Open csantanapr opened 3 years ago
There are new parameters for the scanner to wait for analysis results. So you can call scanner with the following settings:
-Dsonar.qualitygate.wait=true
- which tells scanner to wait for analysis result-Dsonar.qualitygate.timeout
- which defines timeout for analysis to completeSo your call could look like this (it could be additionally enhance to make it as a task param whether to wait or not):
# if you want to pause for gate check add the following properties:
# -Dsonar.qualitygate.wait=true -Dsonar.qualitygate.timeout=300
sonar-scanner \
-Dsonar.login=${SONARQUBE_TOKEN} \
-Dsonar.host.url=${SONARQUBE_URL} \
-Dsonar.projectKey=${APP_NAME} \
-Dsonar.qualitygate.wait=true \
-Dsonar.qualitygate.timeout=300 \
-Dsonar.java.binaries=${SONARQUBE_JAVA_BINARIES_PATH}
If it fails it prints the following in the log and fails the step:
INFO: ------------- Check Quality Gate status
INFO: Waiting for the analysis report to be processed (max 300s)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1:28.362s
INFO: Final Memory: 19M/201M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: QUALITY GATE STATUS: FAILED - View details on https://sonarqube-sonarqube.containers.appdomain.cloud/dashboard?id=trader
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
Otherwise it prints success message and step completes fine:
INFO: ------------- Check Quality Gate status
INFO: Waiting for the analysis report to be processed (max 300s)
INFO: QUALITY GATE STATUS: PASSED - View details on https://sonarqube-sonarqube.devops-dev1-a01ee4194ed985a1e32b1d96fd4ae346-0000.us-east.containers.appdomain.cloud/dashboard?id=trader
INFO: Analysis total time: 44.433 s
The task could be enhanced with params:
- default: 'false'
name: gate-wait
- default: '300'
name: gate-wait-timeout
And then used in the call:
sonar-scanner \
-Dsonar.login=${SONARQUBE_TOKEN} \
-Dsonar.host.url=${SONARQUBE_URL} \
-Dsonar.projectKey=${APP_NAME} \
-Dsonar.qualitygate.wait=$(params.gate-wait) \
-Dsonar.qualitygate.timeout=$(params.gate-wait-timeout) \
-Dsonar.java.binaries=${SONARQUBE_JAVA_BINARIES_PATH}
Also I'd suggest to use token -Dsonar.login=${SONARQUBE_TOKEN}
as login mechanism instead of user/pass
Is your feature request related to a problem? Please describe. Currently, in the default Pipeline the test task does a sonar scan, but the task is missing the ability to failed the pipeline if the scan results cause errors in the project.
Which persona(s) does this feature benefit (e.g. developer, SRE, etc)? Maureen the Developer
What is the impact of not having this feature? What will be the benefit of having this feature? It would be of great help not to do the check manually on every pipeline run
Describe the solution you'd like The task could be split into a separate task just for sonar things, and provide a parameter to optionally check for results or not.
Additional context This came up as feedback from Grzegorz Smolko while showing the toolkit to client, wanted to demonstrate how the pipeline can catch problems.
Here is a POC of the code that checks