Closed InfoSec812 closed 6 years ago
@InfoSec812 at the moment, there isn't a way to test that this integration works. is it possible to update the existing pipeline or a create a new one that scans with sonar? This way we can test that the deploy completes, which will indirectly test that the sonar scan integration worked
Yes, all that you have to do is add a small snippet to the Jenkinsfile for the pipeline:
stage('Perform Quality Analysis') {
withSonarQubeEnv {
sh "mvn -Dmaven.repo.local=/tmp/cache/repository sonar:sonar -Dsonar.analysis.scmRevision=${env.CHANGE_ID} -Dsonar.analysis.buildNumber=${env.BUILD_NUMBER}"
}
}
@InfoSec812 when I run this in the CI, I see that the script fails in to run in Jenkins.
WARNING: Failed to execute /var/lib/jenkins/init.groovy.d/configure-sonarqube.groovy
--
| java.io.FileNotFoundException: http://sonarqube:9000/api/user_tokens/generate
| at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1890)
| at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
| at sun.net.www.protocol.http.HttpURLConnection$getInputStream$2.call(Unknown Source)
| at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
| at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
| at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
| at configure-sonarqube.run(configure-sonarqube.groovy:77)
| at groovy.lang.GroovyShell.evaluate(GroovyShell.java:585)
| at jenkins.util.groovy.GroovyHookScript.execute(GroovyHookScript.java:136)
| at jenkins.util.groovy.GroovyHookScript.execute(GroovyHookScript.java:127)
| at jenkins.util.groovy.GroovyHookScript.run(GroovyHookScript.java:110)
| at hudson.init.impl.GroovyInitScript.init(GroovyInitScript.java:41)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
| at java.lang.reflect.Method.invoke(Method.java:498)
| at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
| at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
| at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282)
| at jenkins.model.Jenkins$7.runTask(Jenkins.java:1090)
| at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210)
| at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
| at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
| at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
| at java.lang.Thread.run(Thread.java:748)
Running the Jenkinsfile snippet you provided also fails with the below error, which I think is caused by the first error.
hudson.remoting.ProxyException: hudson.AbortException: No SonarQube installation assigned for this job. There are 0 available installations that can be configured.
If you want to reassign a lot of jobs to a different SonarQube installation see http://docs.sonarqube.org/display/PLUG/Reassign+Jobs+to+Another+SonarQube+Instance
@InfoSec812 & @sherl0cks - in an attempt to be the mergé police; is this still valid or is there work to be done on it? If not; can we close it out?
Closing. Feel free to reopen with new changes
Resolves #69