search

rht-labs / labs-ci-cd

👻UNMAINTAINED - A collection of Red Hat Open Innovation Labs CI/CD components
Apache License 2.0
101 stars 70 forks source link

Added sonarqube webhook config #70

Closed InfoSec812 closed 6 years ago

InfoSec812 commented 6 years ago

Resolves #69

sherl0cks commented 6 years ago

@InfoSec812 at the moment, there isn't a way to test that this integration works. is it possible to update the existing pipeline or a create a new one that scans with sonar? This way we can test that the deploy completes, which will indirectly test that the sonar scan integration worked

InfoSec812 commented 6 years ago

Yes, all that you have to do is add a small snippet to the Jenkinsfile for the pipeline:

            stage('Perform Quality Analysis') {
                withSonarQubeEnv {
                    sh "mvn -Dmaven.repo.local=/tmp/cache/repository sonar:sonar -Dsonar.analysis.scmRevision=${env.CHANGE_ID} -Dsonar.analysis.buildNumber=${env.BUILD_NUMBER}"
                }
            }
sherl0cks commented 6 years ago

@InfoSec812 when I run this in the CI, I see that the script fails in to run in Jenkins.

WARNING: Failed to execute /var/lib/jenkins/init.groovy.d/configure-sonarqube.groovy
--
  | java.io.FileNotFoundException: http://sonarqube:9000/api/user_tokens/generate
  | at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1890)
  | at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
  | at sun.net.www.protocol.http.HttpURLConnection$getInputStream$2.call(Unknown Source)
  | at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
  | at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
  | at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
  | at configure-sonarqube.run(configure-sonarqube.groovy:77)
  | at groovy.lang.GroovyShell.evaluate(GroovyShell.java:585)
  | at jenkins.util.groovy.GroovyHookScript.execute(GroovyHookScript.java:136)
  | at jenkins.util.groovy.GroovyHookScript.execute(GroovyHookScript.java:127)
  | at jenkins.util.groovy.GroovyHookScript.run(GroovyHookScript.java:110)
  | at hudson.init.impl.GroovyInitScript.init(GroovyInitScript.java:41)
  | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  | at java.lang.reflect.Method.invoke(Method.java:498)
  | at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
  | at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
  | at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282)
  | at jenkins.model.Jenkins$7.runTask(Jenkins.java:1090)
  | at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210)
  | at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
  | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  | at java.lang.Thread.run(Thread.java:748)

Running the Jenkinsfile snippet you provided also fails with the below error, which I think is caused by the first error.

hudson.remoting.ProxyException: hudson.AbortException: No SonarQube installation assigned for this job. There are 0 available installations that can be configured.
If you want to reassign a lot of jobs to a different SonarQube installation see http://docs.sonarqube.org/display/PLUG/Reassign+Jobs+to+Another+SonarQube+Instance
springdo commented 6 years ago

@InfoSec812 & @sherl0cks - in an attempt to be the mergé police; is this still valid or is there work to be done on it? If not; can we close it out?

sherl0cks commented 6 years ago

Closing. Feel free to reopen with new changes