'm not sure where the responsibility might be for adding this link back for projects using maven-sonar-plugin... The link is "owned" by the Jenkins SonarQube Plugin, but this is not being used here. Meanwhile the maven-sonar-plugin component is integrating with maven not Jenkins.
Something would need to observe the build and extract the SonarQube link which is emitted as a [INFO] ANALYSIS SUCCESSFUL, you can browse http://... line in the log.

Resources