Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

HTML
<div class="table-wrap"><table style="line-height: 1.4285715;" class="confluenceTable"><tbody><tr><td class="highlight-grey confluenceTd" data-highlight-colour="grey">By <a target="_top" href="httphttps://www.sonarsource.com">SonarSource</a> &#8211; GNU LGPL 3 &#8211;
<a target="_top" href="httphttps://jira.sonarsource.com/browse/SONARJNKNS">Issue Tracker</a> &#8211;
<a target="_top" href="https://github.com/SonarSource/sonar-scanner-jenkins">Sources</a>
<br>
<div>
    <div style="padding-top:10px;padding-bottom:5px">
    <span style="font-size:larger;"><strong>SonarQube Scanner for Jenkins 2.5<9</strong></span>
    <br>
    </div> 
</div> 
</div> </td></tr></tbody></table></div>

...

Info
iconfalse
titleTable of Contents

Table of Contents
maxLevel23

Features

This plugin lets you centralize the configuration of SonarQube server connection details in Jenkins global configuration.

...

  • SonarQube Scanner
  • SonarQube Scanner for Maven
  • SonarQube Scanner for Gradle
  • SonarScanner for MSBuild

Once the job is complete, the plugin will detect that a SonarQube analysis was made during the build and display a badge and a widget on the job page with a link to the SonarQube dashboard as well as quality gate status.

Status
colourGreen
titleSince 2.5
 : you can also use Jenkins Pipeline DSL (with SonarQube >= 5.2).

Compatibility

SonarQube Scanner for Jenkins

2.02.12.2.
1
x2.3
- 2.4.x2.52.62.7 - 2.9

Jenkins

1.344+1.491+1.580.1+1.
587
580.3+
1
2.
587
7.3+
1
2.
651
32.2+2.89.4+

Status
colourGreen
titleSince 2.5
 Analysis must run with a JRE8

...

  1. Configure the project, and scroll down to the Build section.
  2. Add both the SonarQube for MSBuild - Begin Analysis and SonarQube for MSBuild - End Analysis build steps to your build
  3.  Configure the SonarQube Project KeyName and Version in the SonarQube Scanner for MSBuild - Begin Analysis build step
  4. Use the MSBuild build step or the Execute Windows batch command to execute the build with MSBuild 14 (see compatibility) between the Begin Analysis and End Analysis steps.

 


Analyzing with SonarQube Scanner for Maven or Gradle

Global Configuration

  1. Log into Jenkins as an administrator and go to Manage Jenkins > Global Tool ConfigurationConfigure System
  2. Scroll to the SonarQube servers section and check Enable injection of SonarQube server configuration as build environment variables

...

  1. Configure the project, and scroll down to the Build Environment section.
  2. Enable Prepare SonarQube Scanner environment to allow the injection of SonarQube server values into this particular job. If multiple SonarQube instances are configured, you will be able to choose which one to use.

    Tip

    Press the help button to learn which variables you can use in your build. Some values may be blank, depending on what was defined for the server.

     

     

     





  3. Once the environment variables are available, use them in a standard Maven build step (Invoke top-level Maven targets) by setting the Goals to include, or a standard Gradle build step (Invoke Gradle script) by setting the Tasks to execute:

    Code Block
    languagebash
    titleMaven goal
    $SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL

 


  1. Code Block
    languagebash
    titleGradle task
    sonarqube -Dsonar.host.url=$SONAR_HOST_URL

    In both cases, launching your analysis may require authentication. In that case, make sure that the Global Configuration defines a valid SonarQube token, and add it to the Maven goal or Gradle task with the following argument and value: -Dsonar.login=$SONAR_AUTH_TOKEN


Note
The Post-build Action for Maven analysis is still available, but is deprecated.

...

Code Block
languagegroovy
titleSonarQube Scanner for Gradle
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv('My SonarQube Server') {
      // requires SonarQube Scanner for Gradle 2.1+
      // It's important to add --info because of SONARJNKNS-281
      sh './gradlew --info sonarqube'
    }
  }
}


Code Block
languagegroovy
titleSonarQube Scanner for Maven
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv('My SonarQube Server') {
      // requires SonarQube Scanner for Maven 3.2+
      sh 'mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar'
    }
  }
}

...

Code Block
languagegroovy
titleSonarQube Scanner for MSBuild
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('Build + SonarQube analysis') {
    // requires SonarQube Scanner for MSBuild 2.2+
    def sqScannerMsBuildHome = tool 'Scanner for MSBuild 2.2'
    withSonarQubeEnv('My SonarQube Server') {
      // Due to SONARMSBRU-307 value of sonar.host.url and credentials should be passed on command line
      bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe begin /k:myKey /n:myName /v:1.0 /d:sonar.host.url=%SONAR_HOST_URL% /d:sonar.login=%SONAR_AUTH_TOKEN%"
      bat 'MSBuild.exe /t:Rebuild'
      bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe end /d:sonar.login=%SONAR_AUTH_TOKEN%"
    }
  }
}

Pause pipeline until quality gate is computed

...

  • SonarQube server 6.2+ (need webhook feature)
  • Configure a webhook in your SonarQube server pointing to <your Jenkins instance>/sonarqube-webhook/ (info)(info) The trailing slash is mandatory with SonarQube 6.2 and 6.3!
  • Use withSonarQubeEnv step in your pipeline (so that SonarQube taskId is correctly attached to the pipeline context).

Example (scripted pipeline):

Code Block
languagegroovy
titleSonarQube Scanner for MSBuildWait for Quality Gate under Maven (scripted)
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv('My SonarQube Server') {
      sh 'mvn clean package sonar:sonar'
    } // SonarQube taskId is automatically attached to the pipeline context
  }
}
 
// No need to occupy a node
stage("Quality Gate"){
  timeout(time: 1, unit: 'HOURS') { // Just in case something goes wrong, pipeline will be killed after a timeout
    def qg = waitForQualityGate() // Reuse taskId previously collected by withSonarQubeEnv
    if (qg.status != 'OK') {
      error "Pipeline aborted due to quality gate failure: ${qg.status}"
    }
  }
}

Thanks to the webhook, the step is implemented in a very lightweight way: no need to occupy a node doing polling, and it doesn't prevent Jenkins to restart (step will be restored after restart). Note that to prevent race conditions, when the step starts (or is restarted) a direct call is made to the server to check if the task is already completed.

Example (declarative pipeline):

Code Block
languagegroovy
titleWait for Quality Gate under Maven (declarative)
pipeline {
    agent any
    stages {
        stage('SCM') {
            steps {
                git url: 'https://github.com/foo/bar.git'
            }
        }
        stage('build && SonarQube analysis') {
            steps {
                withSonarQubeEnv('My SonarQube Server') {
				    // Optionally use a Maven environment you've configured already
                    withMaven(maven:'Maven 3.5') {
                        sh 'mvn clean package sonar:sonar'
                    }
                }
            }
        }
        stage("Quality Gate") {
            steps {
                timeout(time: 1, unit: 'HOURS') {
					// Parameter indicates whether to set pipeline to UNSTABLE if Quality Gate fails
					// true = set pipeline to UNSTABLE, false = don't
					// Requires SonarQube Scanner for Jenkins 2.7+
                    waitForQualityGate abortPipeline: true
                }
            }
        }
    }
}
  • If you want to run multiple analysis in the same pipeline and use waitForQualityGate, it works starting from version 2.8, but you have to do everything in order:
Code Block
languagegroovy
titleMultiple analyses
pipeline {
    agent any
    stages {
        stage('SonarQube analysis 1') {
            steps {
                sh 'mvn clean package sonar:sonar'
            }
        }
        stage("Quality Gate 1") {
            steps {
                waitForQualityGate abortPipeline: true
            }
        }
        stage('SonarQube analysis 2') {
            steps {
                sh 'gradle sonarqube'
            }
        }
        stage("Quality Gate 2") {
            steps {
                waitForQualityGate abortPipeline: true
            }
        }
    }
}