Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

By SonarSource – GNU LGPL 3 – Issue TrackerSources
SonarQube Scanner for Jenkins 2.5

Table of Contents

Features

This plugin lets you centralize the configuration of SonarQube server connection details in Jenkins global configuration.

Then you can trigger SonarQube analysis from Jenkins using standard Jenkins Build Steps to trigger analysis with:

  • SonarQube Scanner
  • SonarQube Scanner for Maven
  • SonarQube Scanner for MSBuild

Once the job is complete, the plugin will detect that a SonarQube analysis was made during the build and display a badge and a widget on the job page with a link to the SonarQube dashboard as well as quality gate status.

SINCE 2.5 : you can also use Jenkins Pipeline DSL (with SonarQube >= 5.2).

Compatibility

SonarQube Scanner for Jenkins

2.12.2.12.32.42.5

Jenkins

1.491+1.580.1+1.587+1.587+1.651+

Prerequisites

  • SonarQube is already installed
  • At least the minimal version of Java supported by your SonarQube server is in use
  • The language plugins for each of the languages you wish to analyze are installed
  • You have read Analyzing Code Source
  • Jenkins is already installed
    • SINCE 2.5 : Jenkins must run with a JRE8

Installation

Install the SonarQube Scanner for Jenkins via the Jenkins Update Center.

Server-level Configuration

Adding SonarQube Server

You can define as many SonarQube servers as you wish. Then for each Jenkins job, you will be able to choose which server to use for the SonarQube analysis.

To add a SonarQube server, just follow the three steps below:

 

  1. Log into Jenkins as an administrator and go to Manage Jenkins > Configure System
  2. Scroll down to the SonarQube configuration section, click on "Add SonarQube", and add the values you're prompted for.
  3. For SonarQube servers at version 5.1 or lower, click on the "Advanced..." button and provide database credentials.

 

Adding SonarQube Scanner

This step is mandatory if you want to trigger any of your SonarQube analyses with the SonarQube Scanner

You can define as many SonarQube Scanner launchers as you wish. Then for each Jenkins job, you will be able to choose with which launcher to use to run the SonarQube analysis.

To add a SonarQube Scanner:

  1. Log into Jenkins as an administrator and go to Manage Jenkins > Configure System (Jenkins 1.x) or Manage Jenkins > Global Tool Configuration (Jenkins 2.x) :
  2. Scroll down to the SonarQube Scanner configuration section and click on Add SonarQube Scanner. It is based on the typical Jenkins tool auto-installation. You can either choose to point to an already installed version of SonarQube Scanner (uncheck 'Install automatically') or tell Jenkins to grab the installer from a remote location (check 'Install automatically'):

If you don't see a drop down list with all available SonarQube Scanner versions but instead see an empty text field then this is because Jenkins still hasn't downloaded the required update center file (default period is 1 day). You may force this refresh by clicking 'Check Now' button in Manage Plugins >> Advanced tab.

 

Adding SonarQube Scanner for MSBuild

Refer to Jenkins section of in the SonarQube Scanner for MSBuild documentation.

Job-level Configuration

Configuring a SonarQube Scanner using environment variables

 

If the ability to inject SonarQube configurations as variables in jobs is enabled in the Jenkins' global configuration, you will have ability to activate it in your job. If multiple SonarQube instances are configured, you will be able to choose which one to use.

Press the help button to learn which variables you can use in your build.

You may then use any of the SonarQube Scanners to perform the analysis, such as Maven, Gradle, Ant, etc. 

Analyzing

Analyzing with SonarQube Scanner for MSBuild

Refer to Jenkins section of in the SonarQube Scanner for MSBuild documentation.

Analyzing with the SonarQube Scanner

Go to the Build section, click on Add build step and choose SonarQube Scanner.

Configure the SonarQube analysis. You can either point to an existing sonar-project.properties file or set the analysis properties directly in the Analysis properties field:

Analyzing with SonarQube Scanner for Maven

Use the Build Environment option "Prepare SonarQube Scanner environment" (this option is only available if it has been enabled at the Global level by a Jenkins administrator) to inject SonarQube-related values as environment variables, such as:

  • SONAR_MAVEN_GOAL - defaults to sonar:sonar, but may vary depending on the sonar-maven-plugin specified for the selected SonarQube server
  • SONAR_HOST_URL

Use the help icon ((question)) to see the full list of available variables. Some values will be blank, depending on what was defined for the server.

Once the environment variables are available, use them in a standard Maven build step by setting the Goals to include

 

$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL

 

 

The Post-build Action for Maven analysis is still available, but is deprecated.

Triggering SonarQube analysis in a Jenkins pipeline

Since version 2.5 of the SonarQube Scanner for Jenkins, there is an official support of Jenkins pipeline. We provide a 'withSonarQubeEnv' block that allow to select the SonarQube server you want to interact with. Connection details you have configured in Jenkins global configuration will be automatically passed to the scanner.

Support of pipeline only works with SonarQube >= 5.2.

Here are a some examples for every scanner, assuming you run on Unix slaves and you have configured a server named 'My SonarQube Server' as well as required tools. If you run on Windows slaves, just replace 'sh' by 'bat'.

SonarQube Scanner
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    // requires SonarQube Scanner 2.8+
    def scannerHome = tool 'SonarQube Scanner 2.8';
    withSonarQubeEnv('My SonarQube Server') {
      sh "${scannerHome}/bin/sonar-scanner"
    }
  }
}
SonarQube Scanner for Gradle
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv('My SonarQube Server') {
      // requires SonarQube Scanner for Gradle 2.1+
      sh './gradlew sonarqube'
    }
  }
}
SonarQube Scanner for Maven
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv('My SonarQube Server') {
      // requires SonarQube Scanner for Maven 3.2+
      sh 'mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar'
    }
  }
}
SonarQube Scanner for MSBuild
node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('Build + SonarQube analysis') {
    // requires SonarQube Scanner for MSBuild 2.2+
    def sqScannerMsBuildHome = tool 'Scanner for MSBuild 2.2'
    withSonarQubeEnv('My SonarQube Server') {
      bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe begin /k:myKey /n:myName /v:1.0"
      bat 'MSBuild.exe /t:Rebuild'
      bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe end"
    }
  }
}

 

 

 

 

  • No labels