Friday, January 15, 2021

How to setup Quality gates in SonarQube | Add SonarQube quality gates to your Jenkins build pipeline

SonarQube is one of the popular static code analysis tools. SonarQube is open-source, Java based tool It also needs database as well - Database can be MySQL, Oracle or PostgreSQL.  We will use PostgreSQL as it is open source as well.  

SonarQube allows you to create quality gate to force the build to fail if some conditions are not met during code analysis.

Please see how to create quality gates in SonarQube:

What we will learn in this lab?

1. Learn how to setup a quality gate in SonarQube

2. How to force the build to fail in Jenkins when quality gate conditions are met?

Quality gates

In SonarQube a quality gate is a set of conditions that must be met in order for a project to be marked as passed.

Let us learn how to create quality gates in SonarQube and integrate with Jenkins during code scan.

Pre-requisites

Login to SonarQube, Click on Quality gate, enter some name

Once you create the quality gate. Click on Add condition. 


Select new bugs from the drop down and enter 1 as error


 Choose your Web App, by clicking on App. and select My WebApp

Setup a Default Gate

Configure webhooks in SonarQube

Click on Administration --> Configuration --> Webhooks

Enter Jenkins URL

Now to go Jenkins, create a pipeline job:

node {

    def mvnHome = tool 'Maven3'
    stage ("checkout")  {
     //enter your repo info
    }

     stage ('Build')  {
        sh "${mvnHome}/bin/mvn -f MyWebApp/pom.xml clean install"
   }
     stage ('Code Quality scan')  {
       withSonarQubeEnv('SonarQube') {
        sh "${mvnHome}/bin/mvn -f MyWebApp/pom.xml sonar:sonar"
        }
   }
   
     stage("Quality Gate") {
        timeout(time: 1, unit: 'HOURS') {
            waitForQualityGate abortPipeline: true
        }
  }       
}

Now you should see the Jenkins console output like this:



2 comments:

  1. Hi Bro I have tried similar things with my AWS ec2 instance (ubuntu server ) so I have installed SonarQube in ubuntu server and try to start I'm unable to run it , actually its run after sometime is not running .

    --> Wrapper Started as Daemon
    Launching a JVM...
    Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
    Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.

    2023.10.20 14:14:58 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube-6.7.6/temp
    2023.10.20 14:14:58 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001
    2023.10.20 14:14:58 INFO app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonarqube-6.7.6/elasticsearch]: /opt/sonarqube-6.7.6/elasticsearch/bin/elasticsearch -Epath.conf=/opt/sonarqube-6.7.6/temp/conf/es
    2023.10.20 14:14:58 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
    OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
    2023.10.20 14:14:58 INFO app[][o.e.p.PluginsService] no modules loaded
    2023.10.20 14:14:58 INFO app[][o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
    WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/opt/sonarqube-6.7.6/lib/common/netty-common-4.1.13.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
    WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
    WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future release
    2023.10.20 14:15:07 INFO app[][o.s.a.SchedulerImpl] Process[es] is up
    2023.10.20 14:15:07 INFO app[][o.s.a.p.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/opt/sonarqube-6.7.6]: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube-6.7.6/temp -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -cp ./lib/common/*:./lib/server/*:/opt/sonarqube-6.7.6/lib/jdbc/mysql/mysql-connector-java-5.1.42.jar org.sonar.server.app.WebServer /opt/sonarqube-6.7.6/temp/sq-process16948139480030879849properties
    WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/opt/sonarqube-6.7.6/lib/common/netty-common-4.1.13.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
    WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
    WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future release
    2023.10.20 14:15:12 INFO app[][o.s.a.SchedulerImpl] Process [web] is stopped
    2023.10.20 14:15:12 WARN app[][o.s.a.p.AbstractProcessMonitor] Process exited with exit value [es]: 143
    2023.10.20 14:15:12 INFO app[][o.s.a.SchedulerImpl] Process [es] is stopped
    2023.10.20 14:15:12 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
    <-- Wrapper Stopped
    --> Wrapper Started as Daemon
    Launching a JVM...
    Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org
    Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved.

    2023.10.20 14:21:09 INFO app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube-6.7.6/temp
    2023.10.20 14:21:10 INFO app[][o.s.a.es.EsSettings] Elasticsearch listening on /127.0.0.1:9001

    ReplyDelete
    Replies
    1. Step1: created an EC2 instance,
      step2: Installed Jenkins(working ), SonarQube and MySQL on ubuntu server,
      step3: IN AWS I have created a RDS db for storing report of SonarQube,
      step4: In ubuntu server I have created db and I edit the SonarQube cong file in sonar file ---> i have updated the RDS endpoint , user,paswd , sonar port and sonar path,
      and In wrapper file i have updated the Java path and save it
      step5: once all done I started the sonar with non root user and face this error please check and let me know bro

      Delete

Automate Azure App Service setup using Ansible and Azure DevOps pipeline | How to integrate Ansible with Azure DevOps | How to Create WebApp in Azure Cloud using Ansible

Ansible is an open-source, configuration management tool that automates cloud provisioning, configuration management, and application deploy...