Analysing manually added project with specified quality gate

Question

I am interested in analysising my Jenkins builds via SonarQube. Initially, I have used the following code

stage('SonarCloud') {
      steps {
        withSonarQubeEnv('SonarQube') {

            sh 'mvn clean package sonar:sonar '

        }
      }
    }

However, I have asked here about how can I specify the quality gate that server uses for my analysis. From the answer provided, I have modified my code to look like this

stage('SonarCloud') {
      steps {
        withSonarQubeEnv('SonarQube') {
            
          script{
            def projectName = "Some-Exp"

            // Creating a fresh project and placing it on the server - Works fine
            sh "curl -u ${env.SONAR_AUTH_TOKEN} '${env.SONAR_HOST_URL}/api/projects/create' -d 'name=${projectName}&project=${projectName}&branch=${env.BRANCH_NAME}'"

            // Specifying Quality Gate that to be used when performing our analysis - Does not quite work
            sh "curl -u ${env.SONAR_AUTH_TOKEN} '${env.SONAR_HOST_URL}/api/qualitygates/select' -d 'gateId=2&projectKey=${projectName}'"

            // Analysing our project - Creates the entirely new project, much like the initial code did
            sh "mvn sonar:sonar -Dsonar.host.url=${env.SONAR_HOST_URL}"
          }
        }
      }
    }

The code creates and places a project on SonarQube server, but the said project still has a default quality gate, and it contains no analysis (in fact, current code creates an identical output to the one created by sh 'mvn clean package sonar:sonar ' line that I have used initially). There are no errors or anything. The problem is that the code does not do what I would like it to do.

This post mentioned that I need to add my project to profile group, before analysing it (which makes a lot sense). Tried to add sh "curl -u ${env.SONAR_AUTH_TOKEN} '${env.SONAR_HOST_URL}/api/qualityprofiles/add_project'" with some parameters but it didn't help that much.

I wonder what am I missing. I think the final line needs to be parametrised but I could not find anything that would make it work.

Sourav · Accepted Answer · 2020-10-24T05:14:11.723

1

I have created a sample Maven project and run sonar analysis from Jenkins. Also, I have used the Web API to assign the QualityGate.

You can use the below Jenkinsfile as an example, to do sonar analysis.

Jenkinsfile

pipeline {
   agent any
tools {
                maven 'MAVEN_HOME1'
                }

   stages {
      stage('Git') {
         steps {
            git credentialsId: 'gitlab-test', url: 'https://example.com/gitlab/repo1/simple-java-maven-app.git'
         }
      }
      
      stage('Maven Install') {
          steps {
                          sh "mvn install"
                         }
      }
      
      stage('Create Sonar Proejct') {
          steps {
                sh 'curl -X POST -u "admin:admin" "https://example.com/sonarqube/api/projects/create?name=stackoverflow&project=stackoverflow"'
            }
      }
      
      stage('Set Quality Gate') {
          steps {
              sh 'curl -u "admin:admin" -X POST "https://example.com/sonarqube/api/qualitygates/select?projectKey=stackoverflow&gateId=10100"'
          }
      }
      
      stage('Sonarqube Analysis') {
          steps {
              sh """mvn -U install sonar:sonar -Dsonar.host.url=https://example.com/sonarqube/ -Dsonar.login=7yha3f47967iuednd8cd -Dsonar.projectKey=stackoverflow -Dsonar.projectName=stackoverflow -Dsonar.sources=. -Dsonar.java.binaries=**/* -Dsonar.language=java -Dsonar.exclusions=src/test/java/com/mycompany/app/AppTest.java"""
          }
      }
   }
}

Please find below the SonarQube Analysis Result and other screenshots, for your reference.

Screenshots:

Jenkins Console Output:

List of Available QualityGate:

Note: In the above image, "id":10040,"name":"SonarQube way" is the default QualityGate. I have used "id":10100,"name":"SASSonarQube way" for setting Quality Gate to analyze the project stackoverflow using Web API. All are marked in yellow

SonarQube Analysis

In above image, you can see the Quality Gate SASSonarQube way has been used to do sonar analysis. Marked in yellow

edited Oct 24 '20 at 05:14

answered Oct 24 '20 at 05:03

Sourav

3,025
2
13
29

Hey! The code seems to perform analysis now, but the quality gate is still set as default. My quality gate is as follows: ```{"id":9,"name":"QGate","isDefault":false,"isBuiltIn":false,"actions":{"rename":false,"setAsDefault":false,"copy":false,"associateProjects":false,"delete":false,"manageConditions":false}}``` (in case the set up is an issue). Also, I noticed that coverage is always 0% whenever I do the analysis (even thou when running tests in maven, it is 85%). Currently looking into it, but though I mention it in case it has an impact. – Joe Oct 26 '20 at 10:39
When analysing the project, you created the project first, then used api to assign the quality gate and then doing the analysis. So, in the last step i.e. while doing the analysis, give the project key so that analysis will be happened on the project created by you. like this **sh "mvn sonar:sonar -Dsonar.host.url=${env.SONAR_HOST_URL} -Dsonar.projectKey=${projectName}"** – Sourav Oct 26 '20 at 10:48
I do have my project key specified the same way you have suggested. Here is my analysis line: ```"mvn sonar:sonar -Dsonar.host.url=${env.SONAR_HOST_URL} -Dsonar.login=${env.SONAR_AUTH_TOKEN} -Dsonar.projectKey=${projectName} -Dsonar.projectName=${projectName} -Dsonar.sources=. -Dsonar.java.binaries=**/* -Dsonar.language=java -Dsonar.exclusions=src/test/java/**"``` – Joe Oct 26 '20 at 11:00
I'll try and fix coverage 0% issue ASAP and see if it has an impact. I'll come back with an update after I do – Joe Oct 26 '20 at 11:01
Fixed '0% coverage' problem. Unfortunately, it had nothing to do with the remaining problem that is quality gate selection. – Joe Oct 26 '20 at 12:00
I noted that my projects are not in the quality profiles that are attached to a quality gate I want to use. Can this be a problem? – Joe Oct 26 '20 at 13:39
How can one add a project to a specific Quality Profile via API? – Joe Oct 26 '20 at 13:50
Which user you are using for analysis??? The user must have **Administer Quality Gate** permission. Check the user permission. Also, hit the quality gate web api once through browser or terminal to check whether it’s working fine or not – Sourav Oct 26 '20 at 13:56
On the closer inspection, I indeed was using std user (which explained why nothing worked). I am happy to accept this answer now. Thanks a lot for your help once again! Quick question: there really is no way for std user to work around this issue, is there? – Joe Oct 26 '20 at 14:09
Glad it helped you. :) And yes, Without proper permission, I don't think so. – Sourav Oct 26 '20 at 14:38

Analysing manually added project with specified quality gate

1 Answers1