3

Recently our SonarQube server was upgraded and gave us the opportunity to integrate it with GitLab, based on the configuration mentioned here:

https://docs.sonarqube.org/latest/analysis/gitlab-cicd/

Now the problem we are experiencing is that the external sonar job fails the pipeline in case the quality gate is not reached.

While this is the correct and expected behavior, I was wondering whether there is any kind of configuration that will not make the entire pipeline fail, even if the the quality gate is not reached.

My concern is that we have develop against many projects some of which are quite old (legacy code) and might not always reach the quality gate defined for them. I know that what I am asking is not optimal -- i.e the quality gate should always be reached -- but given the current circumstances at my workplace there is no other alternative.

For reference my sonar CI job is the following:

sonar:
  stage: analysis
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    GIT_DEPTH: "0"
  script: ./gradlew sonarqube -Dsonar.qualitygate.wait=true -Dsonar.projectKey=${CI_PROJECT_ID} ${ADDITIONAL_SONAR_OPTIONS}
  allow_failure: true
  rules:
    - if: $CI_COMMIT_BRANCH == "master"
    - if: $CI_COMMIT_BRANCH =~ /^support\/\d+[.]\d+$/ || $CI_COMMIT_BRANCH =~ /^support\/\d+$/
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "api"
      when: never

The job is set allow_failure: true but in turn the external job always fails. I read up on the documentation that setting this to false should have made the pipeline not fail but it seems that is not the case.

Is there any way to make this happen? My SonarQube version is 8.1.0

akortex
  • 5,067
  • 2
  • 25
  • 57

2 Answers2

1

You can achieve this using custom script to get the QualityGate status using sonar web api and set the job to be failed and success.

When you run the ./gradlew sonarqube -Dsonar.projectKey=${CI_PROJECT_ID} ${ADDITIONAL_SONAR_OPTIONS} (remove -Dsonar.qualitygate.wait=true), report-task.txt will be created in the workspace folder.

Note: The location of the file report-task.txt depends on the tool that was used to generate it (in your case it is gradle). For eg. like The "mvn sonar:sonar" task defaults to "target/sonar". This location is controlled by the "sonar.scanner.metadataFilePath" property

You will get the ceTaskUrl and ceTaskId in report-task.txt. Now, you can use that ceTaskUrl to get the analysisId.

You can use the below web api to get the quality gate status using analysisId.

https://localhost:9000/sonarqube/api/qualitygates/project_status?analysisId=$ANALYSIS_ID"

Sourav
  • 3,025
  • 2
  • 13
  • 29
0

With allow_failure: true the job should still fail (orange !-symbol) but the pipeline should not fail.

You can set the allowed exit codes with

  allow_failure:
    exit_codes:
      - 101
      - 110

In this case, the pipeline only fails when the script exits with any other return code than 101 or 110. You can list the exit code returned by the script when the quality gate is not reached.

Datz
  • 3,156
  • 3
  • 22
  • 50