SonarQube post installation mandatory step - q-uest/notes-doc-k8s-docker-jenkins-all-else GitHub Wiki

To start with a simple example, the application job runs only Sonarqube quality check of the Java application. Gradle is used as a package manager here.

GitRepo Code: https://github.com/q-uest/CICD_Java_gradle_application.git

pipeline{
       agent any
        environment{
        VERSION = "${env.BUILD_ID}"
    }
    stages{
        stage("sonar quality check"){
            steps{
                script{
                    withSonarQubeEnv(credentialsId: 'ram-sq') {
                            sh 'chmod +x gradlew'
                            sh './gradlew sonarqube'
                    }

                    
                      def qg = waitForQualityGate()
                      if (qg.status != 'OK') {
                           error "Pipeline aborted due to quality gate failure: ${qg.status}"
                      }
                    

                }  
            }
        }
       }
}

The important configurations to be done on the kubernetes cluster @ Jenkins Master were:

1. Downloading the required Sonarqube plugins

2. Create Webhook on Sonarqube server which is required for SonarQube to pass on the SonarQube anlysis to the Jenkins job when it is complete. Need to provide Jenkins Endpoint+ "/sonarqube-webhook" like, "http://:<SERVICE-PORT#>/sonarqube-webhook/" [ e.g.: http://10.102.124.212:8080/sonarqube-webhook/ ] with or without a secret.

Note: Any name the other than "sonarqube-webhook" did not work (tried with one named "jenkins-webhook"), hence stick to the same name.

3. Configure Sonarqube server details @ "System Configuration" of Jenkins Master. The information to be provided are,

   • Server URL: http://10.99.206.207:9000 (Sonarqube's service IP & Port).
   • Server Authentication Token.
   • Webhook Secret, if any is setup (in the "Advanced" section of "sonarqube server"), if provided while configured it on Sonarqube.

• The output of the Jenkins job:

Started by user Jenkins Admin
Obtained Jenkinsfile from git https://github.com/q-uest/CICD_Java_gradle_application.git
[Pipeline] Start of Pipeline
[Pipeline] node
Still waiting to schedule task
Waiting for next available executor
Agent default-18kdd is provisioned from template default
---
apiVersion: "v1"
kind: "Pod"
metadata:
  labels:
    jenkins/jenkins-jenkins-agent: "true"
    jenkins/label-digest: "500b4f18aee87616849e4f4c2435020898e34aa0"
    jenkins/label: "jenkins-jenkins-agent"
  name: "default-18kdd"
spec:
  containers:
  - args:
    - "********"
    - "default-18kdd"
    env:
    - name: "JENKINS_SECRET"
      value: "********"
    - name: "JENKINS_TUNNEL"
      value: "jenkins-agent.jenkins.svc.cluster.local:50000"
    - name: "JENKINS_AGENT_NAME"
      value: "default-18kdd"
    - name: "JENKINS_NAME"
      value: "default-18kdd"
    - name: "JENKINS_AGENT_WORKDIR"
      value: "/home/jenkins/agent"
    - name: "JENKINS_URL"
      value: "http://jenkins.jenkins.svc.cluster.local:8080/"
    image: "jenkins/inbound-agent:4.11.2-4"
    imagePullPolicy: "IfNotPresent"
    name: "jnlp"
    resources:
      limits:
        memory: "2000Mi"
        cpu: "512m"
      requests:
        memory: "2000Mi"
        cpu: "512m"
    tty: false
    volumeMounts:
    - mountPath: "/home/jenkins/agent"
      name: "workspace-volume"
      readOnly: false
    workingDir: "/home/jenkins/agent"
  nodeSelector:
    kubernetes.io/os: "linux"
  restartPolicy: "Never"
  serviceAccountName: "default"
  volumes:
  - emptyDir:
      medium: ""
    name: "workspace-volume"

Running on default-18kdd in /home/jenkins/agent/workspace/apptest-pipeline
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
Selected Git installation does not exist. Using Default
The recommended git tool is: NONE
No credentials specified
Cloning the remote Git repository
Cloning repository https://github.com/q-uest/CICD_Java_gradle_application.git
 > git init /home/jenkins/agent/workspace/apptest-pipeline # timeout=10
Fetching upstream changes from https://github.com/q-uest/CICD_Java_gradle_application.git
 > git --version # timeout=10
 > git --version # 'git version 2.30.2'
 > git fetch --tags --force --progress -- https://github.com/q-uest/CICD_Java_gradle_application.git +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
Checking out Revision cb45a950d2cae067cf3d06aa1c656cb7129b099b (refs/remotes/origin/main)
 > git config remote.origin.url https://github.com/q-uest/CICD_Java_gradle_application.git # timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
 > git config core.sparsecheckout # timeout=10
 > git checkout -f cb45a950d2cae067cf3d06aa1c656cb7129b099b # timeout=10
Commit message: "Merge branch 'main' of https://github.com/q-uest/CICD_Java_gradle_application into main"
 > git rev-list --no-walk cb45a950d2cae067cf3d06aa1c656cb7129b099b # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (sonar quality check)
[Pipeline] script
[Pipeline] {
[Pipeline] withSonarQubeEnv
Injecting SonarQube environment variables using the configuration: sonarqube
[Pipeline] {
[Pipeline] sh
+ chmod +x gradlew
[Pipeline] sh
+ ./gradlew sonarqube
Downloading https://services.gradle.org/distributions/gradle-7.1.1-bin.zip
..........10%...........20%...........30%..........40%...........50%...........60%..........70%...........80%...........90%...........100%
Welcome to Gradle 7.1.1!

Here are the highlights of this release:
 - Faster incremental Java compilation
 - Easier source set configuration in the Kotlin DSL

For more details see https://docs.gradle.org/7.1.1/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)
> Task :compileJava
> Task :processResources
> Task :classes
> Task :compileTestJava
> Task :sonarqube
Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.1.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 6m 16s
4 actionable tasks: 4 executed
[Pipeline] }
[Pipeline] // withSonarQubeEnv
[Pipeline] waitForQualityGate
Checking status of SonarQube task 'AX9kjcmFnyf8x9NKq8I5' on server 'sonarqube'
SonarQube task 'AX9kjcmFnyf8x9NKq8I5' status is 'IN_PROGRESS'
SonarQube task 'AX9kjcmFnyf8x9NKq8I5' status is 'SUCCESS'
SonarQube task 'AX9kjcmFnyf8x9NKq8I5' completed. Quality gate is 'OK'
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

Note:

It was looking for the webhook at SonarQube end in the beginning. But, the subsequent builds triggered on a Slave node worked without any webhooks only ! Even after deleting the webhook, the build continued working. Not sure, why and how though.

====

Set a specific Quality Gate to a project

https://dx.appirio.com/quality-sonarqube/sonarqube-quality-gates/

Changing the Quality Gate for a Project You can choose which quality gate to use for your project if you do not want to use the default gate.

Open your project in SonarQube.

Go to the Administration > Quality Gate menu for project

Choose the quality gate you want to use for that project