search

cloud-native-toolkit / planning

The is the planning repo to manage the cross project Epics and Issues. Tasks and Bugs
3 stars 1 forks source link

Sonar scan task should be able to wait and check results #610

Open csantanapr opened 3 years ago

csantanapr commented 3 years ago

Is your feature request related to a problem? Please describe. Currently, in the default Pipeline the test task does a sonar scan, but the task is missing the ability to failed the pipeline if the scan results cause errors in the project.

Which persona(s) does this feature benefit (e.g. developer, SRE, etc)? Maureen the Developer

What is the impact of not having this feature? What will be the benefit of having this feature? It would be of great help not to do the check manually on every pipeline run

Describe the solution you'd like The task could be split into a separate task just for sonar things, and provide a parameter to optionally check for results or not.

Additional context This came up as feedback from Grzegorz Smolko while showing the toolkit to client, wanted to demonstrate how the pipeline can catch problems.

Here is a POC of the code that checks

image: $(params.js-image)
      name: sonar-check
      resources: {}
      script: |
        APP_NAME=$(params.app-name)
        if [ -n "${SONARQUBE_URL}" ]; then
          response=$(curl --head --write-out %{http_code} --silent --output /dev/null -u ${SONARQUBE_USER}:${SONARQUBE_PASSWORD} ${SONARQUBE_URL}/api/qualitygates/project_status?projectKey=${APP_NAME})
          echo "Response: $response"
          while [ $response -eq '404' ]; do
            sleep 10
            echo "Trying again to see if scan is done"
            response=$(curl --head --write-out %{http_code} --silent --output /dev/null -u ${SONARQUBE_USER}:${SONARQUBE_PASSWORD} ${SONARQUBE_URL}/api/qualitygates/project_status?projectKey=${APP_NAME})
          done
          response=$(curl --silent -u ${SONARQUBE_USER}:${SONARQUBE_PASSWORD} ${SONARQUBE_URL}/api/qualitygates/project_status?projectKey=${APP_NAME})
          if echo $response | grep -q "\"projectStatus\":{\"status\":\"ERROR\""; then
            echo "====== Gate value failed: $response"
            exit 1;
          else  
            echo "====== Gate value passed! ======"
          fi
        else
            echo "Skipping Sonar Qube step"
        fi
      workingDir: $(params.source-dir)
gasgithub commented 3 years ago

There are new parameters for the scanner to wait for analysis results. So you can call scanner with the following settings:

So your call could look like this (it could be additionally enhance to make it as a task param whether to wait or not):

        # if you want to pause for gate check add the following properties:
        #     -Dsonar.qualitygate.wait=true -Dsonar.qualitygate.timeout=300

        sonar-scanner \
          -Dsonar.login=${SONARQUBE_TOKEN} \
          -Dsonar.host.url=${SONARQUBE_URL} \
          -Dsonar.projectKey=${APP_NAME} \
          -Dsonar.qualitygate.wait=true \
          -Dsonar.qualitygate.timeout=300 \
          -Dsonar.java.binaries=${SONARQUBE_JAVA_BINARIES_PATH}

If it fails it prints the following in the log and fails the step:

INFO: ------------- Check Quality Gate status
INFO: Waiting for the analysis report to be processed (max 300s)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:28.362s
INFO: Final Memory: 19M/201M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: QUALITY GATE STATUS: FAILED - View details on https://sonarqube-sonarqube.containers.appdomain.cloud/dashboard?id=trader
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.

Otherwise it prints success message and step completes fine:

INFO: ------------- Check Quality Gate status
INFO: Waiting for the analysis report to be processed (max 300s)
INFO: QUALITY GATE STATUS: PASSED - View details on https://sonarqube-sonarqube.devops-dev1-a01ee4194ed985a1e32b1d96fd4ae346-0000.us-east.containers.appdomain.cloud/dashboard?id=trader
INFO: Analysis total time: 44.433 s
gasgithub commented 3 years ago

The task could be enhanced with params:

    - default: 'false'
      name: gate-wait
    - default: '300'
      name: gate-wait-timeout

And then used in the call:

          sonar-scanner \
          -Dsonar.login=${SONARQUBE_TOKEN} \
          -Dsonar.host.url=${SONARQUBE_URL} \
          -Dsonar.projectKey=${APP_NAME} \
          -Dsonar.qualitygate.wait=$(params.gate-wait) \
          -Dsonar.qualitygate.timeout=$(params.gate-wait-timeout) \
          -Dsonar.java.binaries=${SONARQUBE_JAVA_BINARIES_PATH}

Also I'd suggest to use token -Dsonar.login=${SONARQUBE_TOKEN} as login mechanism instead of user/pass