How to integrate sonarqube with git repository

[saikat....@gmail.com]

Hi,

We have some CI process in place where developers push their code from different branches to git repository and then we manually merge them into another branch which in turn triggers one automated build process thru jenkin. Now while pushing code to git repository we want sonar scan to be automatically triggerred  to generate dashboard. Please let me know if this is possible or it can only be done in jenkin during build process. We want this process for typescript , CSS, .net api etc.

Thanks & regards,

Saikat Muhuri 

[msz...@wikia-inc.com]

Sounds like https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Jenkins should cover your use case

[saikat....@gmail.com]

Hi,

Thanks for below note. We know how to integrate sonar scanner with jenkins, but we want to perform sonar scan at earlier stage i.e while pushing code to git repository. Please advise if we can integrate sonar scanner with git repository(not git hub).

Thanks,

Saikat

[msz...@wikia-inc.com]

As far as I know, there is no way to make SonarQube directly listen to Git repository events. A workaround is to configure a CI job that would run the analysis.

[saikat....@gmail.com]

In that case can we setup any dependency in jenkin so that build would only run if quality gate is passed in sonar. if yes please let me know the procedure.

Thanks,

Saikat

[nicolas...@sonarsource.com]

Hi Saikat,

You should see it the other way around: the very first thing to check is whether your code compiles or not. If the build fails then it's the first thing to resolve before even checking the quality of the codebase with SonarQube. And if the build passes then at this point (in your CI config) you can let the SonarQube analysis kick-in (a code that compiles really is a prerequisite to any sort of code analysis).

Best regards,

Nicolas

[saikat....@gmail.com]

Hi Nicolas,

My main purpose of asking for this dependency is to restrict developer to publish non-standard code even though build is successful. If we run sonar scan separately just before/after build in jenkins , developer may ignore sonar report (even though quality gate is failed) and go ahead with build which may cause non standard code to be published. But if we can create any such dependency with sonar scan for build process then developer has to make sure that quality gate is passed  and can ensure standard code to be published. 

Thanks,

Saikat

[msz...@wikia-inc.com]

If you are using a Jenkins pipeline, you can add Sonar Quality Gate build as an intermediate stage to fail the build and abort the pipeline if the quality gate does not pass. See: https://blog.sonarsource.com/breaking-the-sonarqube-analysis-with-jenkins-pipelines/

[saikat....@gmail.com]

Is it possible in freestyle project?

[saikat....@gmail.com]

I am now trying to create such dependency in jenkins pipeline , however have got below questions since we are using pipeline for 1st time , we normally use freestyle items. Please advise:-

1. Do we need normal pipeline / multibranch pipeline?

2. I have written https://localhost:2020/sonarqube-webhook/ in sonar server webhook URL, please let me know if this syntax is correct?

3. If its simple pipeline I am trying to create a pipeline item wherein I am trying to write pipeline script but its not allowing me to write anything on pipeline segment of that item. Please advise.

4. We are using GIT repository not GIT hub so can this dependency be built ?

5. Should we write quality gate check on pipeline script?

6. Where can we include sonar server details along with property file in pipeline structure?

Thanks,

Saikat

[saikat....@gmail.com]

Hi,

Please provide update on below.

Thanks & regards,

Saikat Muhuri