How to integrate SonarQube with GitLab CICD Pipeline | SonarQube Integration with GitLab CICD | Automate Code Scan using SonarQube In GitLab CICD

 Please find steps for integrating SonarQube with GitLab CICD

Pre-requisites:

• Make sure SonarQube is up and running
• Make sure Java Project is setup in GitLab

How to integrate SonarQube with GitLab CICD:

We will be following below steps:

• Create Token in SonarQube to authenticate with GitLab
• Add Sonar Token, SonarQube URL as Secrets in GitLab
• Create GitLab CICD yaml
• Add tasks for Maven build and Sonar Scan
• Verify scan report in SonarQube

Create Token in SonarQube to authenticate with GitLab

You need to login to SonarQube using your admin password and click on Admin on your top side.

Click on My Account, Security. 

Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.

Add Sonar Token and Sonar Host URLs as Secret in GitLab

Go to your GitLab Repo --> Click on Settings --> CICD --> Variables

Click new Repository Secret

Add another variable for storing Sonar token

Create GitLab CICD workflow yaml:

Go to GitLab repo where your Java project is, create a new file:.gitlab-ci.yml

The below file have three stages:

    - build

    - sonar

    - deploy

Create .gitlab-ci.yml CICD Pipeline:

stages:

  - build

  - sonar

  - deploy

build_war:

  stage: build

  image: maven:3.8.6-eclipse-temurin-11

  script:

    - echo "Building WAR file using Maven"

    - mvn clean install -f MyWebApp/pom.xml

    - echo "Listing target directory"

    - ls -la MyWebApp/target

  artifacts:

    paths:

      - MyWebApp/target/*.war

    expire_in: 1 hour

sonarqube_scan:

  stage: sonar

  image: maven:3.9.6-eclipse-temurin-17

  script:

    - |

      mvn sonar:sonar \

        -f MyWebApp/pom.xml \

        -Dsonar.projectKey=MyWebApp \

        -Dsonar.host.url="${SONAR_HOST_URL}" \

        -Dsonar.token="${SONAR_TOKEN}"

      

deploy_to_tomcat:

  stage: deploy

  image: curlimages/curl:latest

  dependencies:

    - build_war

  script:

    - echo "Deploying WAR file to Tomcat running on AWS EC2"

    - |

      curl -v -u ${TOMCAT_USER}:${TOMCAT_PASSWORD} \

      -T MyWebApp/target/MyWebApp.war \

      "http://${TOMCAT_HOST}/manager/text/deploy?path=/MyWebApp&update=true"

Commit the file.

As soon as you commit, build will run immediately in GitLab CICD. 

Now you can see the output of build in Actions tab.

Now login to SonarQube to see the Scan report